Home     |     .Net Programming    |     cSharp Home    |     Sql Server Home    |     Javascript / Client Side Development     |     Ajax Programming

Ruby on Rails Development     |     Perl Programming     |     C Programming Language     |     C++ Programming     |     IT Jobs

Python Programming Language     |     Laptop Suggestions?    |     TCL Scripting     |     Fortran Programming     |     Scheme Programming Language


 
 
Cervo Technologies
The Right Source to Outsource

MS Dynamics CRM 3.0

C++ Programming

obfuscation


Hello,

Can anybody suggest a best code obfuscation tool based on their exeperience
? (e.g.: testing effort after obfuscation is 0)

thanks,
GK

GK wrote:
> Hello,

> Can anybody suggest a best code obfuscation tool based on their exeperience
> ? (e.g.: testing effort after obfuscation is 0)

My compiler obfuscates the c++ code quite well.

Regards,

Zeppe

On May 29, 8:45 am, "GK" <ganesh.kam@in.bosch.com> wrote:
[snip]

> ? (e.g.: testing effort after obfuscation is 0)

Maybe I've just had too little coffee today. But why
would you expect obfuscation to reduce your testing
effort?
Socks

"Zeppe" <zep_p@.remove.all.this.long.comment.yahoo.it> wrote in message

news:f3he3c$d6t$1@aioe.org...

> GK wrote:
>> Hello,

>> Can anybody suggest a best code obfuscation tool based on their
>> exeperience
>> ? (e.g.: testing effort after obfuscation is 0)

> My compiler obfuscates the c++ code quite well.

I'll bet you haven't looked at your executables with an editor lately if you
think that. If you leave it the way the compiler leaves it, you'll probably
be able to generate class and function diagrams from the human-readable text
in the code.

I have kinda the same question the OP has, BTW. I've heard that at least one
"standard practice" is to compress (therefor making the executables
non-human readable) the executables and expand them upon start up. Yes, one
could walk memory after the program is loaded and get function and class
information, but at least that takes some effort to do.

John

"Puppet_Sock" <puppet_s@hotmail.com> wrote in message

news:1180456852.911280.176320@o5g2000hsb.googlegroups.com...

> On May 29, 8:45 am, "GK" <ganesh.kam@in.bosch.com> wrote:
> [snip]
>> ? (e.g.: testing effort after obfuscation is 0)

> Maybe I've just had too little coffee today. But why
> would you expect obfuscation to reduce your testing
> effort?
> Socks

I think he's saying that he wants to obfuscate his code and then run the
same tests on it that he did prior to the obfuscation to ensure that the
obfuscation didn't mess anything up. (?)

John

Only if you leave debugging information in the executable.  Otherwise
optimised code is all but impossible to reverse engineer.

--
Ian Collins.

"Ian Collins" <ian-n@hotmail.com> wrote in message

news:5c4c19F2ssn56U50@mid.individual.net...

You could be right! Thank you, I'll investigate that (or someone will
follow-up post?). But if it's optimization that was your primary thought: I
don't use any optimization compiler settings (I don't need to, and who does
these days?).

So, the question is: are function names and class names not visible in
non-debug code? (That is a/the concern of mine).

(Aside: you're up way too late. Well at least, in the wrong place to up late
at!)

John

On May 30, 12:57 pm, "JohnQ" <johnqREMOVETHISprogram@yahoo.com>
wrote:

> You could be right! Thank you, I'll investigate that (or someone will
> follow-up post?). But if it's optimization that was your primary thought: I
> don't use any optimization compiler settings (I don't need to, and who does
> these days?).

Plenty of people. Most C++ compilers support a debug (non-optimised)
and release (optimised) mode. So you automatically get optimisation
turned on in release mode even if you aren't aware of it. Optimisation
can make a huge difference to runtime performance, even on todays
machines. Of course, even in release mode you may have some debug code
in there.

> So, the question is: are function names and class names not visible in
> non-debug code? (That is a/the concern of mine).

Generally they are not visible in non-debug, stripped code. Your OS
might differ in the stripping utilities provided. Eg Unix strip
generally does more than MS Windows.

