Good Obfuscation, Bad Code

Good Obfuscation, Bad Code
Chris Wysopal, 2009-04-17

Antivirus analysts and security testers have to deal with a fundamental question every day: Is obfuscated code good or bad?

Expand all | Post comment

Good Obfuscation, Bad Code 2009-04-18
Chris (2 replies)

Re: Good Obfuscation, Bad Code 2009-04-20
Kyle Quest

Re: Good Obfuscation, Bad Code 2009-05-29
Anthony Lai, Hong Kong

Good Obfuscation, Bad Code 2009-04-22
Anonymous

Good Obfuscation, Bad Code 2009-04-23
TimD (1 replies)

Re: Good Obfuscation, Bad Code 2009-04-26
Chris Wysopal

The obfuscation I am talking about is self modifying code so you can't inspect what APIs or determine what high level behavior a program has. I'm not talking about code such as in the obfuscated code contest where it is difficult to determine what an algorithm is doing by viewing the code. It is a bit of an arms race against the type of obfuscation you are talking about with deobfuscation algorithms needing to collapse data and control flows to determine what they are actually doing. After all the machine needs to run the code so there is ultimately a defined behavior in the code.

[ reply ]

Link to this comment: http://www.securityfocus.com/comments/columns/498/35446#35446

Good Obfuscation, Bad Code 2009-04-27
Jack

Good Obfuscation, Bad Code 2009-09-04
Drew