Slashdot Mirror
Morphing Code to Prevent Reverse Engineering?
ptolemu writes "Cringely's latest article discusses a new obfuscation technique currently being researched called PSCP (Program State Code Protection). An informative read that concludes with some interesting insight on the software giants that heavily depend on this kind of technology."
delete all the white space, and comment in Hungarian
"If you think you have things under control, you're not going fast enough." --Mario Andretti
I've done mostly server-side work where:
- the jar files were secure because they were on the server and
- bytecode optimization and jar size was the least of our problems
Obfuscation seems to be useful only for client-side Java applications that contains super-secret valuable algorithms. I mean, who cares if somebody decompiles your code to see how you did sortable JTables or whatever?
The Army reading list
This technique might be interesting for stopping people from stealing your closed source code, but as far as security goes it's pretty much worthless. 99% of the vulnerabilities in MS's code were found before their code was leaked, and if you believe them, even the major exploit found after it was leaked had more to do with bad code than someone finding the existing problem by reading the code.
Don't blame me; I'm never given mod points.
The code I write is obfuscated enough as it is. I'm my own anti-piracy mechanism.
The Blaster Master Fighting for Truth, Justice, and Evil Pie since 1979
Form of, illegible code.
Shape of, encrypted executables.
Not sure where the monkey fits into all of this.
"Have you ever thought about just turning off the TV, sitting down with your kids, and hitting them?"
After all, these nothing that these guys could come up with that ROT13 doesn't already do!
Norman Cook's Ode to Sl
It just won't work. Any code that can be run can be reverse engineered. So-called sophisticated coding techniques only lead to unreadable code..
Microsoft doesn't need to do this. Windows source code is obfuscated enough.
I can smell the virus from here, and that wont be good.
Seems to me that they're more worried about software being cracked than being reverse engineered. Not sure how successful they'll be there.
Find a job you like and you will never work a day in your life.
I could see this as useful on small sections of code. Doing this to an entire program would be a huge resource waste.
"Average intelligence is pretty damn stupid"
Strikes me that OS does not have this issue.
Why would you want to prevent reverse engineering anyway? How hard could it be to just create the application from scratch? Likely much easier than reverse engineering.
And if its security, we know you do not get it by hiding the source...
Fail to see the need.
*shrug* You still have controll over the computer. Just load something of your own mnaking before your OS loads the obfusicator. Interrupt 13, anyone?
write really bad code. you don't see anyone reverse engineering Windows, do you?
The problem with Microsoft's code being readable is that there are only Microsoft people reading it. Half the time they wouldn't see the forest for the trees (since they are so involved with it all the time anyway), and the other half they would miss things that other people might pick up.
With Open Source, *everyone* gets to look at the code, so there any many eyes, and the bugs get shallower.
libertarianswag.com
The medical profession deals with viruses by identifying our weaknesses, and exposing them to the viruses (the ultimate "reverse engineering"?). If there were a biological DMCA, developing vaccines would certainly violate it on the illegality of "hacking into the body".
With software, though, people still insist on trying hide and pretend as if there were no viruses out there and that we would be impervious to them.
Can we finally just open all of our code so we can vaccinate it against all these exploits?
I seriously doubt this is anything special, just more code and more code to disguise the code that actually does something. I can't imagine you really CAN protect a program for instance, without completely screwing it up, performance loss etc. These companies should provide the kinds of services and support systems that make investing in their product viable. err yeah...
This looks vaguely like self-modifying code, like back in the old days of copy protection.
.net runtime engine (or maybe it's loaded and spews bytecode to the runtime), then it can be removed...or the output intercepted. .
The thing I don't understand about the article (and how it describes the PSCP process) is this: how will this make reverse engineering more difficult?
When you're starting to crack something, you work backwards from system calls, library calls, and known behaviors. "Known behaviors" are, well, patterns of code that people (or compilers) use to do things. Anyone good at low-level stuff can probably identify the compiler used to build the code. Likewise, if you think about something enough, you can probably figure out three or four ways to do something, and look for that pattern in the code.
PSCP prevents this...how? By making this process happens as the program runs? How else do you reverse engineer something?
Anyway, it sounds like this thing sits right before the
What am I not getting here?
Just like all the hubbub over proprietary signal encryption to "protect" digital audio streams, all you need here would be the CPU-equivalent of the old Analog Out jack.
Break it down to the Universal Turing Machine and tape analogy. The program code is the tape, and the state of the machine is in the tape-executing device. If the tape were to somehow morph itself dynamically, and yet execute properly by morphing to a well-designed program at the moment it is read for execution, all you have to do is to watch the read/write head of the UTM itself.
If they find ways to monkey around with bytecodes so that they're shifted around between disk and executor, just run it with a special version of the executor. Shouldn't be hard... the standard for what the unencrypted bytecodes are capable of accomplishing are standardized. Execute the code once, and take "notes" of what is being accomplished. Run through a code coverage test suite, even a crude black-box analysis, and you should get an unscrambled bytecode equivalent.
It just doesn't make sense. If obfuscation, i.e. obscurity, is your only security, it is no security at all.
[
Cringely has really outdone himself that time. I can't even follow this poorly thought out mess. He seems to totally misunderstand every single concept he touches on.
Compilation to bytecode and an "interpreted language" are NOT THE SAME THING. Both the CLR and a compiled java class are effectively machine code for a machine that doesn't exist. These abstract machines have machine code that reveal *MORE* information to a disassembler/reverse engineer than, say, x86 or PPC assembly, but it is still far, far from being code. This is reaction one that I have. The rest of the article is so confused I don't even know how to respond to it.
Reverse engineering is good, and each coder should try it. This is the way to learn how someone else code is working, when that code is closed source. I don't think you can fool experienced assembler code with messing code around.
Think about R.E. like about game. It's like cracking, but it's good. And it's about creating, not about destroying.
how come for every new technology that comes out that is suppose to "secure" us i can think of a way it can be used "malicously"
.NET is so "young" can't you see this used for creating a perpetual virus that can't be removed? you wouldn't even be able to ID the bug that caused this to virus to run itself.
ex. I write YourDoom.A and i write it using this new code morphing obfuscator. how exactly are Anti-virus programs 1. suppose to remove this? 2. identify this?
Given the numberous amount of VB/Outlook bugs and considering that
I don't know the answer to what I'm about to ask. I'm a writer, not a programmer, but as I was reading Cringley's column -- especially toward the end when he talks about how PSCP can be used in DRM to really (really, really) obfuscate a watermark -- I got to thinking: couldn't this theory of PSCP be used to further obscure (or encrypt -- whatever you want to call it) P2P networking?
And maybe this is already being done -- or maybe this is just pure stupidity on my part for asking the question -- but couldn't this sort of "morph-as-you-go" theory be used to obfuscate -- and essentially hide -- a network path used to get (or put) a piece of data? Kinda like BitTorrent -- but in a much more severe, much more shifty way? You getting the data -- eventually -- and you're both downloading and uploading as you go -- but the paths through which your current bit of data is being retrieved are both unknown until you visit it and obscured once you leave it?
Once the virus writers get a hold of this viruses will be much harder to catch, unless anti-virus writers start looking more for virus-like activity.
Neutrons are slippery little rascals, they can fool you. They can bounce and show up around corners you don't expect.
The author of the PBS article didn't, even remotly, understand what he was talking about. There were several invalid statements, some stupid assumptions, some just wrong. How about some REAL research every once in a while before we go spouting off more garbage into the net.
As I recall, Sierra games had a recompiler that screwed the code quite badly to make it hard to hack.
www.voiceofthehive.com - Beekeeping and Honeybees for those who don't.
When a computer program runs, the computer can follow millions of paths to get the job done. We leverage those millions of paths and transform them into billions of paths instead
Millions of paths implies some sort of jump instruction, whether or not that translates to millions of function calls, i don't know. assume it does. then instead of making millions of function calls, your making billions of function calls. Going from millions to billions is a large step, bigger than just swapping an "m" for a "b" in marketingspeak. So are they planning on passing this performance hit to the legitimate consumer? No thanks, I'll take my Free source code and like it.
Went to high school in Euclid. Not hard to find, 'cause it's nestled up to Cleveland. (yeah yeah, 'just follow the river that's on fire' har har)
So basically, this stuff doesn't affect the original source code or, for that matter, the final running binary code, just the intermediate bytecode, which is what actually gets shipped and then JIT compiled to binary? Huh.
SO YOU'RE GOING TO DIE: The Comic for Dealing with Death
If the written code is secure, all the .Net manifests in the world aren't going to allow someone to break in. All the open source arguments say having access to source makes code more secure. Having access to .Net manifests should allow the similar things. This obfuscation makes it more likely unsecured code won't be detected.
Self-modifying code will be much more reliable, and easier to debug! Cringely may not own PreEmptive stock, but I don't beleive for one second that he isn't getting some sort of renumeration from them. Here's an idea -- why doesn't the EFF or FSF patent security through obscurity, thus forcing all software vendors to implement REAL security?
"Freedom means freedom for everybody" -- Dick Cheney
1) We've seen this before. Self-modifying code, code which is encrypted until just before it is run, etc.
2) This should make for some fun viruses, too. They're almost always ahead of the curve, at least in the concept viruses (thankfully, the really evil viruses rarely seem to get released). No, the algorithm being patented would not stop them from using it, sorry.
3) These schemes usually get broken. I simply don't have enough information on this to analyze its weaknesses, but in general, there is probably a way to reverse it.
I wonder if +ORC is still around... ? He might have retired by now, for all I know. May have to ask Fravia or someone...
Wasn't there a story about a related technology yesterday?
I tried googling for Program State Code Protection
:)
*hmm* The closest thing I found was:
West Virginia State Code - Farmland Protection Program
The govenment use almost the same words already... I guess it will turn out that Al Gore invented this thing too... not just the interweb thingy
Would code that was changing itself while running (polymorphic) be nailed by a heuristically-scanning anti-virus program? I would hate to de3velop something, and then all of a sudden get seriously bad press for releasing what seems to act like a virus. Just food for thought.
hope they dont go after the programmer of putty for creating a scp program called pscp
... obfuscation! That's why the Windows 2000 source looked so messed up.
-m
#
# Modus Ponens
#
His whole premise is flawed.. he implies that recent security issues with Microsoft software are due to the fact that you can read the source code of .NET programs... as if Windows and IE were written in .NET...
What about open source then?
The perfect sig is a lot like silence, only louder
This seems obvious to me, but I'm usually two years ahead of events. Hey Cringely, time distortion and delusions of grandeur are usually symptoms of drug abuse... what are you on? Crack?
Here it is, the killer-app of the 21st century. Need a reason to make people upgrade? Just built a run time morpher in the code. Use that Hyper threading for something useful. And then we can just layer them on top of one another, right. Add another morpher on a morpher and a new version of windows is ready. Like it can't already confuse itself to death.
So the code is hard to figure out until it's actually executed?
:)
So you run it in a virtual machine and trace its execution, right?
Then it's just a 'simple' matter of disassembling it (If you're good with assembly
Or am I missing something?
This is a problem only to closed source systems, GNU/Linux is free software, and thus there is nothing to reverse-engineer.
Another great thing about my GNU/Linux boxen (besides being free as in speach) is that they don't get virii and BSODs all the time like my roommates M$ Windows^H^H^H^Hblows. So its open *and* secure.
So legitimate software is going to take on the functionality that virus software has been using for years? And companies are patenting these techniques as if they are somehow new? Virus writers are the true innovators here. They pioneered the infamous Mutation Engine. I would consider off the shelf software that used those techniques innovative, in fact I find it creepy. Honestly, if the time wasted trying to protect so-called intellectual property was used instead to invent things to simplify our lives, we (as in humanity) would be better off.
Er, yeah. Given that the writer seems to think that makes sense, I wouldn't trust anything he writes. Ever.
_O_
.|< The named which can be named is not the true named
11. This machine is a piece of GAGH! I need dual
processors if I am to do battle with this code!
10. You cannot really appreciate Dilbert unless you've read
it in the original Klingon.
9. Indentation?! -- I will show you how to indent
when I indent your skull!
8. What is this talk of 'release'? Klingons do not make
software 'releases'. Our software 'escapes' leaving a bloody
trail of designers and quality assurance people in its wake.
7. Klingon function calls do not have 'parameters' -- they
have 'arguments' -- and they ALWAYS WIN THEM.
6. Debugging? Klingons do not debug. Our software
does not coddle the weak.
5. I have challenged the entire quality assurance
team to a Bat-Leth contest. They will not concern us again.
4. A TRUE Klingon Warrior does not comment his code!
3. By filing this SPR you have challenged the honor
of my family. Prepare to die!
2. You question the worthiness of my code? I should
kill you where you stand!
1. Our users will know fear and cower before our software.
Ship it! Ship it, and let them flee like the dogs they are!
Slashdot Eds Link Anonymous Posts With Logged Posts
They Are Vermin Feeding On Each Other's Feces.
I Hate \.
i always write obfuscated code by default - goddamit! if it was hard to write, it should be hard to read
It is, of course, very reassuring to know that :
Beeing a bit cynical, I find the article more like a sales plug than a journalistic piece.
Yet, I have no doubt that if someone came up to them and warned them about the dangers of IP theft and showed them this solution, they would bite.
If they really wanted to do maximum damage to their competition they should have just released the source code and hoped their competitors tried to used that as guidance.
There are probably some rare instances when a specialized software technique is developed and you want to keep its implementation specifics secret. I have yet to run into a single instance of this after many years in the industry.
Isn't their a site that focuses on writing obfuscated code? It's just humor but wouldn't that count as prior art to any patents?
And how would those "Watermarks" help in open source. If you have this change all the variables to some names that don't make sense unless you're looking for the watermark. But wouldn't that make the code so much harder to read? And wouldn't that be VERY BAD for open source?
I wonder if they've seen the proof of the impossibility of obfuscating programs?
There is nothing new under the sun. These Java and .NET obfuscators are just the same old anti-SoftICE sections, which were just the same old Amiga/Atari copylocks, which were just the same Spectrum/C64 turboloaders, and so on.
Every single one of these is broken. Almost all good programmers are capable of deciphering the standardised, retail-boxed algorithm used for the obfuscation, and can easily un-obfuscate it. Are all the Java variables named "a"? Diddums! You don't have a Java decompiler with the option to ignore that simple tweak.
All that matters is:
1) How important is the code behind the obfuscation?
2) How much time and effort is the reverse engineer willing to spend?
If you use a company's retail-box obfuscator, anyone with the "'Brand X obfuscator' deobfuscator v1.0" can get straight at your code. It's a technological arms race, nothing more.
Does my bum look big in this?
This is gonna make reproducing production bugs a bitch. Well which path did they take. What will this do to multithread debuging? UG! Besides Security by Obscurity is no Security at all.
When a man lies he murders a part of the world.
I don't love microsoft, but I think this article makes several claims without backing them up or offering any explanation as to their merits. Such as:
And "You can write a program in C# or Visual Basic.NET." while factually accurate, ignores Delphi.NET, C++ managed code using the CRL, and other implementations of the CRL (COBOL, etc).
I think the basic premise of the article, where if someone is using your objects it is obviously a bad thing/security breach, is flawed. If you need to secure your objects, SECURE them! Seal them, see who is calling you, etc.
Lastly, As shown by previous posts, Obfuscation is not the end-all panacea to security. In my opinion, it's barely a detour. Otherwise, Open Source literally could not be secure.
If you blog it...
Seems to me that stuff like this would make it quite difficult to debug once an application has been released - also, how would things like a memory dump on application crash help to debug anything here?
Find a job you like and you will never work a day in your life.
It's not like no one's ever written a virus before that included obfuscation through self-modifying binary code. The major virus companies already have techniques for identifying and working with such viruses. Those companies that don't already have such techniques are selling products that don't work. :P
Second off, code obfuscators aren't magic. You can always still tell what's happening. It just takes longer and more effort.
I have found that most code generation tools (the kind you program boubles and arrows in, like this one) will give you C code that looks like it's been obscurified on purpose.
E.g. all states and variables are in an array called n[][] and the program is basically a big loop.
Quite impossible to know whats going on
It sounds to me like the author of the article is talking about two completely different issues. The first is code decompilation and static obfuscation. The second is about runtime obfuscation.
In theory, if you don't run the binary you have, you don't need to worry about it modifying itself. The same techniques that work on obfuscated byte code now should work on the the binary. Now if you were trying to reverse engineer a program by running it and tracing it, that's where PSCP seems like it would help.
Now I can distribute my patented "Hello, World" application (note the comma) without fear of infringement.
Nothin can stop Ben Affleck as Michael Jennings, the "best reverse engineer there is."
And there is even an Open Source aspect to this new form of protection: It can be used as a new form of attribution. Who wrote what part of that Open Source program? Copyright notices and comments can be removed, but the PSCP code renaming signature can't be.
What is this "code renaming signature"? The article only mentions it once. right here. Why can't it be removed for open source code? I bet it can be, give me a room full of monkeys(1) and a few terminals with vim.
Assuming it's *something*, sure, there's an application. [insert favorite hashing algorithm here] can also create a "signiture". Then maintain some version control that contains a source file and hash. Granted people can grab that source from the version control system, erase anything they want and create a new signature for that file, but I still would have an original version that has all the info in case something comes up where someone would want to know the documents history.
(1) those monkeys have nothing to do with anything but me wanting a room full of monkeys
If it changes how it executes every time, it sounds like it would be a fantastic way to introduce unreproducable bugs.
I'm sure this would make QA testing a nightmare.
"He's lost in a 'floyd hole"
http://www.oreillynet.com/cs/user/view/wlg/1124
Let's start a software company based on an algorithm that promises to compress any string of bits into a 1 bit smaller string of bits, and thus by multiple invocations can compress any string of bits into a single bit... Then let's see if we can get Cringely to recommend this technology!
"Freedom means freedom for everybody" -- Dick Cheney
Deobfuscation is in NP. That is, for any type of obfuscation, there is a method to reduce it to a deobfuscated copy. It may take polynomial time, but it can be done.
Read the paper if ya don't believe me.
Time is an illusion. Lunchtime doubly so. --Ford Prefect
Well SMB, anyway. Not the entire OS.
Okay: for argument's sake we'll say that PSCP works like a charm to prevent nasty evil crackers from debugging my program effectively.
.NET program's IL instructions are JITted into machine code at runtime, thereby making it pointless to modify the IL -- unless these people are invalidating the JITted code every time the IL code changes (is that even allowed?) or providing a translator between IL and machine code that inserts code-morphing instructions into the OUTPUT machine code (which I seriously doubt).
.NET assembly which is bursting with code, how does PSCP prevent him from taking the assembly apart and dissecting? Answer: PSCP *doesn't* provide any such protection.
.NET assembly. I may need to hunt back and forth for a little while to find the specific place I'm interested in, but I can't imagine that PSCP is able to change offsets or locations of instructions by very much.
We'll ignore the obvious problem presented by the fact that your
We'll ignore the fact that instructions which modify other code are generally very easy to spot -- because they must refer to regions of a program's address space where code resides -- and it should be easy to find these code morphing instructions and turn them into no-ops.
We'll set both of those tricky issues aside and focus on the crux of the matter. How does this PSCP protect the program *before* it starts running? When the cracker gets his hands on my juicy
So, the school of crackers that likes to use a debugger to deduce program behavior may find themselves having trouble. But in the worst case, all I need to do is run the morphing code in a debugger, record the location of the program counter at the point in the program's execution in which I'm interested, and then consult the corresponding section of the program code that resides in the original
Think about it: if PSCP wanted to change the location of a jump target, for example, it would need to track down every other instruction in the program that jumped to that instruction, and modify the jump to point to the new location of the jump target.
Check out:
Retrologic awarded Java byte code obfucator (Open Source! and free!)
not free but you can try before you buy
ZelixKlassMasterYet Another Java Byte Code Obfuscator (YAJBCO)
But I'm not sure they really work - just provide level of security similar to classical machine code. Btw. the MyDoom virus was BurnEye encrypted - so what?
You can defy gravity... for a short time
"Resistance is futile"
As a Finn, I must propose our language as a viable alternative for obfuscation purposes. Please allow me to demonstrate:
Tama koodi ei toimi ja siina on ladonoven kokoinen aukko - mutta ei Linus sita tajua.
Executive summary of the article:
1. MS bad!
2. MS code is insecure
3. Linux rulez d00d!
Next, I assume we will hear from him how someone 'discovered' that writing a procedural like algorithm in a rules based language makes the code more secure.
I really really feel good that my tax dollars are being well spent at PBS to fund political speech.
I especially like the fact that I am funding political speech that I disagree with!
Hey, wait isn't that violating my 1st amendment rights!
And I am still in shock what I found...
RedHat Mother's Day edition with Hungarian comments and an obfuscating GUI layer.
No wonder Microsoft is scared to open it up.
WHOOOO CAAAARRRES???
Yeah, users demand that their executables should change randomly at runtime. I'm sure that there can never be any bugs introduced by this process. Applications won't randomly crash for no reason...
Oh, wait. I guess this is MSFT. They wouldn't care about random crashes, data corruption, security holes, or any of that boring stuff.
That's "Mr. Soulless Automaton" to you, Bub.
They're promoting security via obscurity.
Whatever.
I don't need no instructions to know how to rock!!!!
In Soviet Russia, the code modifies YOU!
Imagine the ramifications of that statement. Actually it's kind of true--my increasingly bad sleep patterns and worsening ability to attract women are probably direct results of coding! But hey, at least I can't get reverse-engineered (that sounds like sodomy, so I think it's a Very Good Thing(TM))
The barrier is human, not technical. "Social Engineering" can get through the human aspect.
I use the term "clearest text" because the original source code may be so poorly written, that it is practically self-encrypting.
All it takes is a code following disassembler, I use one for reverse engineering obfusticated firmware as a regular part of my job. Eventually the processor has to run the code, If you do a just in time disassembly, it doesnt matter how the fusk with the code, you can still understand it.
Cloakware also has some nice obfuscation technologies
..but from reading this, I get he impression Cringely doesn't know what he's talking about.
As copyright owner of this comment, I authorize everyone to defeat any technological measure which limits access to it.
write better polymorphic viruses.
In effect, the .NET code remains in interpretation-intended form right up until the end. The point is that it carries around tons of info with it that makes reverse engineering easy just as with interpreted languages. The original Microsoft BASIC was an interpreted language and subject to this vulnerability, which is why it was so easy to copy on punched paper tape and why Bill Gates once referred to many of his earliest users as "thieves."
... well... binary data.
Unfortunately for Cringely, he appears to have trouble figuring out the difference between a language interpreter and an interpreted language. Microsoft BASIC was written in assembly, and as such was not subject to this vulnerbility. The thing that made it easy to copy was the fact that it was
Coming soon - pyrogyra
Yeah, right. Write self-modifying code and try to run that in a Palladium/NGSCB'ed environment where your code is checksummed as it runs.
Obfuscation does also provide a speed bump to those attempting to disassemble your code. Without obfuscation, anybody with a casual interest could just glance at your code using javap, etc. Retroguard fits saemlessly enough into the build process that adding a simple level of protection to the code is usually simple and transparent.
-----
Free P2P Backup, Windows & Linux
What exactly is the risk to Microsoft here? Since they started their big "security initiative," all of their programmers are writing secure code, right? RIGHT??? Then it should not matter if someone can easliy decomplie it.
.NET is not the reason that Windows security problems are being reported more frequently. In some cases (the RPC bug) these problems have existed for a several years! More security researches are looking for problems in Microsoft products than ever before, and that's why so many new problems are being discovered.
Or perhaps the problem is that it will be too easy reverse engineer unpublished API calls.
I can't believe a company will pay for junk like this. If you are such a company, I have a program that will secure your source code. Here some output from it: /* abobql jvyy erirefr ratvarre guvf pbqr */
vag znva(ibvq)
{
cevags("Uryyb, Jbeyq\a");
erghea 0;
}
leave your contact info in the subthread and I will get back to you.