Probably everyone who releases binaries.  The performance improvements
can be huge, especially if inlining isn't enabled without minimal
optimisation.

> So, the question is: are function names and class names not visible in
> non-debug code? (That is a/the concern of mine).

> (Aside: you're up way too late. Well at least, in the wrong place to up late
> at!)

It was 4:15 in the afternoon!

--
Ian Collins.

there are reasonable motivations to use optimizations (and to remove
debug symbols) in the release versions of the programs:
1) why have a slow program when it can be faster?
2) why have a big program when it can be smaller?

:)

Anyway, under linux, the debug symbols are activated by -g, so if you
compile without it they shouldn't be included. And the the command

strip executable_name

will remove all the names of all the exported symbols, so there will be
no more readable information. For windows I guess it's similar, look at
the "c++ options" and "code generation" options in visual studio for
example, there should be some "do no include debug information".

> So, the question is: are function names and class names not visible in
> non-debug code? (That is a/the concern of mine).

they are not, provided you tell the compiler that you don't need him to
preserve the function names. (well, not sure if you can delete also the
names of the function linked dynamically on shared libraries, though...
probably not).

Regards,

Zeppe

"JohnQ" <johnqREMOVETHISprogram@yahoo.com> wrote in message

news:WG67i.4530$u56.2540@newssvr22.news.prodigy.net...

Yes, I meant the same as John mentioned.
- GK

But what do you want to do?  Isn't the obfuscation provided by optimised
and stripped compiled code good enough?

If not, I'd like to know why.

--
Ian Collins.

Maybe because compiled code is not portable to another hardware architecture?

I know that some firms (e.g. see www.gimpel.com) distribute their software
in obfuscated C source form so that it can be used on any platform with a C
compiler. Probably they know a good obfuscator program.

On May 30, 6:57 am, "JohnQ" <johnqREMOVETHISprogram@yahoo.com>
wrote:

It obviously depends on the implementation; the standard doesn't
say what is or is not "still visible".  In practice, under Unix,
if you link statically, then do strip, very little symbolic
information is left.  (Some must still be left floating around,
since typeid().name() has to return something.  But that's about
it.  And even they're just present as strings; nm doesn't see
them.)

Optimization, of course, has nothing to do with it; you can
strip the symbols from unoptimized code, and leave them in
optimized.  Optimization will make it more difficult to
reconstruct the contents of a function, however.

I've also heard of people using the preprocessor to obfuscate.
Write a simple program to extract the user defined symbols from
your code, then generate a file along the lines of:
    #define FirstUserSymbol A000001
    #define AnotherSymbol   A000002
    //  ...
and include it at the start of every module, before compiling.

--
James Kanze (GABI Software)             email:james.ka@gmail.com
Conseils en informatique oriente objet/
                   Beratung in objektorientierter Datenverarbeitung
9 place Smard, 78210 St.-Cyr-l'cole, France, +33 (0)1 30 23 00 34

On May 30, 7:45 am, Martin Rennix <martin.ren@gmail.com> wrote:

> On May 30, 12:57 pm, "JohnQ" <johnqREMOVETHISprogram@yahoo.com>
> wrote:
> > You could be right! Thank you, I'll investigate that (or someone will
> > follow-up post?). But if it's optimization that was your primary thought: I
> > don't use any optimization compiler settings (I don't need to, and who does
> > these days?).
> Plenty of people. Most C++ compilers support a debug (non-optimised)
> and release (optimised) mode.

That's interesting.  None of the compilers I use (Sun CC, g++
and VC++) have such a simplistic division.  They all have a
fairly complicated list of options concerning optimization:
several levels of optimization, and the possibility to turn off
or on specific optimizations, regardless of the level.

> So you automatically get optimisation
> turned on in release mode even if you aren't aware of it.

With the three compilers mentionned above, you get what you
asked for.  Generally, in the places I've worked, we've not
turned on optimization in released code unless we needed it.  (A
lot of applications, even today, are IO bound, and it makes no
sense to turn on optimization in such cases.  But for those
which aren't...)

> Optimisation
> can make a huge difference to runtime performance, even on todays
> machines.

