Good Obfuscation, Bad Code

Good Obfuscation, Bad Code
Chris Wysopal, 2009-04-17

Antivirus analysts and security testers have to deal with a fundamental question every day: Is obfuscated code good or bad?

Expand all | Post comment

Good Obfuscation, Bad Code 2009-04-18
Chris (2 replies)

Re: Good Obfuscation, Bad Code 2009-04-20
Kyle Quest

Re: Good Obfuscation, Bad Code 2009-05-29
Anthony Lai, Hong Kong

Good Obfuscation, Bad Code 2009-04-22
Anonymous

Good Obfuscation, Bad Code 2009-04-23
TimD (1 replies)

The real question here is, how do you determine whether code is "obfuscated" at the machine level? By that I mean, how do you make a scanning software that can tell the difference between a complicated piece of code and an obfuscated one? Isn't obfuscation a pretty subjective thing? If I have a bunch of counters in my program with variable names like "a" "b" and "c" instead of descriptive names for each one, isn't that really just a form of obfuscation, even if the intent is brevity rather than obscuring what the code is doing? How do you get a computer program to tell the difference?

[ reply ]

Link to this comment: http://www.securityfocus.com/comments/columns/498/35442#35442

Re: Good Obfuscation, Bad Code 2009-04-26
Chris Wysopal

Good Obfuscation, Bad Code 2009-04-27
Jack

Good Obfuscation, Bad Code 2009-09-04
Drew