Thread: Control Flow Obfuscation

Page 1 of 7 123 ... LastLast
Results 1 to 10 of 70
  1. #1 Control Flow Obfuscation 
    Registered Member
    thefifthlord's Avatar
    Join Date
    Jul 2007
    Posts
    283
    Thanks given
    0
    Thanks received
    0
    Rep Power
    233
    Just for you people who have come across one of super's posts and wondered WTH...

    Control Flow obfuscation discourages reverse engineering and malicious tampering of software codes by applying false conditional statements and other misleading constructs in order to confuse and break decompilers. Given the original source codes and desired obfuscation criteria, the proposed Control Flow obfuscation works by decomposing the source codes into fragments and then applying various transforms to the code fragments.
    Here is an example of how the Zelix obsuficator does it (direct quote from website):
    Original Source
    Code:
    package test;
    
    import java.util.*;
    
    class Demo {
    
       private Vector buffer = new Vector();
    
       /**
       * Return the position of the specified String in the 
       * buffer. Remove the String once if it has been found.
       * Return -1 if the String isn't found. */
       int getStringPos(String string) {
          for(int counter=0; counter < buffer.size(); counter++) {
             String curString = (String)buffer.elementAt(counter);
             if (curString.equals(string)) {
                buffer.remove(counter);
                return counter;
             }
          }
          return -1;
       }
    }
    Name and Flow obfuscated (2nd Generation Obfuscation) then decompiled
    Code:
    package a;
    
    import java.util.Vector;
    
    class a {
    
        private Vector a;
        public static int b;
    
        a() {
            a = new Vector();
        }
    
        int a(String s) {
            int i;
            int j;
            j = b;
            i = 0;
            if(j == 0) goto _L2; else goto _L1
    _L1:
            String s1 = (String)a.elementAt(i);
            s1.equals(s);
            if(j != 0) goto _L4; else goto _L3
    _L3:
            JVM INSTR ifeq 48;
               goto _L5 _L6
    _L5:
            break MISSING_BLOCK_LABEL_37;
    _L6:
            continue;
            a.remove(i);
            i;
    _L4:
            return;
    _L2:
            if(i >= a.size())
                return -1;
            if(true) goto _L1; else goto _L7
    _L7:
        }
    }
    How to get around it:

    Use a good decompiler/deobsuficator like:
    http://www.ahpah.com/cgi-bin/suid/~pah/demo.cgi
    http://jreversepro.blogspot.com/
    more at http://runefame.net/java.html
     

  2. #2  
    Renown Programmer and Respected Member
    Maxi's Avatar
    Join Date
    Jun 2008
    Posts
    3,197
    Thanks given
    281
    Thanks received
    1,095
    Rep Power
    1366
    Jagex is using ZKM obfuscation. I'm actually pretty interested how deobfuscators get the old structure back, so I can modify the existing deobfuscators we use for the LD clients, in order to deobfuscate the HD client.
     

  3. #3  
    Brown
    Guest
    Thanks alot.
     

  4. #4  
    Donator

    iZAjz's Avatar
    Join Date
    Mar 2007
    Age
    29
    Posts
    3,675
    Thanks given
    105
    Thanks received
    47
    Rep Power
    1882
    What exactly is Control Flow?
     

  5. #5  
     

    Vastiko's Avatar
    Join Date
    Dec 2006
    Posts
    5,700
    Thanks given
    300
    Thanks received
    663
    Rep Power
    5000
    Quote Originally Posted by xGTest View Post
    What exactly is Control Flow?
    Did you not read?
     

  6. #6  
    Encouragin
    Guest
    Quote Originally Posted by xGTest View Post
    What exactly is Control Flow?
    We can't explain you exactly what 'Control flow' is, But there are java statements that are used for Control flow.

    http://java.sun.com/docs/books/tutor...olts/flow.html
     

  7. #7  
    Renown Programmer and Respected Member
    Maxi's Avatar
    Join Date
    Jun 2008
    Posts
    3,197
    Thanks given
    281
    Thanks received
    1,095
    Rep Power
    1366
    Enco you slut add my msn: [email protected]
    Been trying to add you for ages
     

  8. #8  
    We be steady Mobbin'

    Stefan's Avatar
    Join Date
    Sep 2008
    Age
    29
    Posts
    2,380
    Thanks given
    38
    Thanks received
    23
    Rep Power
    1988
    spank you mate
    People still use this site?
     

  9. #9  
    Donator

    iZAjz's Avatar
    Join Date
    Mar 2007
    Age
    29
    Posts
    3,675
    Thanks given
    105
    Thanks received
    47
    Rep Power
    1882
    So the section describes the decision-making statements (if-then, if-then-else, switch), the looping statements (for, while, do-while)?

    If so, pretty interesting because i didnt know this
     

  10. #10  
    Encouragin
    Guest
    Quote Originally Posted by xGTest View Post
    So the section describes the decision-making statements (if-then, if-then-else, switch), the looping statements (for, while, do-while)?

    If so, pretty interesting because i didnt know this
    The fifthlord basically shows us the outcome of using Zelix obfuscator which Jagex uses for obfuscating their client. We simply de-obfuscate and decompile the Jagex client and refactor them. This is an example of why Jagex's runescape clients look weird programmed and all.

    @Fifth:

    Correct me if I'm wrong though. From looking and reading what you've showed us in this topic, This is what I think what you just wanted to show us.
     

Page 1 of 7 123 ... LastLast

Thread Information
Users Browsing this Thread

There are currently 1 users browsing this thread. (0 members and 1 guests)


User Tag List

Posting Permissions
  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •