https://cio-wiki.org//index.php?title=Application_Obfuscation&feed=atom&action=historyApplication Obfuscation - Revision history2024-03-28T12:12:36ZRevision history for this page on the wikiMediaWiki 1.35.1https://cio-wiki.org//index.php?title=Application_Obfuscation&diff=14395&oldid=prevUser at 14:31, 19 January 20232023-01-19T14:31:01Z<p></p>
<table class="diff diff-contentalign-left diff-editfont-monospace" data-mw="interface">
<col class="diff-marker" />
<col class="diff-content" />
<col class="diff-marker" />
<col class="diff-content" />
<tr class="diff-title" lang="en">
<td colspan="2" style="background-color: #fff; color: #202122; text-align: center;">← Older revision</td>
<td colspan="2" style="background-color: #fff; color: #202122; text-align: center;">Revision as of 14:31, 19 January 2023</td>
</tr><tr><td colspan="2" class="diff-lineno" id="mw-diff-left-l1" >Line 1:</td>
<td colspan="2" class="diff-lineno">Line 1:</td></tr>
<tr><td class='diff-marker'>−</td><td style="color: #202122; font-size: 88%; border-style: solid; border-width: 1px 1px 1px 4px; border-radius: 0.33em; border-color: #ffe49c; vertical-align: top; white-space: pre-wrap;"><div>[<del class="diffchange diffchange-inline">[</del>Application]<del class="diffchange diffchange-inline">] obfuscation </del>refers to a set of technologies used to protect an application and its embedded intellectual property (IP) from application-level intrusions, reverse engineering and hacking attempts. Application obfuscation tools protect the application code as the increasing use of intermediate language representations (such as Java and .NET) enables hackers to easily reverse-engineer IP embedded in <del class="diffchange diffchange-inline">[[</del>software<del class="diffchange diffchange-inline">]]</del>.<del class="diffchange diffchange-inline"><ref>What is Application Obfuscation? [http://www.gartner.com/it-glossary/application-obfuscation Gartner]</ref></del></div></td><td class='diff-marker'>+</td><td style="color: #202122; font-size: 88%; border-style: solid; border-width: 1px 1px 1px 4px; border-radius: 0.33em; border-color: #a3d3ff; vertical-align: top; white-space: pre-wrap;"><div><ins class="diffchange diffchange-inline">== What is Application Obfuscation?<ref></ins>[<ins class="diffchange diffchange-inline">http://www.gartner.com/it-glossary/application-obfuscation What is </ins>Application <ins class="diffchange diffchange-inline">Obfuscation?</ins>]<ins class="diffchange diffchange-inline"></ref> ==</ins></div></td></tr>
<tr><td colspan="2"> </td><td class='diff-marker'>+</td><td style="color: #202122; font-size: 88%; border-style: solid; border-width: 1px 1px 1px 4px; border-radius: 0.33em; border-color: #a3d3ff; vertical-align: top; white-space: pre-wrap;"><div><ins class="diffchange diffchange-inline">'''Application Obfuscation''' </ins>refers to a set of technologies used to protect an application and its embedded intellectual property (IP) from application-level intrusions, reverse engineering<ins class="diffchange diffchange-inline">, </ins>and hacking attempts. Application obfuscation tools protect the application code as the increasing use of intermediate language representations (such as Java and .NET) enables hackers to easily reverse-engineer IP embedded in <ins class="diffchange diffchange-inline">the </ins>software.</div></td></tr>
<tr><td class='diff-marker'> </td><td style="background-color: #f8f9fa; color: #202122; font-size: 88%; border-style: solid; border-width: 1px 1px 1px 4px; border-radius: 0.33em; border-color: #eaecf0; vertical-align: top; white-space: pre-wrap;"></td><td class='diff-marker'> </td><td style="background-color: #f8f9fa; color: #202122; font-size: 88%; border-style: solid; border-width: 1px 1px 1px 4px; border-radius: 0.33em; border-color: #eaecf0; vertical-align: top; white-space: pre-wrap;"></td></tr>
<tr><td class='diff-marker'> </td><td style="background-color: #f8f9fa; color: #202122; font-size: 88%; border-style: solid; border-width: 1px 1px 1px 4px; border-radius: 0.33em; border-color: #eaecf0; vertical-align: top; white-space: pre-wrap;"></td><td class='diff-marker'> </td><td style="background-color: #f8f9fa; color: #202122; font-size: 88%; border-style: solid; border-width: 1px 1px 1px 4px; border-radius: 0.33em; border-color: #eaecf0; vertical-align: top; white-space: pre-wrap;"></td></tr>
<tr><td class='diff-marker'>−</td><td style="color: #202122; font-size: 88%; border-style: solid; border-width: 1px 1px 1px 4px; border-radius: 0.33em; border-color: #ffe49c; vertical-align: top; white-space: pre-wrap;"><div><del class="diffchange diffchange-inline">'''Should I Obfuscate and Secure my Application?'''</del><ref><del class="diffchange diffchange-inline">Should I Obfuscate and Secure my Application? </del>[https://www.<del class="diffchange diffchange-inline">preemptive</del>.com/obfuscation <del class="diffchange diffchange-inline">PreEmptive Solutions</del>]</ref><del class="diffchange diffchange-inline"><br /></del></div></td><td class='diff-marker'>+</td><td style="color: #202122; font-size: 88%; border-style: solid; border-width: 1px 1px 1px 4px; border-radius: 0.33em; border-color: #a3d3ff; vertical-align: top; white-space: pre-wrap;"><div><ins class="diffchange diffchange-inline">== Obfuscation Techniques</ins><ref>[https://www.<ins class="diffchange diffchange-inline">techtarget</ins>.com<ins class="diffchange diffchange-inline">/searchsecurity/definition</ins>/obfuscation <ins class="diffchange diffchange-inline">Obfuscation Techniques</ins>]</ref> <ins class="diffchange diffchange-inline">==</ins></div></td></tr>
