Re: Writing spaghetti code for obfuscation/encryption


spamtrap@xxxxxxxxxx wrote:
> Hi all,
>
> I'm considering writing some convoluted and confusing code in order to
> hide the access/decryption of some important data in an app. I don't
> really want to be dependent on any particular OS at the moment.
>
> The problem is how to generate this code without becoming confused
> myself, and how to make sure it is orthogonal, or always produces the
> same result with the same input.
>
> I would like for it to be similar to the copy protection schemes of
> old, that make tracing difficult and unpredictable.
>
> Can anyone offer any suggestions on how this might be done, besides
> undocumented opcodes and simple encryption?
>
> Thanks!

Self-modifying code!

Seriously. If the code is constantly changing at run-time, it's a devil
to trace through it. At the very least, consider packing your code
using an LZW-type algorithm and unpacking each module before running
it. Not only will this make it hard to decipher, but it will save
space, too.

Of course, there is also the trick of burying instruction opcodes
inside other instructions. This one is especially difficult to
disassemble.

And, of course, be sure to bury lots of read-only data in the code
stream and access it via the return address pushed on the stack, e.g.,

call print
byte "Hello world", 13, 10, 0

This confuses the heck out of disassemblers and throws up a roadblock
to people who are reverse engineering your code.

Finally, consider writing an interpreter and switching in and out of
that interpreter during the execution of your code:

call interpreter
byte <<stream of bytecodes in the interpretive language>>
<more x86 instructions>
call interpreter
byte <<another stream of bytecodes in the interpretive language>>
<more x86 instructions>
etc.

If you've got a decent assembler, you can create an "assembly language"
for your interpreter using macros, so it's not hard to write
intepretive code this way. Of course, you *do* have to write the
interpreter. But simple ones (enough to obfuscate your machine code)
will only be a couple of kilobytes long.
Cheers,
Randy Hyde

.

Relevant Pages

  • Re: Help me!!
    ... >> I am writing an intepreter for a mathematical language. ... >> console for the interpreter that can be invoked from within the GUI ... But this solution separates input area from output area. ...
    (comp.lang.java.gui)
  • Re: Help me!!
    ... > I am writing an intepreter for a mathematical language. ... > console for the interpreter that can be invoked from within the GUI ... > functionalities like reading a line at a time and writing output is ... Put the JTextArea or JList in a JScrollPane ...
    (comp.lang.java.gui)
  • Re: Has anyone implemented BASIC in Python?
    ... > interpreter for an unstructured language program. ... thinking thinking about stackless code with IF and GOTO for flow control. ... writing them? ...
    (comp.lang.python)
  • writing an interpreter in lisp
    ... I must write an interpreter for a programming language. ... Yet, I'd like to learn LISP, and writing my interpreter in LISP might ...
    (comp.lang.lisp)
  • Re: order of execution
    ... The point is that the interpreter should not inquire into the binding of ... there's nothing confusing about it. ... Whether you approve of it or not, every step of the way is legitimate APL ... Kindly give a rigorous definition of "dangerously written code." ...
    (comp.lang.apl)