Projects / obcode anti-debugging library

obcode anti-debugging library

The Obcode (obfuscated code) library allows the programmer to perform arithmetic (e.g. data encryption and serial code generation) over abstract, parameterizable, and obfuscated data types using special high-level operators. The resulting low-level binary code doesn't reveal any real data directly and is if not very difficult, then at least very boring to reverse engineer and trace.

Tags
Licenses
Operating Systems
Implementation

Recent releases

  •  17 Dec 2002 03:07

    Release Notes: Code and documentation cleanups, and compilation flag cleanups.

    •  04 Sep 2002 21:11

      Release Notes: This is a working version, but still under heavy development.

      Recent comments

      06 Nov 2002 23:54 antrik

      Re: Sense?...


      > There are useful applications for such a library, e.g. for code that must be
      > executed on an untrusted host (distributed computing, sensors for host-based
      > intrusion detection, not to mention the buzzword 'mobile code' ...).


      Sorry, you are right, of course. I just haven't thought of such applications...


      However, this kind of usage probably has to be considered "distribution", so the GPL would require providing full source -- which obviously doesn't make much sense... LGPL might be ok, but again, I'm not sure about that. In any case I *strongly* recommend asking the FSF for their opinion...


      > The general problem with code obfuscation is that by making debugging more
      > difficult , you can gain time (which for this kind of applications is good
      > enough), but you don't know how much time you gain. In particular, if you
      > need X seconds before the code is reverse engineered, there is no arithmetic
      > proof that you really get these X seconds.


      Well, "security through obscurity" is generally not considered a terribly good idea...

      18 Oct 2002 07:42 rainer

      Re: Sense?...

      >
      > Morever, the idea itself is a
      > perversion. The purpose of the GNU
      > licenses is to protect free software, to
      > give it a better position against
      > proprietary influences, to encourage and
      > faciliate free software development. Now
      > you want to use these licenses to
      > protect a library that has the sole aim
      > of "protecting" proprietary
      > applications?... That just doesn't make
      > any sense to me.
      >


      There are useful applications for such
      a library, e.g. for code that must be executed
      on an untrusted host (distributed computing,
      sensors for host-based
      intrusion detection, not to mention the
      buzzword 'mobile code' ...).

      The general problem with code obfuscation
      is that by making debugging more difficult ,
      you can gain time (which for this kind of applications
      is good enough), but you don't know how much
      time you gain. In particular, if you need X seconds
      before the code is reverse engineered, there is no
      arithmetic proof that you really get these X seconds.
      Still, I think this is an interesting project.

      10 Sep 2002 21:49 antrik

      Re: Sense?...

      > You're right as for the license, it needs to be LGPL probably.


      Well, yes, to allow linking the library to proprietary programs you would have to use the LGPL. However, I'm still not sure that's OK, as the LGPL requires that reverse engineering of the application is allowed, while the purpose of your library is exactly to prevent that...

      Morever, the idea itself is a perversion. The purpose of the GNU licenses is to protect free software, to give it a better position against proprietary influences, to encourage and faciliate free software development. Now you want to use these licenses to protect a library that has the sole aim of "protecting" proprietary applications?... That just doesn't make any sense to me.

      05 Sep 2002 01:40 kravietz

      Re: Sense?...

      > Sorry, I do not get it. What's the use
      > of this library? As it is covered by the
      > GNU GPL, every program that links to it
      > has to be distributed with full source
      > anyways!
      >

      You're right as for the license, it needs to be LGPL probably.
      I will sort it out in the next few versions as soon as I fully understand those licenses...

      04 Sep 2002 22:27 antrik

      Sense?...
      Sorry, I do not get it. What's the use of this library? As it is covered by the GNU GPL, every program that links to it has to be distributed with full source anyways!

      Screenshot

      Project Spotlight

      OpenStack4j

      A Fluent OpenStack client API for Java.

      Screenshot

      Project Spotlight

      TurnKey TWiki Appliance

      A TWiki appliance that is easy to use and lightweight.