透過例外機制實作程式模糊化

Abstract

為了保護軟體不被反組譯工具順利的轉為原始碼進而竊取其中重要的演算法，程式模糊化(obfuscation)技術是所有方法中最簡單卻又能達到很好效果的方法之一。一個好的程式模糊化技術不但能使被模糊後的程式不容易看懂，還能確保其程式正確性。 舊有的研究絕大多數都對於程式碼的轉換(program transformation)來達到模糊化的效果，雖然此種方法可順利的讓程式難以辨別，但卻會使得在編譯優化(compiler optimization)時無法套用所有的優化程式，進而使得產生的程式效能跟原本的程式差非常多 在本論文中，我們利用動態例外(runtime exception)不輕易在編譯時期(compile time)被發現的特性來把真正的程式碼隱藏起來， 並加入一些假的程式碼(bogus code)來增加攻擊者判斷的難度。程式經過我們的方法後，從實驗數據可得知我們的方法除了確保程式正確性外，對於效能和程式大小的增加也不大，爾且經過我們方法的程式也無法再被反組譯回原始碼。

There exist several reverse engineering tools that can easily recover source code from a lower level immediate representation. To protect intellectual property, obfuscation is one of the easiest and efficient way to achieve this goal. A good obfuscation tool can not only makes the obfuscated code much harder to understand but also ensures the correctness. Previous obfuscating approaches mostly use program transformation that base on opaque predicate to obfuscate control flow transfer. However, although these methods can provide a good resilient, they usually decrease performance a lot if applied on the whole program. In this paper, we use runtime exception to hide the real code. During obfuscation, the original program is obfuscated by changing each loop into a specific runtime exception and inserting bogus code after the runtime exception. The obfuscated code's correctness is maintained but the code is now unable to be decompiled. Experiment results show that our obfuscation technique increase less overhead and code size on SPECJVM2008.