Ok. Let me see if i got it. Generating spaghetti machine code from structured source. Dijkstra will be very happy about that.
-- When did Ignorance Become a Point of View?
Examples of Stupid Obfuscator Tricks include:
- Scrambling exception ranges so they don't nest.
- Inserting non-structured GOTOs
- Inserting never-executed exits from synchronized blocks
There are others, these are just the ones that I recall. A compiler (static or JIT, it does not matter) must deal with all of these.There are two outs that I know of. One is to only use interpreted code and morph it on the fly (still seems vulnerable to an observant interpreter, but perhaps the amount of necessary observations can be made extravagantly large), the other is to require use of a "trusted" compiler (which, in turn, requires use of a "trusted" OS to prevent substitution of an untrusted compiler, which in turn requires "trusted" hardware to prevent substitution of an untrusted OS).
Ok, you are a member of a development department responsible for applications that need to be certified and tightly controlled. (maybe big pharma)
The FDA come a knocking and start asking about the checks in place that ensure that the code that you write and document is the code that actually gets performed.
FDA Auditor: So, this code specified in this document. Can you please show me how you ensure that this code is actually performed when you run the program here that you say is the one that this document references.
IT Guy: Sorry, Cant
FDA Auditor: Why isnt it?
IT Guy: because the code that gets run is different every time it is run, and indeed during a single run it changes.
FDA Auditor: So, What your saying is that you cannot guarantee that the applications specified in all these documents is the application code that actually runs.
IT Guy: Yep, thats about it...
Oh, now at this point in the discussion it gets serious.
Who on this list actually thinks that dynamic code obfustication like they propose is actually worth a damn.
What happens when this mutating mess gets it wrong?
Who is to blame?
Come on now, this is stupid, this is the worst form of pandering to corporate paranoia.
This is true snakeoil.
These are all just turing machines.
I, for one, vote for SCO's greek-letter obfuscation technique...
Slide 10
Like Ultra-Wide-Band networking and enterprise XML integration, this column fits a Cringely mold of writing an entire article about the business plan of one small company most people haven't heard of, and passing it off as an important insight about the IT industry as a whole. It works for the most part because there are a lot of neat-sounding business plans out there. Every start-up company in the world has a story about how their vision, fully realized, would shake up the entire industry. It makes for great column-fodder, but provides poor analyses.
If you read the whole column here twice, you immediately become aware of the fact that Cringely's entire "argument" turns on the idea that security rests on keeping source code secret. Because "interpeted" code "always" discloses code secrets, "interpreted" platforms like .NET will require the intellectual property wrapped up in schemes like PSCP. Therefore, the "inventors" or PSCP hold an important position on the chess-board of the entire IT industry. Microsoft and Sun will launch bidding wars to ensure they control the PSCP IP.
Of course this is just crazy-talk. Just for a moment, leave aside the argument that something like PSCP can really prevent reverse engineering. In the post-PSCP world, all security rests in a distributed repository of millions of lines of source code "locked up" in an organization that spans 45 buildings and untold tens of thousands of people in Redmond. You can't keep source code secret. Closed source is a speed-bump to dedicated attackers, who will break into networks, find corrupt insiders, or even get janitor temp positions in order to get the code.
Nobody working in security seriously believes that the source code for Windows 2000 wasn't floating around the computer underground years before the most recent disclosure. 'Twas ever thus: most of the SunOS and Solaris exploits that powered attackers in the mid-90's were derived from stolen Sun source code. Stolen source trees have always been the most stable currency in the computer underground for exactly that reason. What you do with the compiled product of that code makes no difference if the blueprints are already in enemy hands.
I'm not sure it's even worth confronting Cringely's argument (that PSCP is a strategic technology that is crucial to .NET security) head-on, but I think I can make a decent response simply by evoking video game copy protection. Companies went through all sorts of contortion to devise copy-protection schemes. Kids with the Microsoft Macro Assembler bible thwarted them, because, just like in the DRM/Media battle, when you control the entire player architecture, it is impossible to completely secure the content. Regardless of whether PSCP makes it harder to grep out the cookie cutter exploit from the .NET IR, the payoff in the "battle" between code-obfuscation and exploit generation is much higher than the payoff to defeat copy protection, and nobody has ever won the copy protection battle.
Cringley is right every once in awhile (business plans occasionally do pan out!), like with Eolas and Burst. I normally wouldn't care enough to comment, but this time he's inadvertantly promoting a damaging and popular misconception in his article.
From the article:
"(.Net) ...effectively exposes source code at the very heart of Microsoft consumer and enterprise applications. The result is that nearly every emerging Microsoft product is vulnerable, including the OS itself. That's one reason why we are always hearing more, not fewer, stories about Microsoft security problems. And that?s why Microsoft security updates are now at least a monthly event."
So, the guy claims that we're seeing more reports about Microsoft security problems because code written for .Net platform is easily reverse engineered? Looks to me as if he hints that hiding the source code prevents the risk of security problems through bug exploits. .Net. The code of almost all Microsoft products is written in plain old C.
Well, even if it were true, it certainly isn't true that we see more Windows security updates because of visibility of code written for
Oh, and BTW, since when is it a problem if we see at least one security update/month? I'd be anxious if there were *none* for a month! (I understand that can be a nightmare for sysadmins, but I'm lucky to only have two laptops and one desktop machine to maintain at home)
Sig erased via substitution of an identical one.
Dunno the point of all this. Seriously, if you think about it, there's no way you can make your code 100% unreadable.
The tools that PROTECT your code can be reverse engineered as well. What then?
We have secretly replaced these Slashdot mods' sense of humor with a rusty nail. Let's see if they notice!!
I found myself less informed after reading that article, less intelligent perhaps as well.
First of all, anyone that intends to write an article about a "new" software engineering theory or theoretical application needs to make sure they not only understand what they are talking about, but they also choose to collect quotes from people who know what they are talking about.
Here's a hint, if the person says "leverages" in a serious tone of voice they are either a sales-person or only received information from the sales team.
Now, beyond the other comments I could add, such as bad definitions of the framework, and the authors inability to name more than 2 examples of languages available to interact with that framework, there seems to be a large problem with the research content. There isn't any.
I could likely spend 20 to 30 minutes researching background informaiton on the internet and still have a more solid article, simply because I would have real information.
The information provided in this article appears to be the results of carefully skimming sales brochures. There is no real information on the processes involved, reverse engineering, or numbers invilved in terms of performance.
We find out that there are "...billions of paths..." but this is just marketing talk, obvious for it's lack of detail. Reverse engineering is detailed as something used by hackers (in the newer, negative sense) to find holes in code. There is no mention of the other side, ie reverse engineering old software when the original developers are not available and no one felt documentation or up-to-date source code was necessary, among many other valid and legal reasons for reverse engineering. There is a brief comment about the extra resource usage, but it is considered negligable (in comparison to...?) and in fact this process is also mentioned as having no negative impact. tanstaffl.
All in all this sounds like something that will be overhyped, overused, and in the end more of a pain than anything else. Clueless managers everywhere will demand all of the code use this new and impervious format when there are many easier ways to prevent security loss without the so far unknown problems with this new method (not to mention security holes in the obfuscation methods itself).
Now when people try to reverse engineer code to look for security holes they won't find them because the holes were swept under the carpet. I may stand up for MS more often than deride them, but the kindest way I can say this is that this new method of obscurity is a little less than bright. Just as I wouldn't use anything beta from MS, you can bet that I won't be using this technology either. I prefer solid code, testing, and a solid license. By the time they have finished reverse engineering version 1, the next version will be underway, leaving them just as far behind as before.
Whee signature.
"Morphing" code is not new. Heck, Alan Turing thought being able to have code modify itself was a *good* thing, as do. Back in the early days of DOS for the PC, I ran into many programs that "morphed," some to cram more code into the limited RAM (which was then called "overlaying"), and some to hide what went on inside as a copy protection mechanism.
