|
reorganize article
|
Reverted 1 edit by 46.56.171.43 (talk): Stray character
|
||
| (16 intermediate revisions by 13 users not shown) | |||
| Line 3: | Line 3: | ||
{{short description|Deliberate creation of difficult-to-understand code}} |
{{short description|Deliberate creation of difficult-to-understand code}} |
||
{{Use mdy dates|date = March 2019}} |
{{Use mdy dates|date = March 2019}} |
||
| ⚫ | |||
In [[software development]], '''obfuscation''' is the act of creating [[source code|source]] or [[machine code]] that is difficult for humans or computers to understand. Like [[obfuscation]] in [[natural language]], it may use needlessly roundabout expressions to compose statements. Programmers may deliberately obfuscate code to conceal its purpose ([[security through obscurity]]) or its logic or implicit values embedded in it, primarily, in order to prevent tampering, deter [[reverse engineering]], or even to create a [[puzzle]] or recreational challenge for someone reading the source code. This can be done manually or by using an automated tool, the latter being the preferred technique in industry.<ref>{{Cite web|url=https://searchsoftwarequality.techtarget.com/definition/obfuscation|title=What is obfuscation (obfu)? - Definition from WhatIs.com|website=SearchSoftwareQuality|language=en|access-date=2019-02-01}}</ref> |
In [[software development]], '''obfuscation''' is the act of creating [[source code|source]] or [[machine code]] that is difficult for humans or computers to understand. Like [[obfuscation]] in [[natural language]], it may use needlessly roundabout expressions to compose statements. Programmers may deliberately obfuscate code to conceal its purpose ([[security through obscurity]]) or its logic or implicit values embedded in it, primarily, in order to prevent tampering, deter [[reverse engineering]], or even to create a [[puzzle]] or recreational challenge for someone reading the source code. This can be done manually or by using an automated tool, the latter being the preferred technique in industry.<ref>{{Cite web|url=https://searchsoftwarequality.techtarget.com/definition/obfuscation|title=What is obfuscation (obfu)? - Definition from WhatIs.com|website=SearchSoftwareQuality|language=en|access-date=2019-02-01}}</ref> |
||
| Line 25: | Line 23: | ||
A variety of tools exist to perform or assist with code obfuscation. These include experimental research tools created by academics, hobbyist tools, commercial products written by professionals, and [[open-source software]]. Deobfuscation tools also exist that attempt to perform the reverse transformation. |
A variety of tools exist to perform or assist with code obfuscation. These include experimental research tools created by academics, hobbyist tools, commercial products written by professionals, and [[open-source software]]. Deobfuscation tools also exist that attempt to perform the reverse transformation. |
||
Although the majority of commercial obfuscation solutions work by transforming either program source code, or platform-independent bytecode as used by Java and .NET, there are also some that work directly on compiled binaries. |
Although the majority of commercial obfuscation solutions work by transforming either program source code, or platform-independent bytecode as used by [[Java (programming language)|Java]] and [[.NET]], there are also some that work directly on compiled binaries. |
||
*Some [[Python (programming language)|Python]] examples can be found in the [https://docs.python.org/3/faq/programming.html#is-it-possible-to-write-obfuscated-one-liners-in-python official Python programming FAQ] and elsewhere.<ref>{{cite web |author=Ben Kurtovic |title=Obfuscating "Hello world!" |url=https://benkurtovic.com/2014/06/01/obfuscating-hello-world.html |website=benkurtovic.com}}</ref><ref>{{cite web |date= |title=Obfuscated Python |url=http://wiki.c2.com/?ObfuscatedPython |website=wiki.c2.com}}</ref><ref>{{cite web |title=The First Annual Obfuscated Python Content |url=https://code.activestate.com/lists/python-list/16171/ |website=code.activestate.com}}</ref> |
*Some [[Python (programming language)|Python]] examples can be found in the [https://docs.python.org/3/faq/programming.html#is-it-possible-to-write-obfuscated-one-liners-in-python official Python programming FAQ] and elsewhere.<ref>{{cite web |author=Ben Kurtovic |title=Obfuscating "Hello world!" |url=https://benkurtovic.com/2014/06/01/obfuscating-hello-world.html |website=benkurtovic.com}}</ref><ref>{{cite web |date= |title=Obfuscated Python |url=http://wiki.c2.com/?ObfuscatedPython |website=wiki.c2.com}}</ref><ref>{{cite web |title=The First Annual Obfuscated Python Content |url=https://code.activestate.com/lists/python-list/16171/ |website=code.activestate.com}}</ref> |
||
* The ''movfuscator'' [[C (programming language)|C]] [[compiler]] for the [[X86|x86_32 ISA]] uses only the [[X86 instruction listings|''mov'']] instruction in order to obfuscate.<ref>{{Citation |last=domas |title=xoreaxeaxeax/movfuscator |date=2022-11-03 |url=https://github.com/xoreaxeaxeax/movfuscator |access-date=2022-11-05}}</ref><ref>{{Citation |title=Break Me00 The MoVfuscator Turning mov into a soul crushing RE nightmare Christopher Domas |url=https://www.youtube.com/watch?v=R7EEoWg6Ekk |access-date=2022-11-05 |language=en}}</ref> |
