D code obfuscator

DigitalDesigns DigitalDesigns at gmail.com
Thu Jun 14 10:39:19 UTC 2018


On Thursday, 14 June 2018 at 08:54:16 UTC, Shachar Shemesh wrote:
> On 14/06/18 08:21, DigitalDesigns wrote:
>> On Thursday, 14 June 2018 at 02:13:58 UTC, Shachar Shemesh 
>> wrote:
>>> With that said, what you're trying to achieve is probably not 
>>> a good idea anyways. With very few exceptions(1), 
>>> reverse-engineering code to figure out what it does is not 
>>> considerably more difficult than using the source, even when 
>>> none of the identifiers leak at all. Certain aspects of 
>>> creating attacks are even easier with good rev-eng tools than 
>>> in source form.
>>>
>>> Shachar
>> 
>> 
>> Just one question! Are you kidding me?
>
> First of all, run your program under strace. For a surprising 
> percentage of the programs that should give you a fairly good 
> idea of what the program is doing. ltrace goes further, but it 
> can be easily defeated by statically linking, so probably 
> irrelevant for our current discussion.
>
> Next, try loading your program in Ida Pro 
> (https://www.hex-rays.com/products/ida/index.shtml). You will 
> notice that program flow practically jumps out at you with no 
> further work on your part.
>
> Other tricks require a little more knowledge, but are still 
> exceedingly effective.
>
> In a demonstration I saw in 2002, Halvar Flake showed how he 
> uses Ida to graph the branches, and then use a tool he built to 
> place breakpoints on the branch points. Next he started feeding 
> inputs to the program, and colored the graph where the input 
> sent the code. He used that to find the correct input that 
> would bring the code path to the line he thought might be 
> vulnerable.
>
> If I had to do this trick today for *my own* programs, I'd 
> still use Ida and the compiled code.
>
> So, no, I was not kidding. Not even close.
>
> Shachar

Wait? Are you sure you are not kidding? Do you want another shot?


More information about the Digitalmars-d mailing list