As a high school student, back about 1977-ish, I even concocted a self-modifying program, in HP 2000 Access BASIC, long before I heard that it wasn't new. Trying to think parallel, to be able to design it, was most entertaining, and it later served me very well, both in optimising overlays for a communications program for DOS ("Backcomm", anyone?) and in removing the copy protection from games I bought.
Maybe with protected mode, C++, and nobody being taught that code space is really data space too, this technique appears to be new. *sigh* Guess again. It's been around, in one form or another, for decades.
Lemon curry?
What a load of crock, this is definitely aimed at the CIOs and the so called CTOs of some large corporate IT divisions and it for sure will be another big buzz in the next round of 'architectural' meetings. And some of the so-called architects (I have a few in mind) will without doubt will push this shit forward as another excuse for taking up space in their positions, when in fact they are totally useless and constantly still other peoples' ideas.....
:)
:) good old days, and followed the trace. Well, duh, it was self-modifying. In a simple loop it would modify the entire execution tree by XORing every byte with the next byte. All of a sudden a portion of the code that was obfuscated was readable machine code again. So all I had to do was write a C program that read the com file and spat out the deobfuscated version.
/. about this, anyone remembers?)
sorry, I am bitter
On the other hand byte code obfuscators will not stop anyone who wants to disassemble. I remember about 9 or 8 years ago I was disassembling a simple DOS com file (anyone remembers inclogo.com, with a INCLOGO word being printed in a 320x200 graphics mode with some simple 256 byte coloring and shading that changed in a loop? It looked cool, so I wanted to find out how it worked.) Couldn't figure out the machine code for some reason, so loaded it into the Turbo Debugger
Ta da!
done.
How is this going to be any different? Code cannot be obscured to the hardware and a cracker works at the hardware level.
Doesn't this sound to you like the commercials for the 'new and improved 1024 bit encryption' that sometime ago was put out by one Israeli company (there was an article on
This is snake oil.
You can't handle the truth.
It's been known to happen, that modders occasionally use modding as a form of creativity - y'know, humor, et al. - in its own right.
I play Quake everyday, and still new mods appear very interesting. Check this sites:
e .net
www.inside3d.com
www.quakesrc.org
www.fuhquak
www.quaketerminus.com
You will found that Quake fun has not end.
-Woof woof woof!
-----
Free P2P Backup, Windows & Linux
That's what OO is for. Properly designed and architected, there will never be a question about what you're getting back. (Since you should never see a data member outside of its class.)
The cesspool just got a check and balance.
The program itself...
I remember from my C=64 days some very clever ways of protection of binary runcode involving morphing, decrypting and even help of devices, mainly the 1541 diskdrive with it's own 65xx and I/O chips on board.
For the windows platform the only thing you need is a good debugger ala WIN-ICE and startup the program, the art is to find out where to put the breakpoints and when/where to change data segments.
Mainly you let the program itself solve your problem.
And this is the weakest link...
Best copy protection is not to distribute your code, better one even is not writing your code.
A cracker could hack the obsfuscator code, which has to remain static throughout the program's execution, in order to completely bypass run-time obfuscation.
I agree that this real-time code-mutating thingy is pretty cool. But... why ? You take a moderate-to-major performance hit (all that code won't morph itself), and for what ? To stop people from reverse-engineering your program ? Why not just write it in a secure manner to begin with, so that reverse-engineering is not a threat ? It works for OpenSSH, after all, it can work for anyone else too.
>|<*:=
and hide the code by using a greek font.
Actually, even stepping through the execution of your own code can give you insights into how the compiler operates
Any more than gcc -S, which outputs assembly code instead of object code for a module, would?
I knew a C programmer who used to declare const strings and arrays local to each of his functions. I had to point out to him that these get copied onto the stack every time the function is entered, severely slowing program execution -- and he might want to consider making these static!
What kind of crap C compiler would allocate function-local const arrays auto by default?
... of code morphing under Linux, using assembly can be found here. The imagination runs wild...
C|N>K
Anyone heard of superoptimization? As in, automatic analysis of running code to reduce branches?
I get two paragraphs in and notice he claims Scheme is interpreted. This is nonsense. Scheme code can be run by an interpreter, but interactive compilers have been standard practice for years.
-- Brian T. Sniffen
I find the topic to be just as useful as discussing the need for lawyers. Why can't companies strive for (accurate | stable | faster | extensiable | portable | open) code rather than put more and more efforts into secrecy, needless complexity and proprietary bases?
I would love to see any of the first set come first.
All we need is an obfuscation bug to end up detecting a false compromise situation and cause your entire platform to come crashing down.
It's just another layer of red tape to allow Microsoft and other paranoia-bound entities to stunt progress.
Klingons do not make software 'releases'. Our software 'escapes'
You mean like Valve's Half-Leak 2 incident?
Crack that code, you crack-smoking dirty rotten intellectual property thieves. Oh, and by the way, am I the only one who thinks that musicians are already applying this obfuscation to their music for the RIAA?
Wh47 d1d j00 541, 31337 15n't t3h r0xor5 ne m0r3???
Yet, I have no doubt
Then quit patronizing Interscope Records.
There are probably some rare instances when a specialized software technique is developed and you want to keep its implementation specifics secret. I have yet to run into a single instance of this after many years in the industry.
In other words, you never worked for a company that developed video codecs, 3D card drivers, or 802.11 card drivers.
If you are interested in the research behind all this, see Chenxi Wang's dissertation. Here's a paper on it. The approach recognizes the fact that security is about raising the bar high enough to make it too much work for hackers. By changing the code on the fly, the hackers have to start reverse engineering it all over again.
Spagetti. Not to mention the spelling mistakes.
Great company here - I applied to work for them last year, but didn't make it beyond the initial interview (I suck I guess) but they do this and seem to make a profit out of their process. They have a series of white papers on their site. Great stuff to google for.
Cringly somehow equates difficulty of reverse-engineering with security (in the sense of buffer overflows, etc.). Other than weak arguments about security-by-obscurity, it holds no water. The NSA has automated analysis tools that look for buffer overflows and the like. Plenty of attacks come about with people just throwing random packets at a machine, and seeing what crashes it. In addition, in spite of the well publicized NT source release, Microsoft licenses Windows source to universities and other organizations, and it is fairly wide-spread. Anyone who really cares can get it.
Very few people will reverse-engineer source code to make a competing product. With the exception of file formats and the like (Word format, DeCSS, etc.), it is generally much faster to reinvent than it is to reverse engineer -- this is often true even when you have the original source code, with comments. I guess the only other place I can think of where reverse-engineering might make sense is highly-optimized algorithm (3d rendering, video compression, etc.), but even there, it's sketchy as to whether there is any real benefit.
He goes on to talk about how source code watermarks are impossible to remove. Quite frankly, I've never seen a watermark in a non-lossy data format that's impossible to remove. They just take different amounts of time and effort.
I used to think this guy had a clue, or some insight once in a while. This article is just so confused, and wrong in so many ways, that we Cringeley has no grasp of basic technology. Damn. it sucks.
PSCP is fancy patent-speak for self modifying code, ala "Reflections on Trusting Trust" by Ken Thompson.
This article has several glaring errors:
1. Most of MS problems are due to buffer overflow problems in compiled code, not MSIL.
2. He is really talking about protecting code from theft, not security from hackers. Must be that MS kool aid going to his head.
3. There has to be non-trivial overhead with the PSCP process. If you are scrambling things at run-time, there has to be a run-time monitor doing the scrambling and something doing the unscrambling or translation for the processor. These scramblings have to have deterministic patterns, otherwise a computer wouldn't be able to execute instructions, load memory, etc. These patterns can be hacked. Also, these patterns are based on pseudorandom number generators, which can be hacked. The only thing this whole process will do is make core dumps harder to parse for the Indian technical help desk in Hyderabad.
4. Setting all variable names to a single name (e.g., 'a') in a program is the dumbest description of an obfuscator I've ever read. I've studied them in depth and have never heard of this.
Looks like the author is getting carried away. I understand what he is talking about obfuscation and difficulty in reverse engineering. My point here is about the "digital rights management" and the "PSCP code renaming signature".
