A Taxonomy of Obfuscating Transformations

Christian Collberg, Clark Thomborson, Douglas Low

Department of Computer Sciences
The University of Auckland
Private Bag 92019
Auckland, New Zealand.
{collberg,cthombor,dlow001}@cs.auckland.ac.nz

Abstract

It has become more and more common to distribute software in forms that retain most or all of the information present in the original source code. An important example is Java bytecode. Since such codes are easy to decompile, they increase the risk of malicious reverse engineering attacks.

In this paper we review several techniques for technical protection of software secrets. We will argue that automatic code obfuscation is currently the most viable method for preventing reverse engineering. We then describe the design of a code obfuscator, a tool which converts a program into an equivalent one that is more difficult to understand and reverse engineer.

The obfuscator is based on the application of code transformations, in many cases similar to those used by compiler optimizers. We describe a large number of such transformations, classify them, and evaluate them with respect to their potency (To what degree is a human reader confused?), resilience (How well are automatic deobfuscation attacks resisted?), and cost (How much overhead is added to the application?).

We finally discuss some possible deobfuscation techniques (such as program slicing) and possible counter-measures an obfuscator could employ against them.

	Gzipped Postscript
Article	A4	LETTER	(232k)
	Postscript
Article	A4	LETTER	(917k)
	PDF
Article	A4	LETTER	(600k)
	Gifs
Article	[p1] [p2] [p3] [p4] [p5] [p6] [p7]		(7*20k)
	[p8] [p9] [p10] [p11] [p12] [p13] [p14]		(7*20k)
	[p15] [p16] [p17] [p18] [p19] [p20] [p21]		(7*20k)
	[p22] [p23] [p24] [p25] [p26] [p27] [p28]		(7*20k)
	[p29] [p30] [p31] [p32] [p33] [p34] [p35]		(7*20k)
	[p36]		(1*20k)
	ASCII Text
The BibTeX entry	BibTeX.bib		(2k)

Back to Collberg's Research Page
Back to Collberg's Home Page