<tr><td class='diff-marker'>−</td><td style="color: #202122; font-size: 88%; border-style: solid; border-width: 1px 1px 1px 4px; border-radius: 0.33em; border-color: #ffe49c; vertical-align: top; white-space: pre-wrap;"><div><del class="diffchange diffchange-inline">If you </del>are <del class="diffchange diffchange-inline">releasing valuable </del>software <del class="diffchange diffchange-inline">(especially </del>Java, <del class="diffchange diffchange-inline">Android</del>, .<del class="diffchange diffchange-inline">NET </del>and <del class="diffchange diffchange-inline">iOS) anywhere outside your immediate [[control]] and you are not distributing </del>the <del class="diffchange diffchange-inline">source </del>code, <del class="diffchange diffchange-inline">obfuscation should probably be part </del>of <del class="diffchange diffchange-inline">your application development [[process]]</del>. <del class="diffchange diffchange-inline">Obfuscation makes </del>it <del class="diffchange diffchange-inline">much more difficult for attackers </del>to <del class="diffchange diffchange-inline">review </del>the code and <del class="diffchange diffchange-inline">analyze </del>the <del class="diffchange diffchange-inline">application</del>. <del class="diffchange diffchange-inline">It also may </del>make it <del class="diffchange diffchange-inline">hard for hackers </del>to debug and <del class="diffchange diffchange-inline">tamper </del>with <del class="diffchange diffchange-inline">your application</del>. <del class="diffchange diffchange-inline">The end goal </del>is to <del class="diffchange diffchange-inline">make it difficult </del>to <del class="diffchange diffchange-inline">extract or discover useful information</del>, <del class="diffchange diffchange-inline">such </del>as <del class="diffchange diffchange-inline">trade secrets (IP)</del>, <del class="diffchange diffchange-inline">credentials</del>, <del class="diffchange diffchange-inline">or security vulnerabilities from an application</del>. <del class="diffchange diffchange-inline">It should also make </del>it <del class="diffchange diffchange-inline">more </del>difficult to <del class="diffchange diffchange-inline">modify application logic or repackage an application with malicious </del>code.</div></td><td class='diff-marker'>+</td><td style="color: #202122; font-size: 88%; border-style: solid; border-width: 1px 1px 1px 4px; border-radius: 0.33em; border-color: #a3d3ff; vertical-align: top; white-space: pre-wrap;"><div><ins class="diffchange diffchange-inline">Obfuscation involves several different methods. Often, multiple techniques </ins>are <ins class="diffchange diffchange-inline">used to create a layered effect. Programs written in </ins>software <ins class="diffchange diffchange-inline">languages that are compiled, such as C# and </ins>Java, <ins class="diffchange diffchange-inline">are easier to obfuscate. This is because they create intermediate-level instructions that are generally easier to read. In contrast</ins>, <ins class="diffchange diffchange-inline">C++ is more difficult to obfuscate, because it compiles machine code, which is more difficult for people to work with. Some common obfuscation techniques include the following:</ins></div></td></tr>
<tr><td colspan="2"> </td><td class='diff-marker'>+</td><td style="color: #202122; font-size: 88%; border-style: solid; border-width: 1px 1px 1px 4px; border-radius: 0.33em; border-color: #a3d3ff; vertical-align: top; white-space: pre-wrap;"><div><ins class="diffchange diffchange-inline">*Renaming</ins>. <ins class="diffchange diffchange-inline">The obfuscator alters the methods </ins>and <ins class="diffchange diffchange-inline">names of variables. The new names may include unprintable or invisible characters.</ins></div></td></tr>
<tr><td colspan="2"> </td><td class='diff-marker'>+</td><td style="color: #202122; font-size: 88%; border-style: solid; border-width: 1px 1px 1px 4px; border-radius: 0.33em; border-color: #a3d3ff; vertical-align: top; white-space: pre-wrap;"><div><ins class="diffchange diffchange-inline">*Packing. This compresses the entire program to make </ins>the code <ins class="diffchange diffchange-inline">unreadable.</ins></div></td></tr>
<tr><td colspan="2"> </td><td class='diff-marker'>+</td><td style="color: #202122; font-size: 88%; border-style: solid; border-width: 1px 1px 1px 4px; border-radius: 0.33em; border-color: #a3d3ff; vertical-align: top; white-space: pre-wrap;"><div><ins class="diffchange diffchange-inline">*Control flow. The decompiled code is made to look like spaghetti logic</ins>, <ins class="diffchange diffchange-inline">which is unstructured and hard-to-maintain code where the line </ins>of <ins class="diffchange diffchange-inline">thought is obscured</ins>. <ins class="diffchange diffchange-inline">The results from this code are not clear, and </ins>it<ins class="diffchange diffchange-inline">'s hard </ins>to <ins class="diffchange diffchange-inline">tell what the point of </ins>the code <ins class="diffchange diffchange-inline">is by looking at it.</ins></div></td></tr>
<tr><td colspan="2"> </td><td class='diff-marker'>+</td><td style="color: #202122; font-size: 88%; border-style: solid; border-width: 1px 1px 1px 4px; border-radius: 0.33em; border-color: #a3d3ff; vertical-align: top; white-space: pre-wrap;"><div><ins class="diffchange diffchange-inline">*Instruction pattern transformation. This approach takes common instructions created by the compiler </ins>and <ins class="diffchange diffchange-inline">swaps them for more complex, less common instructions that effectively do </ins>the <ins class="diffchange diffchange-inline">same thing</ins>.</div></td></tr>
<tr><td colspan="2"> </td><td class='diff-marker'>+</td><td style="color: #202122; font-size: 88%; border-style: solid; border-width: 1px 1px 1px 4px; border-radius: 0.33em; border-color: #a3d3ff; vertical-align: top; white-space: pre-wrap;"><div><ins class="diffchange diffchange-inline">*Dummy code insertion. Dummy code can be added to a program to </ins>make it <ins class="diffchange diffchange-inline">harder </ins>to <ins class="diffchange diffchange-inline">read and reverse engineer, but it does not affect the program's logic or outcome.</ins></div></td></tr>
<tr><td colspan="2"> </td><td class='diff-marker'>+</td><td style="color: #202122; font-size: 88%; border-style: solid; border-width: 1px 1px 1px 4px; border-radius: 0.33em; border-color: #a3d3ff; vertical-align: top; white-space: pre-wrap;"><div><ins class="diffchange diffchange-inline">*Metadata or unused code removal. Unused code and metadata give the reader extra information about the program, much like annotations on a Word document, that can help them read and </ins>debug <ins class="diffchange diffchange-inline">it. Removing metadata </ins>and <ins class="diffchange diffchange-inline">unused code leaves the reader with less information about the program and its code.</ins></div></td></tr>
<tr><td colspan="2"> </td><td class='diff-marker'>+</td><td style="color: #202122; font-size: 88%; border-style: solid; border-width: 1px 1px 1px 4px; border-radius: 0.33em; border-color: #a3d3ff; vertical-align: top; white-space: pre-wrap;"><div><ins class="diffchange diffchange-inline">*Opaque predicate insertion. A predicate in code is a logical expression that is either true or false. Opaque predicates are conditional branches -- or if-then statements -- where the results cannot easily be determined </ins>with <ins class="diffchange diffchange-inline">statistical analysis</ins>. <ins class="diffchange diffchange-inline">Inserting an opaque predicate introduces unnecessary code that is never executed but </ins>is <ins class="diffchange diffchange-inline">puzzling </ins>to <ins class="diffchange diffchange-inline">the reader trying to understand the decompiled output.</ins></div></td></tr>
<tr><td colspan="2"> </td><td class='diff-marker'>+</td><td style="color: #202122; font-size: 88%; border-style: solid; border-width: 1px 1px 1px 4px; border-radius: 0.33em; border-color: #a3d3ff; vertical-align: top; white-space: pre-wrap;"><div><ins class="diffchange diffchange-inline">*Anti-debug. Legitimate software engineers and hackers use debug tools </ins>to <ins class="diffchange diffchange-inline">examine code line by line. With these tools, software engineers can spot problems with the code</ins>, <ins class="diffchange diffchange-inline">and hackers can use them to reverse engineer the code. IT security pros can use anti-debug tools to identify when a hacker is running a debug program </ins>as <ins class="diffchange diffchange-inline">part of an attack. Hackers can run anti-debug tools to identify when a debug tool is being used to identify the changes they are making to the code.</ins></div></td></tr>
<tr><td colspan="2"> </td><td class='diff-marker'>+</td><td style="color: #202122; font-size: 88%; border-style: solid; border-width: 1px 1px 1px 4px; border-radius: 0.33em; border-color: #a3d3ff; vertical-align: top; white-space: pre-wrap;"><div><ins class="diffchange diffchange-inline">*Anti-tamper. These tools detect code that has been tampered with</ins>, <ins class="diffchange diffchange-inline">and if it has been modified</ins>, <ins class="diffchange diffchange-inline">it stops the program.</ins></div></td></tr>
<tr><td colspan="2"> </td><td class='diff-marker'>+</td><td style="color: #202122; font-size: 88%; border-style: solid; border-width: 1px 1px 1px 4px; border-radius: 0.33em; border-color: #a3d3ff; vertical-align: top; white-space: pre-wrap;"><div><ins class="diffchange diffchange-inline">*String encryption. This method uses encryption to hide the strings in the executable and only restores the values when they are needed to run the program</ins>. <ins class="diffchange diffchange-inline">This makes </ins>it difficult to <ins class="diffchange diffchange-inline">go through a program and search for particular strings.</ins></div></td></tr>
<tr><td colspan="2"> </td><td class='diff-marker'>+</td><td style="color: #202122; font-size: 88%; border-style: solid; border-width: 1px 1px 1px 4px; border-radius: 0.33em; border-color: #a3d3ff; vertical-align: top; white-space: pre-wrap;"><div><ins class="diffchange diffchange-inline">*Code transposition. This is the reordering of routines and branches in the </ins>code <ins class="diffchange diffchange-inline">without having a visible effect on its behavior</ins>.</div></td></tr>
<tr><td class='diff-marker'> </td><td style="background-color: #f8f9fa; color: #202122; font-size: 88%; border-style: solid; border-width: 1px 1px 1px 4px; border-radius: 0.33em; border-color: #eaecf0; vertical-align: top; white-space: pre-wrap;"></td><td class='diff-marker'> </td><td style="background-color: #f8f9fa; color: #202122; font-size: 88%; border-style: solid; border-width: 1px 1px 1px 4px; border-radius: 0.33em; border-color: #eaecf0; vertical-align: top; white-space: pre-wrap;"></td></tr>
<tr><td class='diff-marker'> </td><td style="background-color: #f8f9fa; color: #202122; font-size: 88%; border-style: solid; border-width: 1px 1px 1px 4px; border-radius: 0.33em; border-color: #eaecf0; vertical-align: top; white-space: pre-wrap;"></td><td class='diff-marker'> </td><td style="background-color: #f8f9fa; color: #202122; font-size: 88%; border-style: solid; border-width: 1px 1px 1px 4px; border-radius: 0.33em; border-color: #eaecf0; vertical-align: top; white-space: pre-wrap;"></td></tr>
<tr><td class='diff-marker'>−</td><td style="color: #202122; font-size: 88%; border-style: solid; border-width: 1px 1px 1px 4px; border-radius: 0.33em; border-color: #ffe49c; vertical-align: top; white-space: pre-wrap;"><div>===References<del class="diffchange diffchange-inline">=</del>==</div></td><td class='diff-marker'>+</td><td style="color: #202122; font-size: 88%; border-style: solid; border-width: 1px 1px 1px 4px; border-radius: 0.33em; border-color: #a3d3ff; vertical-align: top; white-space: pre-wrap;"><div>=<ins class="diffchange diffchange-inline">= Should I Obfuscate and Secure my Application?<ref>[https://www.preemptive.com/obfuscation Should I Obfuscate and Secure my Application?]</ref> ==</ins></div></td></tr>
<tr><td colspan="2"> </td><td class='diff-marker'>+</td><td style="color: #202122; font-size: 88%; border-style: solid; border-width: 1px 1px 1px 4px; border-radius: 0.33em; border-color: #a3d3ff; vertical-align: top; white-space: pre-wrap;"><div><ins class="diffchange diffchange-inline">If you are releasing valuable software (especially Java, Android, .NET, and iOS) anywhere outside your immediate control and you are not distributing the source code, obfuscation should probably be part of your application development process. Obfuscation makes it much more difficult for attackers to review the code and analyze the application. It also may make it hard for hackers to debug and tamper with your application. The end goal is to make it difficult to extract or discover useful information, such as trade secrets (IP), credentials, or security vulnerabilities from an application. It should also make it more difficult to modify application logic or repackage an application with malicious code.</ins></div></td></tr>
<tr><td colspan="2"> </td><td class='diff-marker'>+</td><td style="color: #202122; font-size: 88%; border-style: solid; border-width: 1px 1px 1px 4px; border-radius: 0.33em; border-color: #a3d3ff; vertical-align: top; white-space: pre-wrap;"><div> </div></td></tr>
<tr><td colspan="2"> </td><td class='diff-marker'>+</td><td style="color: #202122; font-size: 88%; border-style: solid; border-width: 1px 1px 1px 4px; border-radius: 0.33em; border-color: #a3d3ff; vertical-align: top; white-space: pre-wrap;"><div> </div></td></tr>
<tr><td colspan="2"> </td><td class='diff-marker'>+</td><td style="color: #202122; font-size: 88%; border-style: solid; border-width: 1px 1px 1px 4px; border-radius: 0.33em; border-color: #a3d3ff; vertical-align: top; white-space: pre-wrap;"><div><ins class="diffchange diffchange-inline">== Where Obfuscation Matters<ref>[https://build38.com/what-is-code-obfuscation/ Where does obfuscation truly matter?]</ref> == </ins></div></td></tr>
<tr><td colspan="2"> </td><td class='diff-marker'>+</td><td style="color: #202122; font-size: 88%; border-style: solid; border-width: 1px 1px 1px 4px; border-radius: 0.33em; border-color: #a3d3ff; vertical-align: top; white-space: pre-wrap;"><div><ins class="diffchange diffchange-inline">Obfuscation matters in the sensitive part of the code where important information is being processed. A binary block that is responsible for processing sensitive data should be the part where obfuscation and other security features need to be implemented, to fully protect the sensitive data and all the processes around it. Even in this case, security through obscurity (obfuscation) plays only a small role in the safekeeping of the information. This may raise the question from the perspective of an attacker if they only see a particular part of the code obfuscated – Wouldn’t they put all their energy and focus into understanding and de-obfuscating that part of the code? The answer is yes they will. And that is why it is important to implement much more in terms of security (refer to the section below for more information) to achieve a level that will keep an attacker busy for a long-time in the hope that they would eventually give up. </ins></div></td></tr>
<tr><td colspan="2"> </td><td class='diff-marker'>+</td><td style="color: #202122; font-size: 88%; border-style: solid; border-width: 1px 1px 1px 4px; border-radius: 0.33em; border-color: #a3d3ff; vertical-align: top; white-space: pre-wrap;"><div> </div></td></tr>
<tr><td colspan="2"> </td><td class='diff-marker'>+</td><td style="color: #202122; font-size: 88%; border-style: solid; border-width: 1px 1px 1px 4px; border-radius: 0.33em; border-color: #a3d3ff; vertical-align: top; white-space: pre-wrap;"><div> </div></td></tr>
<tr><td colspan="2"> </td><td class='diff-marker'>+</td><td style="color: #202122; font-size: 88%; border-style: solid; border-width: 1px 1px 1px 4px; border-radius: 0.33em; border-color: #a3d3ff; vertical-align: top; white-space: pre-wrap;"><div><ins class="diffchange diffchange-inline">== Disadvantages of Obfuscation<ref>[https://en.wikipedia.org/wiki/Obfuscation_(software) Disadvantages of Obfuscation]</ref> ==</ins></div></td></tr>