Especially on today's machines:-).

> Of course, even in release mode you may have some debug code
> in there.
> > So, the question is: are function names and class names not visible in
> > non-debug code? (That is a/the concern of mine).
> Generally they are not visible in non-debug, stripped code. Your OS
> might differ in the stripping utilities provided. Eg Unix strip
> generally does more than MS Windows.

Another important issue is the use of dynamically loaded code.
The symbols needed to link it must remain present.

Also, I'm not too sure just what strip actually does.  If I run
it on an executable, after, nm shows no symbols.  But if I do
strings on the executable, I still find all of the names.

The real question, of course, is why you'd want to obfuscate to
begin with.  The current trend seems to be in the other
direction---more and more companies are delivering the sources
with the product, or at least making them available.  (Of
course, in many cases, the quality of the code is such that one
could consider the actual sources obfuscation.)

--
James Kanze (GABI Software)             email:james.ka@gmail.com
Conseils en informatique oriente objet/
                   Beratung in objektorientierter Datenverarbeitung
9 place Smard, 78210 St.-Cyr-l'cole, France, +33 (0)1 30 23 00 34

On May 30, 10:45 am, Zeppe

<zep_p@.remove.all.this.long.comment.yahoo.it> wrote:
> JohnQ wrote:

    [...]

> Anyway, under linux, the debug symbols are activated by -g, so if you
> compile without it they shouldn't be included. And the the command
> strip executable_name
> will remove all the names of all the exported symbols, so there will be
> no more readable information.

That's what I always thought, but a quick check (under Solaris)
shows that it just ain't true.  The names are no longer visible
to nm (and the executable is noticeably smaller), but they still
show up using strings.

> For windows I guess it's similar, look at
> the "c++ options" and "code generation" options in visual studio for
> example, there should be some "do no include debug information".
> > So, the question is: are function names and class names not visible in
> > non-debug code? (That is a/the concern of mine).
> they are not, provided you tell the compiler that you don't need him to
> preserve the function names. (well, not sure if you can delete also the
> names of the function linked dynamically on shared libraries, though...
> probably not).

Obvoiusly not, I'd say.  Also, you can't delete the names of
types, at least not if type_info::name() is still going to work.

--
James Kanze (GABI Software)             email:james.ka@gmail.com
Conseils en informatique oriente objet/
                   Beratung in objektorientierter Datenverarbeitung
9 place Smard, 78210 St.-Cyr-l'cole, France, +33 (0)1 30 23 00 34

James Kanze wrote:
>> will remove all the names of all the exported symbols, so there will be
>> no more readable information.

> That's what I always thought, but a quick check (under Solaris)
> shows that it just ain't true.  The names are no longer visible
> to nm (and the executable is noticeably smaller), but they still
> show up using strings.

uhm... compiled without -g and with _NDEBUG? I obtain quite clean code
under linux... maybe strip -s.

>> they are not, provided you tell the compiler that you don't need him to
>> preserve the function names. (well, not sure if you can delete also the
>> names of the function linked dynamically on shared libraries, though...
>> probably not).

> Obvoiusly not, I'd say.  Also, you can't delete the names of
> types, at least not if type_info::name() is still going to work.

same with assertions... anyway, for the dynamic linking, just my
ignorance on the topic (I don't really know about how it works the name
resolution on a shared library, there will be some version information,
as well as the exported symbols..)

Regards,

Zeppe

anyway,

On May 30, 8:41 pm, James Kanze <james.ka@gmail.com> wrote:

> That's interesting.  None of the compilers I use (Sun CC, g++
> and VC++) have such a simplistic division.  They all have a
> fairly complicated list of options concerning optimization:
> several levels of optimization, and the possibility to turn off
> or on specific optimizations, regardless of the level.

Yes you are right, but in VC++ when you create a new project by
default there are 2 configs, a debug config with optimisations off and
a release config with optimise on. Of course you can change these
settings.

> The real question, of course, is why you'd want to obfuscate to
> begin with.  The current trend seems to be in the other
> direction---more and more companies are delivering the sources
> with the product, or at least making them available.  (Of
> course, in many cases, the quality of the code is such that one
> could consider the actual sources obfuscation.)

