D code obfuscator

Thu Jun 14 02:13:58 UTC 2018

On 14/06/18 03:01, DigitalDesigns wrote:
> Is there an obfuscator for D that at least renames identifiers? This is 
> because sometimes they leak from various processes and could be 
> potential sources of attack.
> 
> It would be a tool that probably just replaces their values with, say 
> their hash + something else and done pre release build. Ideally it would 
> be able to compile with dmd and all in memory or use temp storage 
> without file issues. It can't modify the code directly because then that 
> would be permanent.
> 

I highly doubt it.

You see, with introspection and run-time execution, writing such a tool 
is equivalent to solving the halting problem. You simply do not know 
what you're affecting.

There are some cases where you might know at x% certainty that it's okay 
to rename. Someone might do a best-effort based tool. I'm not aware of one.

With that said, what you're trying to achieve is probably not a good 
idea anyways. With very few exceptions(1), reverse-engineering code to 
figure out what it does is not considerably more difficult than using 
the source, even when none of the identifiers leak at all. Certain 
aspects of creating attacks are even easier with good rev-eng tools than 
in source form.

Shachar

1- One notable exception is complex algorithmic code. I will point out 
that those are difficult to figure out from source code too, and it 
usually takes very good documentation to be able to do so, so even there 
I'm not sure my original statement doesn't hold.