<tr><td colspan="2"> </td><td class='diff-marker'>+</td><td style="color: #202122; font-size: 88%; border-style: solid; border-width: 1px 1px 1px 4px; border-radius: 0.33em; border-color: #a3d3ff; vertical-align: top; white-space: pre-wrap;"><div><ins class="diffchange diffchange-inline">While obfuscation can make reading, writing, and reverse-engineering a program difficult and time-consuming, it will not necessarily make it impossible.</ins></div></td></tr>
<tr><td colspan="2"> </td><td class='diff-marker'>+</td><td style="color: #202122; font-size: 88%; border-style: solid; border-width: 1px 1px 1px 4px; border-radius: 0.33em; border-color: #a3d3ff; vertical-align: top; white-space: pre-wrap;"><div><ins class="diffchange diffchange-inline">*It adds time and complexity to the build process for the developers.</ins></div></td></tr>
<tr><td colspan="2"> </td><td class='diff-marker'>+</td><td style="color: #202122; font-size: 88%; border-style: solid; border-width: 1px 1px 1px 4px; border-radius: 0.33em; border-color: #a3d3ff; vertical-align: top; white-space: pre-wrap;"><div><ins class="diffchange diffchange-inline">*It can make debugging issues after the software has been obfuscated extremely difficult.</ins></div></td></tr>
<tr><td colspan="2"> </td><td class='diff-marker'>+</td><td style="color: #202122; font-size: 88%; border-style: solid; border-width: 1px 1px 1px 4px; border-radius: 0.33em; border-color: #a3d3ff; vertical-align: top; white-space: pre-wrap;"><div><ins class="diffchange diffchange-inline">*Once code becomes abandonware and is no longer maintained, hobbyists may want to maintain the program, add mods, or understand it better. *Obfuscation makes it hard for end users to do useful things with the code.</ins></div></td></tr>
<tr><td colspan="2"> </td><td class='diff-marker'>+</td><td style="color: #202122; font-size: 88%; border-style: solid; border-width: 1px 1px 1px 4px; border-radius: 0.33em; border-color: #a3d3ff; vertical-align: top; white-space: pre-wrap;"><div><ins class="diffchange diffchange-inline">*Certain kinds of obfuscation (i.e. code that isn't just a local binary and downloads mini binaries from a web server as needed) can degrade performance and/or require Internet.</ins></div></td></tr>
<tr><td colspan="2"> </td><td class='diff-marker'>+</td><td style="color: #202122; font-size: 88%; border-style: solid; border-width: 1px 1px 1px 4px; border-radius: 0.33em; border-color: #a3d3ff; vertical-align: top; white-space: pre-wrap;"><div> </div></td></tr>
<tr><td colspan="2"> </td><td class='diff-marker'>+</td><td style="color: #202122; font-size: 88%; border-style: solid; border-width: 1px 1px 1px 4px; border-radius: 0.33em; border-color: #a3d3ff; vertical-align: top; white-space: pre-wrap;"><div> </div></td></tr>
<tr><td colspan="2"> </td><td class='diff-marker'>+</td><td style="color: #202122; font-size: 88%; border-style: solid; border-width: 1px 1px 1px 4px; border-radius: 0.33em; border-color: #a3d3ff; vertical-align: top; white-space: pre-wrap;"><div><ins class="diffchange diffchange-inline">== Tools for Obfuscation<ref>[https://www.appsealing.com/android-app-obfuscation/ Tools for Obfuscation]</ref> ==</ins></div></td></tr>
<tr><td colspan="2"> </td><td class='diff-marker'>+</td><td style="color: #202122; font-size: 88%; border-style: solid; border-width: 1px 1px 1px 4px; border-radius: 0.33em; border-color: #a3d3ff; vertical-align: top; white-space: pre-wrap;"><div><ins class="diffchange diffchange-inline">There are a number of tools in the market but here we take a look at the most commonly-known tools:</ins></div></td></tr>
<tr><td colspan="2"> </td><td class='diff-marker'>+</td><td style="color: #202122; font-size: 88%; border-style: solid; border-width: 1px 1px 1px 4px; border-radius: 0.33em; border-color: #a3d3ff; vertical-align: top; white-space: pre-wrap;"><div><ins class="diffchange diffchange-inline">*PreEmptive DashO: It scores well on platform versatility and comes with quite a lot of useful features like renaming, string encryption, tamper detection, debug detection, watermarking, and control flow. It provides complete technical support irrespective of the customer category and has a great UI. Its built-in rules help configure the settings swiftly. It supports many types of Jaya and Kotlin applications. </ins></div></td></tr>
<tr><td colspan="2"> </td><td class='diff-marker'>+</td><td style="color: #202122; font-size: 88%; border-style: solid; border-width: 1px 1px 1px 4px; border-radius: 0.33em; border-color: #a3d3ff; vertical-align: top; white-space: pre-wrap;"><div><ins class="diffchange diffchange-inline">*GuardSquare’s ProGuard: Proguard has certain limited capabilities when compared to DexGuard since it is its lite version. Configuration, on the positive side, is easier and it also comes with some preinstalled configurations. Though the developer support is decent, additional controls might be required to move to DexGuard. It supports text-based configuration, only helps with renaming functionality, and doesn’t score very well when it comes to UI. </ins></div></td></tr>
<tr><td colspan="2"> </td><td class='diff-marker'>+</td><td style="color: #202122; font-size: 88%; border-style: solid; border-width: 1px 1px 1px 4px; border-radius: 0.33em; border-color: #a3d3ff; vertical-align: top; white-space: pre-wrap;"><div><ins class="diffchange diffchange-inline">*GuardSquare’s DexGuard: It works only on Java and has better features than the ProGuard version. The features are similar to what DashO offers (control flow, encryption, runtime checks, etc.) It offers a multi-layered hardening approach and users can go for these “add-ons” on top of their packages. When it comes to support, it has “basic” and “gold” levels. Just like its lite version, it supports only text-based configuration. Developers can add API calls through its API-based features. </ins></div></td></tr>
<tr><td colspan="2"> </td><td class='diff-marker'>+</td><td style="color: #202122; font-size: 88%; border-style: solid; border-width: 1px 1px 1px 4px; border-radius: 0.33em; border-color: #a3d3ff; vertical-align: top; white-space: pre-wrap;"><div> </div></td></tr>
<tr><td colspan="2"> </td><td class='diff-marker'>+</td><td style="color: #202122; font-size: 88%; border-style: solid; border-width: 1px 1px 1px 4px; border-radius: 0.33em; border-color: #a3d3ff; vertical-align: top; white-space: pre-wrap;"><div> </div></td></tr>
<tr><td colspan="2"> </td><td class='diff-marker'>+</td><td style="color: #202122; font-size: 88%; border-style: solid; border-width: 1px 1px 1px 4px; border-radius: 0.33em; border-color: #a3d3ff; vertical-align: top; white-space: pre-wrap;"><div><ins class="diffchange diffchange-inline">== See Also ==</ins></div></td></tr>
<tr><td colspan="2"> </td><td class='diff-marker'>+</td><td style="color: #202122; font-size: 88%; border-style: solid; border-width: 1px 1px 1px 4px; border-radius: 0.33em; border-color: #a3d3ff; vertical-align: top; white-space: pre-wrap;"><div><ins class="diffchange diffchange-inline">[[Source Code]]</ins></div></td></tr>
<tr><td colspan="2"> </td><td class='diff-marker'>+</td><td style="color: #202122; font-size: 88%; border-style: solid; border-width: 1px 1px 1px 4px; border-radius: 0.33em; border-color: #a3d3ff; vertical-align: top; white-space: pre-wrap;"><div> </div></td></tr>
<tr><td colspan="2"> </td><td class='diff-marker'>+</td><td style="color: #202122; font-size: 88%; border-style: solid; border-width: 1px 1px 1px 4px; border-radius: 0.33em; border-color: #a3d3ff; vertical-align: top; white-space: pre-wrap;"><div> </div></td></tr>
<tr><td colspan="2"> </td><td class='diff-marker'>+</td><td style="color: #202122; font-size: 88%; border-style: solid; border-width: 1px 1px 1px 4px; border-radius: 0.33em; border-color: #a3d3ff; vertical-align: top; white-space: pre-wrap;"><div>== References ==</div></td></tr>
<tr><td class='diff-marker'> </td><td style="background-color: #f8f9fa; color: #202122; font-size: 88%; border-style: solid; border-width: 1px 1px 1px 4px; border-radius: 0.33em; border-color: #eaecf0; vertical-align: top; white-space: pre-wrap;"><div><references /></div></td><td class='diff-marker'> </td><td style="background-color: #f8f9fa; color: #202122; font-size: 88%; border-style: solid; border-width: 1px 1px 1px 4px; border-radius: 0.33em; border-color: #eaecf0; vertical-align: top; white-space: pre-wrap;"><div><references /></div></td></tr>
<tr><td class='diff-marker'> </td><td style="background-color: #f8f9fa; color: #202122; font-size: 88%; border-style: solid; border-width: 1px 1px 1px 4px; border-radius: 0.33em; border-color: #eaecf0; vertical-align: top; white-space: pre-wrap;"></td><td class='diff-marker'> </td><td style="background-color: #f8f9fa; color: #202122; font-size: 88%; border-style: solid; border-width: 1px 1px 1px 4px; border-radius: 0.33em; border-color: #eaecf0; vertical-align: top; white-space: pre-wrap;"></td></tr>
<tr><td class='diff-marker'> </td><td style="background-color: #f8f9fa; color: #202122; font-size: 88%; border-style: solid; border-width: 1px 1px 1px 4px; border-radius: 0.33em; border-color: #eaecf0; vertical-align: top; white-space: pre-wrap;"></td><td class='diff-marker'> </td><td style="background-color: #f8f9fa; color: #202122; font-size: 88%; border-style: solid; border-width: 1px 1px 1px 4px; border-radius: 0.33em; border-color: #eaecf0; vertical-align: top; white-space: pre-wrap;"></td></tr>
<tr><td class='diff-marker'>−</td><td style="color: #202122; font-size: 88%; border-style: solid; border-width: 1px 1px 1px 4px; border-radius: 0.33em; border-color: #ffe49c; vertical-align: top; white-space: pre-wrap;"><div><del class="diffchange diffchange-inline">=</del>==Further Reading<del class="diffchange diffchange-inline">=</del>==</div></td><td class='diff-marker'>+</td><td style="color: #202122; font-size: 88%; border-style: solid; border-width: 1px 1px 1px 4px; border-radius: 0.33em; border-color: #a3d3ff; vertical-align: top; white-space: pre-wrap;"><div>== Further Reading ==</div></td></tr>
<tr><td class='diff-marker'>−</td><td style="color: #202122; font-size: 88%; border-style: solid; border-width: 1px 1px 1px 4px; border-radius: 0.33em; border-color: #ffe49c; vertical-align: top; white-space: pre-wrap;"><div>*<del class="diffchange diffchange-inline">Obfuscation of Probabilistic Circuits and Applications </del>[https://eprint.iacr.org/2014/882.pdf <del class="diffchange diffchange-inline">Ran Canetti,Huijia Lin, Stefano Tessaro, Vinod Vaikuntanathan</del>]</div></td><td class='diff-marker'>+</td><td style="color: #202122; font-size: 88%; border-style: solid; border-width: 1px 1px 1px 4px; border-radius: 0.33em; border-color: #a3d3ff; vertical-align: top; white-space: pre-wrap;"><div>*[https://eprint.iacr.org/2014/882.pdf <ins class="diffchange diffchange-inline">Obfuscation of Probabilistic Circuits and Applications</ins>]</div></td></tr>
<tr><td class='diff-marker'>−</td><td style="color: #202122; font-size: 88%; border-style: solid; border-width: 1px 1px 1px 4px; border-radius: 0.33em; border-color: #ffe49c; vertical-align: top; white-space: pre-wrap;"><div>*<del class="diffchange diffchange-inline">Techniques of Program Code Obfuscation for Secure Software </del>[http://www.jmeds.eu/index.php/jmeds/article/download/Techniques-of-Program-Code-Obfuscation-for-Secure-Software/pdf <del class="diffchange diffchange-inline">Marius Popa</del>]</div></td><td class='diff-marker'>+</td><td style="color: #202122; font-size: 88%; border-style: solid; border-width: 1px 1px 1px 4px; border-radius: 0.33em; border-color: #a3d3ff; vertical-align: top; white-space: pre-wrap;"><div>*[http://www.jmeds.eu/index.php/jmeds/article/download/Techniques-of-Program-Code-Obfuscation-for-Secure-Software/pdf <ins class="diffchange diffchange-inline">Techniques of Program Code Obfuscation for Secure Software</ins>]</div></td></tr>
<tr><td colspan="2"> </td><td class='diff-marker'>+</td><td style="color: #202122; font-size: 88%; border-style: solid; border-width: 1px 1px 1px 4px; border-radius: 0.33em; border-color: #a3d3ff; vertical-align: top; white-space: pre-wrap;"><div><ins class="diffchange diffchange-inline">__NOTOC__</ins></div></td></tr>
</table>Userhttps://cio-wiki.org//index.php?title=Application_Obfuscation&diff=6871&oldid=prevUser: The LinkTitles extension automatically added links to existing pages (https://github.com/bovender/LinkTitles).2021-02-06T13:46:23Z<p>The LinkTitles extension automatically added links to existing pages (https://github.com/bovender/LinkTitles).</p>
<table class="diff diff-contentalign-left diff-editfont-monospace" data-mw="interface">
<col class="diff-marker" />
<col class="diff-content" />
<col class="diff-marker" />
<col class="diff-content" />
<tr class="diff-title" lang="en">
<td colspan="2" style="background-color: #fff; color: #202122; text-align: center;">← Older revision</td>
<td colspan="2" style="background-color: #fff; color: #202122; text-align: center;">Revision as of 13:46, 6 February 2021</td>
</tr><tr><td colspan="2" class="diff-lineno" id="mw-diff-left-l1" >Line 1:</td>
<td colspan="2" class="diff-lineno">Line 1:</td></tr>
<tr><td class='diff-marker'>−</td><td style="color: #202122; font-size: 88%; border-style: solid; border-width: 1px 1px 1px 4px; border-radius: 0.33em; border-color: #ffe49c; vertical-align: top; white-space: pre-wrap;"><div>Application obfuscation refers to a set of technologies used to protect an application and its embedded intellectual property (IP) from application-level intrusions, reverse engineering and hacking attempts. Application obfuscation tools protect the application code as the increasing use of intermediate language representations (such as Java and .NET) enables hackers to easily reverse-engineer IP embedded in software.<ref>What is Application Obfuscation? [http://www.gartner.com/it-glossary/application-obfuscation Gartner]</ref></div></td><td class='diff-marker'>+</td><td style="color: #202122; font-size: 88%; border-style: solid; border-width: 1px 1px 1px 4px; border-radius: 0.33em; border-color: #a3d3ff; vertical-align: top; white-space: pre-wrap;"><div><ins class="diffchange diffchange-inline">[[</ins>Application<ins class="diffchange diffchange-inline">]] </ins>obfuscation refers to a set of technologies used to protect an application and its embedded intellectual property (IP) from application-level intrusions, reverse engineering and hacking attempts. Application obfuscation tools protect the application code as the increasing use of intermediate language representations (such as Java and .NET) enables hackers to easily reverse-engineer IP embedded in <ins class="diffchange diffchange-inline">[[</ins>software<ins class="diffchange diffchange-inline">]]</ins>.<ref>What is Application Obfuscation? [http://www.gartner.com/it-glossary/application-obfuscation Gartner]</ref></div></td></tr>
<tr><td class='diff-marker'> </td><td style="background-color: #f8f9fa; color: #202122; font-size: 88%; border-style: solid; border-width: 1px 1px 1px 4px; border-radius: 0.33em; border-color: #eaecf0; vertical-align: top; white-space: pre-wrap;"></td><td class='diff-marker'> </td><td style="background-color: #f8f9fa; color: #202122; font-size: 88%; border-style: solid; border-width: 1px 1px 1px 4px; border-radius: 0.33em; border-color: #eaecf0; vertical-align: top; white-space: pre-wrap;"></td></tr>
<tr><td class='diff-marker'> </td><td style="background-color: #f8f9fa; color: #202122; font-size: 88%; border-style: solid; border-width: 1px 1px 1px 4px; border-radius: 0.33em; border-color: #eaecf0; vertical-align: top; white-space: pre-wrap;"></td><td class='diff-marker'> </td><td style="background-color: #f8f9fa; color: #202122; font-size: 88%; border-style: solid; border-width: 1px 1px 1px 4px; border-radius: 0.33em; border-color: #eaecf0; vertical-align: top; white-space: pre-wrap;"></td></tr>
<tr><td class='diff-marker'> </td><td style="background-color: #f8f9fa; color: #202122; font-size: 88%; border-style: solid; border-width: 1px 1px 1px 4px; border-radius: 0.33em; border-color: #eaecf0; vertical-align: top; white-space: pre-wrap;"><div>'''Should I Obfuscate and Secure my Application?'''<ref>Should I Obfuscate and Secure my Application? [https://www.preemptive.com/obfuscation PreEmptive Solutions]</ref><br /></div></td><td class='diff-marker'> </td><td style="background-color: #f8f9fa; color: #202122; font-size: 88%; border-style: solid; border-width: 1px 1px 1px 4px; border-radius: 0.33em; border-color: #eaecf0; vertical-align: top; white-space: pre-wrap;"><div>'''Should I Obfuscate and Secure my Application?'''<ref>Should I Obfuscate and Secure my Application? [https://www.preemptive.com/obfuscation PreEmptive Solutions]</ref><br /></div></td></tr>