I agree, obfuscation is generally a waste of time. All code can be
reverse engineered given enough time. And plenty of people have a lot
of time. Look how quickly games are cracked, even after spending a
fortune on anti-piracy measures. What is it you need to hide?
On 30 May 2007 05:41:08 -0700, James Kanze wrote:

>> > But if it's optimization that was your primary thought: I
>> > don't use any optimization compiler settings (I don't need to, and who does
>> > these days?).

>> Plenty of people. Most C++ compilers support a debug (non-optimised)
>> and release (optimised) mode.

>That's interesting.  None of the compilers I use (Sun CC, g++
>and VC++) have such a simplistic division.  They all have a
>fairly complicated list of options concerning optimization:
>several levels of optimization, and the possibility to turn off
>or on specific optimizations, regardless of the level.

It's a common feature of IDE's, not compilers. In Visual C++, probably
the best known example, all projects created by the wizards have two
"configurations" which are named "debug" and "release" and more or
less reflect what they think should be enabled during development and
for shipping your product, respectively. Of course, neither of the two
is useful --as is-- in production.

But I'll concede that the C standard did somehow set a precedent, by
naming NDEBUG that way: if it just turns asserts off why not naming it
NOASRT, for instance? I think what IDE's currently do is basically
applying the same line of thought which led to the name "NDEBUG" to a
number of other things; and --needless to say-- they will define
NDEBUG as well in any "release" configuration. I've seen code using
asserts for unit testing in such "release" configurations (it's just
that of course one wouldn't see the invocations of assert directly,
being them hidden behind some project-specific XXX_TEST macro).

--
Gennaro Prota -- C++ Developer, For Hire
https://sourceforge.net/projects/breeze/
(replace 'address' with 'name.surname' to mail)

On May 30, 5:18 pm, Martin Rennix <martin.ren@gmail.com> wrote:

> On May 30, 8:41 pm, James Kanze <james.ka@gmail.com> wrote:
> > That's interesting.  None of the compilers I use (Sun CC, g++
> > and VC++) have such a simplistic division.  They all have a
> > fairly complicated list of options concerning optimization:
> > several levels of optimization, and the possibility to turn off
> > or on specific optimizations, regardless of the level.
> Yes you are right, but in VC++ when you create a new project by
> default there are 2 configs, a debug config with optimisations off and
> a release config with optimise on. Of course you can change these
> settings.

I think you're referring to the Visual Studios IDE, and not
VC++; I use VC++ from time to time, and I've not seen two
"default" configurations---VC++ is very much like g++ or Sun CC
in that it has hundreds of command line options, and in any real
production work, the defaults are absolutely worthless; you need
tens of options to get anything useful.

As for defaults in general: you really should carefully read the
documentation of the tools you are using, particularly critical
ones like the compiler, and decide explicitly which options are
relevant to your application.  I've never found the defaults to
be appropriate, and it's usual that different applications need
a different set of options.

--
James Kanze (GABI Software)             email:james.ka@gmail.com
Conseils en informatique oriente objet/
                   Beratung in objektorientierter Datenverarbeitung
9 place Smard, 78210 St.-Cyr-l'cole, France, +33 (0)1 30 23 00 34

On May 30, 3:54 pm, Zeppe

<zep_p@.remove.all.this.long.comment.yahoo.it> wrote:
> James Kanze wrote:
> >> will remove all the names of all the exported symbols, so there will be
> >> no more readable information.
> > That's what I always thought, but a quick check (under Solaris)
> > shows that it just ain't true.  The names are no longer visible
> > to nm (and the executable is noticeably smaller), but they still
> > show up using strings.
> uhm... compiled without -g and with _NDEBUG?

Well, I didn't try _NDEBUG, but I did compile and then strip,
and all of the (mangled) names were present in the output of
"strings".

I suspect that this is possibly because at no point during the
build cycle or strip was it explicitly stated that dynamic
linking wouldn't be used, so all of the operations retained the
symbols, just in case.

> I obtain quite clean code
> under linux... maybe strip -s.