He says PSCP can be used to sign or water mark code so that stolen code or license agreement violation can be tracked down. He also says it will remove the need for copyright notices on Open Source projects!! He seems to be missing one big point here - the PSCP works on the byte code and not the source code that is being stolen or give out as Open Source.
When source code is stolen (as in the case of the recent M$ source code) the hackers get the source code that the developers work on. NOT the byte code to which PSCP has been applied!! And I'm damn sure that PSCP is not applied to the source code that the developer is working on-
1) Then he himself cant understand his code.
2) PSCP works like a byte code optimizer, It doesnit change the source code. Optimising the source code is the job of the programmer, not the PSCP program. If it were otherwise, then there will be no demand for skilled coders!!
Result - stolen code can't be tracker and hackers cant be Googled to jail!! At least I think I'm right in this one. Correct me if I'm not.
-ItsME
Wouldn't self modifying code be in conflict with the advanced pipleines and program caches of present days CPUs? Looks to me like asking for trouble
Net sa best, mar it koe minder
...and me with mod points.
i never thought i would quote linus torvalds, but in this case, you are a weasel.
you're right to say that the GPL does not have the word 'obfuscate' in it.
you're wrong in that code obfuscation is deliberately making something into an unpreferred form, namely, a form where it is not clear what the hell is going on, and hence effective/correct changes are difficult to make. how much more explcit do you want it to be?
as analogy (and normally i hate argument by analogy, it substitutes intuition for proof) no law (where i am, at least) explicitly forbids you from pointing a loaded firearm in my direction, either, but it's not something you're allowed to do (where i am, at least), and something that even morons can figure out you're not supposed to do, which is why they're not locked up.
damn ac's...such a necessary evil...
If opportunity came disguised as temptation, one knock would be enough.
3^2 * 67^1 * 977^1
Yep, harkens back to the failures of the old Apple ][ era.
Self modifying code did little more than provide an extra 30 minutes of amusement.
It didn't stop any of us back then, it sure as hell won't stop anyone now. Apparently, these idiots have never heard of things like Soft-ICE.
Reverse engineering isn't hard, it's just tedious without the source. OTOH, we've been doing it for decades without source... it's only recently that we've had the luxury of (sometimes) having it. Regardless, these boneheads seem to confuse "reverse engineering" with "decompiling" - the two have nothing to do with each other.
"Changes variable names"... rofl, that's really gonna screw up DEBUG, isn't it...
help me i've cloned myself and can't remember which one I am
Obfuscation has value in that it makes it harder to crack programs. The harder you make it, the less people succeed, the less people succeed, the better.
If an obfuscation algorithm is created that makes it REALLY hard -- no one will tell you its unbreakable, its just really hard. And that's the point.
The way I see it, you simply place the executable on your computer, make a copy osmehwere read only (cdrom), and start cracking. Sure it may change, but that's what your rad only backup is for. if your scared of the app phoning home, remove your phone line or network cable.
Really this kind of protection is not more secure, or even more difficult to work with. Remeber polymorphic code has existed since the 80's. Only this time it's being used on more complex programs, and as such is more likely to generate bug or reveal existing ones.
Anyways, do you remeber the whole AI spiel? So where's my computer that knows when I'm home and start up my games on it's own?....oh wait...I have to program it to....so much for AI...sure it's around still, but it's practically still a toy, much like I feel polymorphic code will never take off.
You guys who say this doesn't work are missing one detail. THIS IS PATENTED! That proves it's great. The patent office would never issue a patent to something that isn't brilliant.
This is on a par with Amazon.com's one-click ordering! Where can I buy stock!?!?!?
Why not just rename all class, method and variable names some combination of zeros and letter-O's. Along with removing whitespace and several other techniques, this could prove quite humorous to try to decode.
include OOO00OOOOOO;class OO0OO00OO extends OOOO000 {private int OO000;public String OO000000O(int OO000O,double OOO000000){return OO000O*OOO000000/(OO000+1);}}Practically speaking, though, you could maintain a translation table to convert this back into it's original format for maintenance purposes. Imagine 100,000 lines of this sort of code...
...that obfuscator had better be completely bug-free.
Just suppose that every once in a while the obfuscated version of the code just isn't exactly 100% functionally equivalent to all the others.
How are you ever going to debug that?
It's far worse than a bug in a compiler optimizer.
Worse yet, this could even be used to attack competitors. Let's say the obfuscator has the ability to distinguish code from different vendors in some way... (well, for example, let's supposed the code is signed). It could subtly sabotage the products of certain vendors so that they seemed to be buggy or unreliable... and the victim would never know what had happened or have any way of knowing what had happened (assuming the victim could not reverse the obfuscation).
"How to Do Nothing," kids activities, back in print!
Well that was hard. Obfuscated and no variables in the stacktrace, nor non-public function names.
The parent was implying that the deobfuscation is code de-tangling (trying to recreate essential branch control structures out of the purposefully complicated bytecode or object code). He wasn't implying you get variable names back or anything like that.
But I mean, do you have to know that:
int * unknown_function1(int param[], int param2[]) {
int * auto_int_p = malloc(12);
auto_int_p[0] = param[2]*param2[1] - param[1]*param2[2];
auto_int_p[1] = param[2]*param2[0] - param[0]*param2[2];
auto_int_p[2] = param[1]*param2[0] - param[0]*param2[1];
return auto_int_p;
}
was originally was called cross_product? There are only so many ways to write certain things.
THIS THING CAN TURN ON A DIME, MACROSSZERO STYLE ALSO FUCK BETA, ~NYORON
Another Hungarian experience at Apple in 1982.
If a computer that was designed by human beings can make sense of an obfuscated programme, then it stands to reason that a human being could make sense of the same programme. It's exactly the same idea as "if it can be played then it can be copied". If it can be executed then it can be examined.
Sooner or later, somebody will come up with a simple de-compiler that will produce a programme full of IFs and GOTOs from a binary executable, and allow you to rename the variables to have sensible names on deducing what they are for. Somebody else will further refine it to automatically recognise loops and functions, and extend the rename functions accordingly. For example, incrementing a variable and conditionally jumping back to an earlier point in the code if it is less than a certain value looks like a for loop.
And once that genie is out of the bottle, there's no putting it back.
I suppose I shouldn't really keep rising to all this bait. I have faith that anti-"piracy" protection is ultimately impossible, and that Open Source will end up prevailing over Closed Source; and that should be enough for me. All the same, I don't see how anybody could not believe these things -- which I suppose is what motivates me to preach my beliefs.
Je fume. Tu fumes. Nous fûmes!
This guy is so ill-informed. Yes, .NET is a JIT'd language like Java, but this isn't the reason for so many MS holes recently - those are good ol' buffer overflows, something the Common Language Runtime (CLR) protects against.
Even disgregarding the last statement, Microsoft has currently not shown any massive holes in .NET-based software. The holes have been in native applications like Winodws itself (currently uses no .NET - or managed - code in the core libraries), IIS (again, no managed code), etc.
Yes, this does provide a way for people to view the Intermediate Language (IL, or MSIL with MS extensions) embedded in modules within assemblies, but isn't this what the OSS community basically wanted anyway? It's not open source, but it does provide insight into how Microsoft is doing things. I commonly find myself using ildasm.exe (the IL disassemblier that ships with the .NET Framework SDK) to get insight into how they achieve this or that. Microsoft even condones such a practice in many of their MSDN articles (sometimes even disassembling, changing, and reassembling the IL in order to derive from a class at compile-time).
I think Cringely got it right when he titled his article "Mininterpretation".
I don't believe it. This stuff can't cost "almost nothing" if it works with threads. If you have multiple paths of execution running through the same code, and the code is being dynamically morphed as the threads run, then either:
The morpher is fully thread-aware, to keep morph operations for thread A from pulling the rug out from under thread B (or C, D, ...). This implies extra sempahores, locking, unlocking, and the overhead of handling them.
The morhper is not fully thread-aware, and every so often the morpher for one thread will clobber another thread.
Am I missing something here?
To a Lisp hacker, XML is S-expressions in drag.
