Obsfucation of code in commercial product

116 views Asked by At

Yesterday, my manager asked me to find and remove all references to 'previous incarnation of company' that appear in the binaries we produce for a product that we're launching in a few weeks. This got me wondering why, in a compiled stand-alone binary, there's so much human-readable content, and whether there's a simple way to obsfucate it so that the program's internals aren't hanging out in the open, so to speak (at least to anyone who opens it with a text editor or greps the file contents). Here are some examples of what I mean:

"WGL_3DFX_multisample               À       @      ð>Unknown OpenGL error
   GL_INVALID_FRAMEBUFFER_OPERATION"

" Unable to close due to unfinalised statements not an error SQL logic error or missing database access permission denied callback requested query abort database is locked database table is locked out of memory attempt to write a readonly database interrupted disk I/O error database disk image is malformed database or disk is full unable to open database file table contains no data database schema has changed String or BLOB exceeded size limit constraint failed datatype mismatch"

"flowChartDelay  flowChartDisplay    flowChartDocument   flowChartExtract    flowChartInputOutput    flowChartInternalStorage    flowChartMagneticDisk"

The majority of the file is human incomprehensible stuff like this, which is more what I'd expect from a binary:

"âÀÿ? ‰•þÿÿÇ…”þÿÿ    ë‹…”þÿÿƒÀ‰…”þÿÿ‹”þÿÿ;Mà}`‹U‹‚¨  ‹”þÿÿ¶ƒúuF‹E‹ˆ°  ‹•”þÿÿ·Q¯…ŒþÿÿÁ艅Œþÿÿ‹M"

I figured out I could simply do a search and replace for 'string that we don't want' and replace it with random text of the same length and the program would run fine, which is possibly easier than making 500 edits to our source to bring it up to date with the current status of the company as a legal entity (there are a tonne of functions called name_of_previous_company_foo()), and also easier than trying to integrate some exotic obfuscation utility into our complex and propritary build system, but it's not an especially elegant solution, and I'd still like to know if there's a way to make our binaries into something more like a black box, where someone can't just open it with a text editor and see our function and class names.

1

There are 1 answers

0
Ira Baxter On

People build source code obfuscator tools for "commercial software" that can scramble strings and identifiers so they aren't easily read out of the binary, but are still usuable as the strings they intend to be.

Such obfuscators tend to be language specific, because they have to handle the fine detail of the language structure.

Google "Source Code Obfuscators" and you'll find many.