Enhancing obfuscation technique for protecting source code against software reverse engineering

Obfuscation (Obfu) is a practice to make the programming code complicated to protect the Intellectual Property (IP) and prevent prohibited software Reverse Engineering (RE). Obfuscation involves transforming potentially revealing data, renaming useful classes and variables (identifiers) names to meaningless labels or adding unused or meaningless code to an application binary. Obfuscation is used to convert source code into a program that works the same way but is much harder to read and understand. Obfuscation techniques allow the programmer to customize which part of the code to be obfuscated. Recently, obfuscation techniques were mostly used to secure the source code; however, none of the current obfuscation techniques satisfy all obfuscation effectiveness criteria to resist the attack of Reverse Engineering. Therefore, IT industry loses tens of billions of dollars annually due to security attacks such as reverse engineering. The obvious amount of lost money of victims has led to many court cases where victim and theft claims the ownership of the program and the winner is who has a good lawyer. Many programming languages are used for programming; Java programming language is known to be most common due to its features, the use of this popular language increases an attacker's ability to steal intellectual property (IP), as the source program is translated to an intermediate format retaining most of the information such as meaningful variables names present in source code. An attacker can easily reconstruct source code from such intermediate formats to extract sensitive information such as proprietary algorithms present in the software. Hence, there is a need for development of techniques and schemes to obfuscate sensitive parts of software to protect it from reverse engineering attacks. In this research, we have proposed a new Hybrid Obfuscation Technique to prevent prohibited Reverse Engineering. The proposed technique contains three approaches; first approach is string encryption. The string encryption is about adding a mathematical equation with arrays and loops to the strings in the code to hide the meaning. Second approach is renaming system keywords to Unicode to increase difficulty and complexity of the code. Third approach is transforming identifiers to junk code to hide the meaning and increase the complexity of the code. Empirical evaluation was conducted to evaluate the proposed Hybrid Obfuscation Technique. It consists of experiment and interview. The experiment contains two phases; first phase was conducted against java applications that do not use any protection to determine the ability of reversing tools to read the compiled code. Second phase was conducted against the proposed technique to evaluate the effectiveness of it. Interview was conducted to get an overview of programming experts towards using Hybrid Obfuscation Technique to prevent prohibited Reverse Engineering. The experiment of the hybrid obfuscation technique was to test output correctness, syntax, reversed code errors, flow test, identifiers names test, methods and classes correctness test. With these parameters it was possible to determine the ability of the proposed technique to defend the attack. The proposed technique can be enhanced in the future to protect games applications and mobile applications that are developed by java; it can improve the software development industry. The proposed technique can be used to support many languages such as Arabic, English, Chinese and so on. There is also a need to develop a tool that contains the three approaches where the developer can customize the protection of the source code.

Text FSKTM 2020 6 IR.pdf Download (1MB)

Actions (login required)

View Item