* The ''movfuscator'' [[C (programming language)|C]] [[compiler]] for the [[X86|x86_32 ISA]] uses only the [[X86 instruction listings|''mov'']] instruction in order to obfuscate.<ref>{{Citation |last=domas |title=xoreaxeaxeax/movfuscator |date=2022-11-03 |url=https://github.com/xoreaxeaxeax/movfuscator |access-date=2022-11-05}}</ref><ref>{{Citation |title=Break Me00 The MoVfuscator Turning mov into a soul crushing RE nightmare Christopher Domas |url=https://www.youtube.com/watch?v=R7EEoWg6Ekk |access-date=2022-11-05 |language=en}}</ref><ref>{{cite web |url=https://hackaday.com/2021/05/21/one-instruction-to-rule-them-all-c-compiler-emits-only-mov/ |title=One Instruction To Rule Them All: C Compiler Emits Only MOV |last=Williams |first=Al |publisher=[[Hackaday]] |date=2021-03-21 |accessdate=2023-10-23 }}</ref> |
||
=== Recreational === |
=== Recreational === |
||
| Line 44: | Line 42: | ||
* It adds time and complexity to the build process for the developers. |
* It adds time and complexity to the build process for the developers. |
||
* It can make debugging issues after the software has been obfuscated extremely difficult. |
* It can make debugging issues after the software has been obfuscated extremely difficult. |
||
* Once code |
* Once code is no longer maintained, hobbyists may want to maintain the program, add mods, or understand it better. Obfuscation makes it hard for end users to do useful things with the code. |
||
* Certain kinds of obfuscation (i.e. code that isn't just a local binary and downloads mini binaries from a web server as needed) can degrade performance and/or require Internet. |
* Certain kinds of obfuscation (i.e. code that isn't just a local binary and downloads mini binaries from a web server as needed) can degrade performance and/or require Internet. |
||
| Line 56: | Line 54: | ||
== Decompilers == |
== Decompilers == |
||
A [[decompiler]] can reverse-engineer source code from an executable or library. Decompilation is sometimes called a man- |
A [[decompiler]] can reverse-engineer source code from an executable or library. Decompilation is sometimes called a man-in-the-end (mite) attack, based on the traditional cryptographic attack known as "[[Man-in-the-middle attack|man-in-the-middle]]". It puts source code in the hands of the user, although this source code is often difficult to read. The source code is likely to have random function and variable names, incorrect variable types, and use different logic than the original source code (due to compiler optimizations). |
||
== Model obfuscation == |
|||
'''Model obfuscation''' is a technique to hide the internal structure of a [[machine learning]] model.<ref>{{cite journal |last1=Zhou |first1=Mingyi |last2=Gao |first2=Xiang |last3=Wu |first3=Jing |last4=Grundy |first4=John C. |last5=Chen |first5=Xiao |last6=Chen |first6=Chunyang |last7=Li |first7=Li |title=Model Obfuscation for Securing Deployed Neural Networks |date=2023 |url=https://openreview.net/forum?id=ib482K6HQod |language=en}}</ref> Obfuscation turns a model into a black box. It is contrary to [[explainable AI]]. Obfuscation models can also be applied to training data before feeding it into the model to add random noise. This hides sensitive information about the properties of individual and groups of samples.<ref>{{cite arXiv|last1=Zhang |first1=Tianwei |title=Privacy-preserving Machine Learning through Data Obfuscation |date=2018-07-12 |eprint=1807.01860 |last2=He |first2=Zecheng |last3=Lee |first3=Ruby B.|class=cs.CR }}</ref> |
|||
==See also== |
==See also== |
||
| Line 62: | Line 64: | ||
* [[AARD code]] |
* [[AARD code]] |
||
* [[Spaghetti code]] |
* [[Spaghetti code]] |
||
* [[Write-only language]] |
|||
* [[Decompilation]] |
* [[Decompilation]] |
||
* [[Esoteric programming language]] |
* [[Esoteric programming language]] |
||
| Line 104: | Line 105: | ||
*[[c2:BlackBoxComputation]] |
*[[c2:BlackBoxComputation]] |
||
| ⚫ | |||
{{DEFAULTSORT:Obfuscated Code}} |
{{DEFAULTSORT:Obfuscated Code}} |
||
[[Category:Software obfuscation| ]] |
[[Category:Software obfuscation| ]] |
||
[[Category:Articles with example C code]] |
|||
[[Category:Source code]] |
[[Category:Source code]] |
||
[[Category:Program transformation]] |
[[Category:Program transformation]] |
||
Insoftware development, obfuscation is the act of creating sourceormachine code that is difficult for humans or computers to understand. Like obfuscationinnatural language, it may use needlessly roundabout expressions to compose statements. Programmers may deliberately obfuscate code to conceal its purpose (security through obscurity) or its logic or implicit values embedded in it, primarily, in order to prevent tampering, deter reverse engineering, or even to create a puzzle or recreational challenge for someone reading the source code. This can be done manually or by using an automated tool, the latter being the preferred technique in industry.[1]
The architecture and characteristics of some languages may make them easier to obfuscate than others.[2][3] C,[4] C++,[5][6] and the Perl programming language[7] are some examples of languages easy to obfuscate. Haskell is also quite obfuscatable[8] despite being quite different in structure.
The properties that make a language obfuscatable are not immediately obvious.
![[icon]](https://akarinohon.com/text/taketori.cgi/en.wikipedia.org/wiki/File:Wiki_letter_w_cropped.svg){kind=small} |
This section needs expansion with: explaining more obfuscation techniques in general. You can help by adding to it. (March 2023)
|
Types of obfuscations include simple keyword substitution, use or non-use of whitespace to create artistic effects, and self-generating or heavily compressed programs.
According to Nick Montfort, techniques may include:
A variety of tools exist to perform or assist with code obfuscation. These include experimental research tools created by academics, hobbyist tools, commercial products written by professionals, and open-source software. Deobfuscation tools also exist that attempt to perform the reverse transformation.
Although the majority of commercial obfuscation solutions work by transforming either program source code, or platform-independent bytecode as used by Java and .NET, there are also some that work directly on compiled binaries.
Writing and reading obfuscated source code can be a brain teaser. A number of programming contests reward the most creatively obfuscated code, such as the International Obfuscated C Code Contest and the Obfuscated Perl Contest.
Short obfuscated Perl programs may be used in signatures of Perl programmers. These are JAPHs ("Just another Perl hacker").[16]
Cryptographers have explored the idea of obfuscating code so that reverse-engineering the code is cryptographically hard. This is formalized in the many proposals for indistinguishability obfuscation, a cryptographic primitive that, if possible to build securely, would allow one to construct many other kinds of cryptography, including completely novel types that no one knows how to make. (A stronger notion, black-box obfuscation, is known to be impossible in general.)[17][18]
Some anti-virus softwares, such as AVG AntiVirus,[20] will also alert their users when they land on a website with code that is manually obfuscated, as one of the purposes of obfuscation can be to hide malicious code. However, some developers may employ code obfuscation for the purpose of reducing file size or increasing security. The average user may not expect their antivirus software to provide alerts about an otherwise harmless piece of code, especially from trusted corporations, so such a feature may actually deter users from using legitimate software.
Mozilla and Google disallow browser extensions containing obfuscated code in their add-ons store.[21][22]
There has been debate on whether it is illegal to skirt copyleft software licenses by releasing source code in obfuscated form, such as in cases in which the author is less willing to make the source code available. The issue is addressed in the GNU General Public License by requiring the "preferred form for making modifications" to be made available.[23] The GNU website states "Obfuscated 'source code' is not real source code and does not count as source code."[24]
Adecompiler can reverse-engineer source code from an executable or library. Decompilation is sometimes called a man-in-the-end (mite) attack, based on the traditional cryptographic attack known as "man-in-the-middle". It puts source code in the hands of the user, although this source code is often difficult to read. The source code is likely to have random function and variable names, incorrect variable types, and use different logic than the original source code (due to compiler optimizations).
Model obfuscation is a technique to hide the internal structure of a machine learning model.[25] Obfuscation turns a model into a black box. It is contrary to explainable AI. Obfuscation models can also be applied to training data before feeding it into the model to add random noise. This hides sensitive information about the properties of individual and groups of samples.[26]
{{cite web}}: CS1 maint: numeric names: authors list (link)
{{cite web}}: CS1 maint: numeric names: authors list (link)
{{cite journal}}: Cite journal requires |journal= (help)