Hmm. I'd tried it under Solaris.  Under Linux, strip does seem
to eliminate most of them.

BTW: does _NDEBUG have anything to do with NDEBUG?  If it
suppresses assertions, then it can't very well be used in
production code, can it?

> >> they are not, provided you tell the compiler that you don't need him to
> >> preserve the function names. (well, not sure if you can delete also the
> >> names of the function linked dynamically on shared libraries, though...
> >> probably not).
> > Obvoiusly not, I'd say.  Also, you can't delete the names of
> > types, at least not if type_info::name() is still going to work.
> same with assertions... anyway, for the dynamic linking, just my
> ignorance on the topic (I don't really know about how it works the name
> resolution on a shared library, there will be some version information,
> as well as the exported symbols..)

Under Unix, all global symbols will be implicitly exported.  (I'm
not too familiar with the GNU ld, but Sun's ld has options to
specify exactly what should and should not be exported.)

--
James Kanze (GABI Software)             email:james.ka@gmail.com
Conseils en informatique oriente objet/
                   Beratung in objektorientierter Datenverarbeitung
9 place Smard, 78210 St.-Cyr-l'cole, France, +33 (0)1 30 23 00 34

On 31 May 2007 02:03:51 -0700, James Kanze wrote:

>   [in Visual Studio]
>BTW: does _NDEBUG have anything to do with NDEBUG?

It's _DEBUG, not _NDEBUG. In the two default configurations that the
wizards generate, the "debug" one has _DEBUG defined, the "release"
one has NDEBUG; so, yes, it isn't usable in production as I said in my
other post, except that it is, more often than not :-( (As I also said
in my other post the name "NDEBUG" is a tad misleading, but a
professional programmer is supposed to understand things a little
beyond the level of lexical suggestion)

--
Gennaro Prota -- C++ Developer, For Hire
https://sourceforge.net/projects/breeze/
(replace 'address' with 'name.surname' to mail)

On 31 May 2007 02:03:51 -0700, James Kanze wrote:

>   [in VC++]
>BTW: does _NDEBUG have anything to do with NDEBUG?  If it
>suppresses assertions, then it can't very well be used in
>production code, can it?

<OT>
I forgot to add an important piece of information. The macro _DEBUG is
actually *implicitly defined* every time you use the /MTd or /MDd
options and says that a debug version of the CRT is used. That, of
course, also from the command line; the command line which results
from the wizard debug configuration has both /D "_DEBUG" and one of
the two options above (that's from personal observation, from VC6 to
VC8 --probably that's not documented and of course it's nothing to
count on without inspecting it personally).
</OT>

--
Gennaro Prota -- C++ Developer, For Hire
https://sourceforge.net/projects/breeze/
(replace 'address' with 'name.surname' to mail)

James Kanze wrote:
> BTW: does _NDEBUG have anything to do with NDEBUG?  If it
> suppresses assertions, then it can't very well be used in
> production code, can it?

sure, it was a typo for NDEBUG, sorry (actual mix between _DEBUG and
NDEBUG :)

But I  can't understand your sentence. Why should the assertions be
retained in the production code? It's a kind of debug stuff for me.. of
course I was referring actually to that, if you enables assertions (and,
for some other compiler, _DEBUG actually activates other types of
controls inside of the library) it's likely that some names and code
lines are stored in order to print something useful when an assertion is
thrown.

>> same with assertions... anyway, for the dynamic linking, just my
>> ignorance on the topic (I don't really know about how it works the name
>> resolution on a shared library, there will be some version information,
>> as well as the exported symbols..)

> Under Unix, all global symbols will be implicitly exported.  (I'm
> not too familiar with the GNU ld, but Sun's ld has options to
> specify exactly what should and should not be exported.)

Ah ok, thanks for the explanation ;)

Regards,

Zeppe

Most application I have used retain assertions.  There will always be
"can't happen" situations in the code where an assert is the only safe
option.  If nothing else, they give an error message for users to report
when one fires.

Without the original source, file and line number isn't any use to
someone reverse engineering the code.

--
Ian Collins.

Add to del.icio.us | Digg this | Stumble it | Powered by Megasolutions Inc