<tr><td class='diff-marker'>−</td><td style="color: #202122; font-size: 88%; border-style: solid; border-width: 1px 1px 1px 4px; border-radius: 0.33em; border-color: #ffe49c; vertical-align: top; white-space: pre-wrap;"><div>If you are releasing valuable software (especially Java, Android, .NET and iOS) anywhere outside your immediate control and you are not distributing the source code, obfuscation should probably be part of your application development process. Obfuscation makes it much more difficult for attackers to review the code and analyze the application. It also may make it hard for hackers to debug and tamper with your application. The end goal is to make it difficult to extract or discover useful information, such as trade secrets (IP), credentials, or security vulnerabilities from an application. It should also make it more difficult to modify application logic or repackage an application with malicious code.</div></td><td class='diff-marker'>+</td><td style="color: #202122; font-size: 88%; border-style: solid; border-width: 1px 1px 1px 4px; border-radius: 0.33em; border-color: #a3d3ff; vertical-align: top; white-space: pre-wrap;"><div>If you are releasing valuable software (especially Java, Android, .NET and iOS) anywhere outside your immediate <ins class="diffchange diffchange-inline">[[</ins>control<ins class="diffchange diffchange-inline">]] </ins>and you are not distributing the source code, obfuscation should probably be part of your application development <ins class="diffchange diffchange-inline">[[</ins>process<ins class="diffchange diffchange-inline">]]</ins>. Obfuscation makes it much more difficult for attackers to review the code and analyze the application. It also may make it hard for hackers to debug and tamper with your application. The end goal is to make it difficult to extract or discover useful information, such as trade secrets (IP), credentials, or security vulnerabilities from an application. It should also make it more difficult to modify application logic or repackage an application with malicious code.</div></td></tr>
<tr><td class='diff-marker'> </td><td style="background-color: #f8f9fa; color: #202122; font-size: 88%; border-style: solid; border-width: 1px 1px 1px 4px; border-radius: 0.33em; border-color: #eaecf0; vertical-align: top; white-space: pre-wrap;"></td><td class='diff-marker'> </td><td style="background-color: #f8f9fa; color: #202122; font-size: 88%; border-style: solid; border-width: 1px 1px 1px 4px; border-radius: 0.33em; border-color: #eaecf0; vertical-align: top; white-space: pre-wrap;"></td></tr>
<tr><td class='diff-marker'> </td><td style="background-color: #f8f9fa; color: #202122; font-size: 88%; border-style: solid; border-width: 1px 1px 1px 4px; border-radius: 0.33em; border-color: #eaecf0; vertical-align: top; white-space: pre-wrap;"></td><td class='diff-marker'> </td><td style="background-color: #f8f9fa; color: #202122; font-size: 88%; border-style: solid; border-width: 1px 1px 1px 4px; border-radius: 0.33em; border-color: #eaecf0; vertical-align: top; white-space: pre-wrap;"></td></tr>
</table>Userhttps://cio-wiki.org//index.php?title=Application_Obfuscation&diff=414&oldid=prevUser: Application obfuscation refers to a set of technologies used to protect an application and its embedded intellectual property (IP) from application-level intrusions, reverse engineering and hacking attempts.2018-12-03T17:38:08Z<p>Application obfuscation refers to a set of technologies used to protect an application and its embedded intellectual property (IP) from application-level intrusions, reverse engineering and hacking attempts.</p>
<p><b>New page</b></p><div>Application obfuscation refers to a set of technologies used to protect an application and its embedded intellectual property (IP) from application-level intrusions, reverse engineering and hacking attempts. Application obfuscation tools protect the application code as the increasing use of intermediate language representations (such as Java and .NET) enables hackers to easily reverse-engineer IP embedded in software.<ref>What is Application Obfuscation? [http://www.gartner.com/it-glossary/application-obfuscation Gartner]</ref><br />
<br />
<br />
'''Should I Obfuscate and Secure my Application?'''<ref>Should I Obfuscate and Secure my Application? [https://www.preemptive.com/obfuscation PreEmptive Solutions]</ref><br /><br />
If you are releasing valuable software (especially Java, Android, .NET and iOS) anywhere outside your immediate control and you are not distributing the source code, obfuscation should probably be part of your application development process. Obfuscation makes it much more difficult for attackers to review the code and analyze the application. It also may make it hard for hackers to debug and tamper with your application. The end goal is to make it difficult to extract or discover useful information, such as trade secrets (IP), credentials, or security vulnerabilities from an application. It should also make it more difficult to modify application logic or repackage an application with malicious code.<br />
<br />
<br />
===References===<br />
<references /><br />
<br />
<br />
===Further Reading===<br />
*Obfuscation of Probabilistic Circuits and Applications [https://eprint.iacr.org/2014/882.pdf Ran Canetti,Huijia Lin, Stefano Tessaro, Vinod Vaikuntanathan]<br />
*Techniques of Program Code Obfuscation for Secure Software [http://www.jmeds.eu/index.php/jmeds/article/download/Techniques-of-Program-Code-Obfuscation-for-Secure-Software/pdf Marius Popa]</div>User