Stable Program Security - Program Security And Code Obfuscation

By Author: Jose Sogiros
Total Articles: 5
Comment this article

Software vulnerabilities and intellectual property thievery with full risk for revenue losings are among the most problematic dangers facing companies today. Countless different safety resolutions have been offered, some offering a relatively powerful protection, unfortunately frequently at the toll of modest applicability due necessity to modifications in the program distribution model, or to the 's hardware. However, code obfuscation can offer a certain level of security in these places.

To prohibit material admission to the application through employment of a client-server model is a workable means to forbid piracy. This kind of sheltering is pretty strong, regrettably, it establishes performance decreases because of latency and otherwise distinctive network limitations. Code crypting is also a logical possibility in program protection. Yet, also this scheme leaves doors wide open except if all cryption is totally done in hardware. And since specialised computer hardware limits the portability of software, a different scheme - named code obfuscation - is often believed as the stronger answer.

Remark that program ...
... reverse code engineering (RCE) or reverse engineering is not always evil. It implies as well the lawful analysing of binary programs without having the source code. Reasons for reverse engineering are different. One of its most important services is to reverse engineer vicious pc products like addware and spyware, but as well computer viruses, worms and trojans. Reverse engineering is as well applied when the documentation of a certain software or hardware has been destroyed - or was never published - whilst the person who published it is no longer available. Oftentimes, the only path to embed or examine working into new methods is reverse engineering an existent hardware and then re-design it. There is as well product analysis to examine how a product processes inside, what components it consists of, even debugging is a variant of reverse engineering. There is as well security inspecting like in the antivirus program industry where there is scarcely employed something different than reverse engineering.

Legitimate reverse code engineering has generally been performed on Windows programs, but at this moment, it exists an augmentative demand for all practiced reversers too. Thus, the term reversing has a plural significance as reversing can be a good and lawful affair too! On the other hand, the term cracking about always has the significance of something outlawed, of a misleading process. Apparently, in this writing, the term reverse engineering is looked at in the circumstance of the abusive significance of the term.

Code obfuscation is difficult to define: it is not encoding nor is it scrambling of code. In fact, code obfuscation is generating code which is still perfectly executable but is very difficult for humans to visualise. From a pc's point of view, the scheme resembles a translation, or just fabricating code in a very different way, without changing the actual working of the program.

There is a small cost to make up for the gain in security though as the obfuscated application gets moderately slower and bigger. It is a trade-off between the program executing taking more space and time and additional protection measures .

In general, there are three varieties of code obfuscation. There is source code obfuscation and bytecode obfuscation, which are normally practiced on dotnet or Java. At last, there is also binary code obfuscation, which is normally practiced on native compiled binaries.

Java and dotnet obfuscation techniques attained a much more frequent usage due to an increasing use of Java and dotnet decompilers. Obfuscating code and its valued secrets, became a necessity given the easiness to decompile into source code from Java and dotnet software. Code obfuscation is currently among the securest systems for guarding Java and dotnet against hacking.

Till now, we discussed primarily source code obfuscation techniques, which are relatively simple to apply.
Binary code obfuscation techniques transform code at binary stage, therefore in the compiled executable. It makes disassembling, debugging and decompiling of a distributed program extremely tricky. Still, by adding unnecessary and/or complicated procedures and extra code, the executing time of the program is elevated. Binary code obfuscation is commonly limited - for this ground - to 'sensitive sections' of a program only. Only, what computer programmers can employ, could also be utilised by pirates and it is frequently exploited to hide the actual function of all varieties of malware. Besides, spammers obfuscate their scripts to cover the destination of links since they have long realised too that obfuscating code is keen in hiding tricks, scripting attacks and web browser exploits. Malevolent software is commonly coded in assembler. It is done to obtain maximum control. Therefore, security analysts must study a software at assembler and/or binary code level. It is quite a problem to battle through and against such obfuscated code.

Check out other coercive info about anti piracy tools. In addition to authorship, computer application protection is author Jose Sogiros' cardinal domain of interest.