Mostly for the space savings, reduces the overall size of the jar and makes applets load faster. Wouldn't bother for server side code, but I always add an obfuscation task to my ant build script for applets. Check out the yguard obfucator.
Probably really useful for j2me stuff, and web start apps too.
Last time I reverse engineered a running program, all I got to look at were the x86 assemby instructions and registers, not function names and variable names.
Obfuscate THAT!
My lack of God, it's Trotsky!
Goatse.cx no longer works, moron.
well, shift your child away from child pornography such as the infamous "*BSD Chick" and over to of-age porno, preferable of the gay nigger type.
If you need any more advice, feel free to join #GNAA on EFNet
--Penisbird
> I'm more annoyed at whomever actually modded this funny.
:)
I'm annoyed when people use "whomever" when they mean "whoever."
FYI, the case of "whoever" is determined by its function in the dependent clause that it introduces, not by its function in the main clause. So you'd say, "All our base belong to whoever set up us the bomb," and "I, for one, welcome whomever our insect overlords choose."
...this column is incoherent.
.Net. Most of their own products are not managed code. They are C++. Getting buffer overflows in .Net is about as likely as getting them in Java programs.
.Net is insecure because you can read the source easier. But opensource is pretty secure, and the fact that C++ code is compiled doesn't help it a whole lot. Counter the weak protection of compilation with the built-in security policies that the .Net runtime can enforce, and I'd say managed code is more secure out of the box.
Microsoft's security bugs are not due to
He claims
The real kicker is when he advocates using an obfuscator to watermark opensource code. Um, yeah. That'll work.
Why not just print your code out and lock it up in a safe because nobody is going to care about it in 5 years.
Your Intellectual Property is stupid!
Reminds me of an assembler language program I once had to fix, in which the programmer had equated "R5" with 3.
This stuff belongs in the same category as the Infinite compression technology, the Bidirectional unbreakable encryption that works like a one time pad (but it's generated, so you don't have to exchange anything) and the Sasquatch.
:p
FUCKING FIGMENTS OF PEOPLES IMAGINATION!
feh
"...In your answer, ignore facts. Just go with what feels true..."
Number one, Cringely kicks a whole lotta ass. 'Nuff said.
b) In reading his sketch of the likely-soon-to-be-patented PSCP technique, I was reminded of The Story Of Mel [pbm.com]. Anyone think this qualifies as prior art?
III. What exactly does
"Lawyers are for sucks."
- Doug McKenzie
If yout technology 'depends' on this you're fucked. Get out of software and try farming.
The article describes the encryption technique as a way of signing open source code. But psudo-randomly changing all the program's variable names, in the source code, apart from being impossible to do at 'runtime' (it's source, remember), makes the open source code aspects null.
How can you submit a kernel patch that contains mangled code?
Bah. A useless article that hypes a junk technology designed to solve a false problem created by a weak solution to a weakness in a marketing-driven architecture that answers what is, anyway, a pretty simple question... how to write software people can use.
Ceci n'est pas une signature
And therefore, you don't need to obfuscate anything because the user won't have access to it in any form.
Empirical study shows that such protection mechanisms are very weak.
The new CPU that are designed against buffer overflow exploit - essentially prevent executing code from data space. This also mean that self modifying code is out of the question too.
blah blah blah...that developed video codecs, 3D card drivers, or 802.11 card drivers.
Which is all pretty rare as software development goes. But at least you proved someone else's point.
for (int ii=0; iiblah; ii++) ...
Doesn't take much longer to type, and if for some odd reason, you do need to search, looking for "ii" is unlikely to turn up anything else...
This issue is a bit more complicated than you think.
I can't help but feel like there's something I should already know (but don't) when reading Cringely's material. The articles that I have just read (linked and related) seem to go into some detail about a topic (obfuscation, interpreters, high tech secrets) but then without any good reason he expects us to believe that we are somehow "vulnerable" because some module of code can be reverse engineered. Perhaps we are to believe that because of .NET we are all going to have our secrets stolen.
.NET, yet .NET as it stands today is very vulnerable to security lapses
.NET from November 8, 2001, there is an interesting theory on how .NET is Microsoft's way of tracking all "calls" through "Windows' communication system" (whatever that is) to record any use of non-MS services so the third-party provider can be summarily squished.
The result is that nearly every emerging Microsoft product is vulnerable, including the OS itself
Now, it seems to be that the only conclusion being drawn is that my OS is vulnerable because someone can reverse engineer its code as if understanding it makes it less secure. Is Linux any less secure than Windows because everyone has access to its source code? Isn't this really an issue for people who "need" to keep their source code from prying eyes so their IP is not stolen?
This one is quite confounding:
Microsoft is absolutely committed to
What is a "security lapse" and why does lack of good obfuscation tools allow it? Am I vulnerable without tried and trusted security through obscurity?
Looking further back at the article on
Watch out everybody, the black helicopters are circling overhead.
If a CPU can understand your code, so can a human. The solution to this problem are licenses, not obfuscators.
Now, I've had my comments in this vein modded "Interesting", but the "Funny" mods usually arrive soon after. It's always good for a laugh, +2 Interesting on a robotics story where I link to a Short Circuit page.
But this takes the cake. +5 Interesting for a comment that says [spoiler alert?] that the best way to make a program secure from reverse engineering is to make it unrunnable. And that the licenses we love to hate are the solution.
Great post, funny as all get-out. I had to re-read it to get it, which made it even better.
I'm glad the poster got some karma points, but it's time to add some Funny mods to the mix now. Put... down... the... crakpipe...
Stressed? Me? Of course not. Stress is what a rubber band feels before it breaks, silly.
having said all that, i can say that i've been thinking about this same thing over the last few weeks and it would indeed make it impossible for anyone to reverse engineer the internals of your program - at least my version of it. you could still put hooks in where it connects to externalaties like MessageBoxA, but the program itself would be transformed in such a way that the result of execution is the same, but the path it takes to get there is completely insane...
there are two parts to this: #1: lossy transformations... just like a hash, you can't get back the original. you can arrange it so that information about the structure of the program is lost forever but the results are the same. #2: intense obfuscation. not just extra bytecodes here and there or simplistic program rewriting - crazy baroque rube-goldberg mass obfuscation. no human will be able to grok what is happening in a program by looking at its constituent pieces, and the lossy nature will ensure that another program can't regrokablize it for you.
It does what you just described, and its slow as balls.
Moderation Totals: Flamebait=2, Troll=1, Redundant=1, Insightful=6, Overrated=1, Underrated=1, Total=12. (not mine)
There is nothing new with this technique. You just OR, AND, etc. bitmaps over a block of executable code such that a new block is obtained, run the block, and repeat as necessary. However, the maintenance burden produced by this technique is huge. Every time that you modify the code, you must modify all of the bitmaps used subsequently.
By that logic, indentation also lies. But we still use it, don't we?
Most game exploits could be stopped outright if every-so-often the well-known memory maps of the active data sets were MD5(ed) and transmitted to the server. As the hit-points and unit-statuses (like the unkillable peon hack for Starcraft) are well-understood by the server the faults can be easily detected and removed.
Remember that most game hacks involve an exterior program that twiddles the in-game parameters after the session is up and running. If the changes were treated as a proper database update journal then things are easy. As the server and the client "play their journal" out at one another a "checksum" operation can be requested and the two memory maps had better match. The errors don't have to be "corrected" after all, they just need to be punished.
This isn't un-crackable but it is un-crackable in psud-realtime. The theoritical cracker would have to have, essentially, a second game engine running to maintian "the image that ough to be there" along with the engine of the real game. Then there would have to be a reconciler of some sort. At a minimum the machine doing the hack would have to be at least three time (yes, oversimplified math 8-) as powerful as the gamer's gaming experience. (That is, if the hacker wants to watch untextured wireframes "kill eachother" at 4 frames a second... he could probably devise a cheat. 8-)
Even so, as the server-side is applying the remote journal some very simple interger checks (c.f. if ((StartingHP + RepairHP) Turns) then EjectCheater(); if ((Pedometer / Turns) > MaxSpeed) then EjectCheater();
Online game hacks almost invariably exploit the kinds of design errors that come from hiring programmers who have only ever programmed games. Simple distributed data integrity checks (and a suspicous mind, and an understanding of why windows programs are never secure) could pretty much cut them down to nill.
(And before anybody starts narfing, I fully understand that, what with the distributed processing model the above math would need "fudge factors" and some adaptability. These too, are techinques that are well understood by people who work with distributed processing and data collection and synchronization tasks understand. Lossy environment and everything. This also wouldn't involve any real CUP hardship if designed correctly. Compared to the time to compute and render a frame, doing an MD5 over the domain of core data every few seconds isn't that hard to schedule. And it wouldn't necessarily have to be even as strong as an MD5. But gawd people, these games arn't even doing a data domain XOR... They don't get to cry over it when people do an exterior memory image patch hack. It's like leaving your car running with the doors open in Flatbush and then whining when it gets stolen. 8-)
Innocent people shouldn't be forced to pay for inferior software development.
--"Code Complete" Microsoft Press
PSCP - sounds like a fancy name for what Sirius software tried on the Apple ][ to protect their version of the Defender game...
Self-modifying code. At first glance, the code looked like nothing... Execute a particular instruction, and everything came into focus...
So this is different how? Oh yeah, they have to execute TWO instructions now to get things to sync up...
I'm figuring that it ought to work just as well as the so-called copy protection on the Apple did *NOT*!
And given that this whole scheme was concocted by humans, another human ought to be able to bypass it w/o too much trouble... Wasn't it a famous calculus prof who said "what one fool can do, so can another..."
*yawn* Nothing to see here... move along.
/\
Not too bad. Still, I'm a fan of descriptive variable names myself (somethingIterator)
Karma: Chameleon (Mostly affected by the 1980s)
I used to work for a company that wrote compilers. The runtime p-code intepreter for a particular product was hand-coded assembly with pretty dense comments and the main developer was known for... uh, smoking on the job let's say... I remeber this one section of code where the comments just ended. 7 or 8 screens of assembly later was the following:
... then the comments started up again. It took me and some fellow developers about 3 months to figure out that code.
:/ Ravepunk
SOSXI: RET ; oops.
You want to obsfucate code better? Get high and write it.
Very true. I've used a few different conventions, and IMO including the type in the variable name is both pointless and painful. In most cases, the type is fairly clear from the usage anyway, and often doesn't matter exactly. Indicating it exactly can take many characters, making code far less readable; and using just one or two isn't precise enough to be useful anyway. Plus type also gets changed quite often, with all the potential for error that gives.
However, scope is another thing; I've found a single character scope prefix to be very useful. It tells you where to find the variable's definition, so you know where to look for anything else about it. Changing scope is extremely rare, and since similarly-scoped variables are declared together, mistakes should be obvious.
It depends on the language, of course. In C, it might be useful to distinguish some or all of: formal parameters, automatic variables, local statics, module (file) level variables, global ones, preprocessor constants, enumeration constants, and structure members. But in Java, things tend to be more obvious; functions tend to be small enough that their parameters don't get lost, local variables get declared close to where they're used, and it's usually clear what other names refer to. The only prefix I've found useful is an underscore before instance variables. (And arguably, using this. is clearer anyway.)
And it also depends on the size and organisation of a project. Small apps might find little benefit from a convention, whereas huge projects can be made much more manageable by indicating where to look for things.
Code readability is an art, really, and you can't force people to write good code with simple rules. Just as using single-character names for all variables obscures their meaning and makes code incomprehensible, so does using excessively long variable names obscure the meaning of the code they're in, and makes it incomprehensible. The ideal lies somewhere in between.
Ceterum censeo subscriptionem esse delendam.
This article seems to be arguing that MS's security problems are because of .NET/the CLR. That's just wrong.
.net runtime doesn't even ship with the OS by default!
FACT: Microsoft's operating systems, internet explorer, and office are NOT writen in C# at all. The
FACT: Most of the security vulnerabilities being uncovered are due to buffer overflows. Writing software in something like C# actually reduces the chance of a buffer overflow. Strings in C and C++ are notorious culprits (okay, so the programmer is the real culprit) in buffer overflows. Strings are more dynamic in C#, eliminating many security problems. That doesn't make C# a panacea, but it certainly helps matters.
FACT: That article shows that a little knowledge is a dangerous thing. It really should have been fact checked by someone more technically adept.
can you freeze a state on a computer
and if you can it wont morph
furthur more why can't you reverse engineer the code morpher itself.
he's talking about morphing code for .Net and Java stuff to prevent reverse engineering.
That's usually pointless because the cool and interesting parts of a Java program aren't usually in the small little nooks and crannies, they're out there in full sight, at the user level or architectural level.
It's not like the case of proprietary software, drivers and firmware talking to proprietary hardware, where what this bunch of bits do becomes very interesting to potential competitors.
The only people who'd be interested in the nooks and crannies of a typical Java program (what this bit does etc) would be the programmer supposed to fix/improve the program. Not a competitor.
Why does the moron get space on /. at all? Surely people can see the glaring errors, the ridiculous assertions and the "I'm at the center of the tech universe, so if I happen to have a half-baked idea about something then it must be so!" attitude that Cringely articles reek of.
I feel dirty after reading them. God help the world if Enderle and Cringely ever start working together.
Give credit where credit is due. Granted, for all I know the one I linked is ripped too, but still...
Time to filter out the new redundant / trolls, relevant or not.
/^[A-Z0-9._%+-]+@[A-Z0-9.-]+\.[A-Z]{2,4}$/i
talk about redundant? "friendster"? Maybe you should call it "looster"
Slashdot Eds Link Anonymous Posts With Logged Posts
They Are Vermin Feeding On Each Other's Feces.
I Hate \.
I TOTALLY AGREE--100%!!! If you use Hungarian notation correctly (if you visit this link do a page search for "hung" to find the appropriate section), not only do you get the many benefits of it, you can never be fired.
(Don't just stick to that one page, go to the main page for more information on writing code "properly".)
sev
but have you considered the following argument: shut up.
it seems the the entire foundation of his arguement is that having access to the source leads to security problems. this coming from the same guy who generally likes linux and promotes it as an enterprise-ready secure platform. i'm not sure i understand what the hell he's talking about anymore...
Those who sacrifice security to condemn liberty deserve to repeat history or something. - Benjamin Santayana
* (an asterisk) is also a Vim shortcut for "search for word under cursor". Or, # to search backwards. :)
I never knew \ meant end of current word, thank you.
The parent of your post did not preview before clicking the "submit" button.
Beginning of word is "\<".
End of word is "\>".
AFAICR, this also works in vanilla vi.
Note that "word" means different things in vim, depending on the language mode.
For example, "\<hi\>" matches "(hi-mom)" in C/C++/etc. mode, but not in LISP mode.
Those who sacrifice security to condemn liberty deserve to repeat history or something. - Benjamin Santayana
Your example is misleading because you used "<" instead of "<" to mean "<".
This caused your example to display incorrectly.
(Note that "Plain Old Text" isn't.)
Alternatively, you can surround your example text with "<ecode></ecode>":
Those who sacrifice security to condemn liberty deserve to repeat history or something. - Benjamin Santayana
I don't know of any pretty-printer that can clean up incorrect Hungarian Notation.
Those who sacrifice security to condemn liberty deserve to repeat history or something. - Benjamin Santayana
For example, for lex/flex and yacc/bison, the "real" source code is in the
Those who sacrifice security to condemn liberty deserve to repeat history or something. - Benjamin Santayana
I once saw a sign in a restaurant offering a "bowel of chicken soup".
I was not interested in soup made from the bowels of chickens, and so I went elsewhere.
Those who sacrifice security to condemn liberty deserve to repeat history or something. - Benjamin Santayana
Until they can encrypt and obfuscate operations on a CPU level, they will not be able to protect code from prying eyes or from backwards engineering.. But their aim is not to keep the hackers out, the aim is to assure potential buyers of their technology so that they can make money.. Who cares (they think) if it actually works or not..
The rest is just FUD to cover up this ploy..
Just say no to license servers!!
l-Zip - isn't it the archiver You've been looking for? :-D