{"id":839,"date":"2011-08-09T21:07:27","date_gmt":"2011-08-09T19:07:27","guid":{"rendered":"http:\/\/cerezo.name\/blog\/?p=839"},"modified":"2024-10-14T14:13:52","modified_gmt":"2024-10-14T12:13:52","slug":"obfuscating-android-c-native-code","status":"publish","type":"post","link":"http:\/\/cerezo.name\/blog\/2011\/08\/09\/obfuscating-android-c-native-code\/","title":{"rendered":"Obfuscating Android C Native Code"},"content":{"rendered":"

I\u2019ve got way too many emails from this blog, but one has found my attention: a reader has emailed me asking for advice on Android Native Code obfuscation, in the same line of previous<\/a> posts<\/a>. It\u2019s pretty clear that ProGuard<\/a> it\u2019s an excellent solution for the main language of the Android platform, Java, but there is no clear alternative for native development in C\/C++ with ARM<\/span> binaries.<\/p>\n

The best way to frame this question is to start defining what would be the preferred tools to decompile\/disassemble the binary code by Mallory, our evil cracker. Many tools have existed over the years to decompile C code (REC<\/span><\/a>, DCC<\/span><\/a>), Hex-Rays<\/a> being the latest and most powerful one ever, so it would be the first in her tool chest. Fixed the chosen scalpel, the most effective countermeasure against that, and any decompiler, is self-modifying<\/a>\/metamorphic<\/a> code, since it breaks their over-reliance on static binary analysis. But the downside of it being that it\u2019s very difficult to create good, reliable self-modifying\/metamorphic code, especially in these times in which almost everyone abhors assembly programming, so protecting most parts of the binary and decrypting them at program load time it\u2019s a realistic substitute, much like UPX<\/span><\/a> does (but no, it\u2019s no protection at all).<\/p>\n

Most people would recommend following the conventional route of code obfuscation (Mangle-It<\/a>, Stunnix C\/C++ Obfuscator<\/a>, COBF<\/span><\/a>, Thicket<\/a>), but there also are some very creative approaches, vg: use the LLVM<\/span> compiler infrastructure with the C back-end to produce an intermediate C representation, to be recompiled with gcc; or my favorite one, try to use a virtual machine like Oreans<\/a> or Python<\/a> for the most critical parts of the program.<\/p>\n

For the sake of completeness, there has also been some very interesting papers on cryptographically-aided obfuscation, my favourite being the following one:<\/p>\n

\n<\/p>

GDE<\/span> Error: Error retrieving file \u2014 if necessary turn off error checking (404:Not Found)<\/div>\n\n

And remember, enabling full compiler optimizations will always help!<\/p>\n","protected":false},"excerpt":{"rendered":"

I\u2019ve got way too many emails from this blog, but one has found my attention: a reader has emailed me asking for advice on Android Native Code obfuscation, in the same line of previous posts. It\u2019s pretty clear that ProGuard it\u2019s an excellent solution for the main language of the Android platform, Java, but there [\u2026]<\/p>\n","protected":false},"author":1,"featured_media":0,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"wp_typography_post_enhancements_disabled":false,"ngg_post_thumbnail":0},"categories":[12,6],"tags":[],"_links":{"self":[{"href":"http:\/\/cerezo.name\/blog\/wp-json\/wp\/v2\/posts\/839"}],"collection":[{"href":"http:\/\/cerezo.name\/blog\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"http:\/\/cerezo.name\/blog\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"http:\/\/cerezo.name\/blog\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"http:\/\/cerezo.name\/blog\/wp-json\/wp\/v2\/comments?post=839"}],"version-history":[{"count":6,"href":"http:\/\/cerezo.name\/blog\/wp-json\/wp\/v2\/posts\/839\/revisions"}],"predecessor-version":[{"id":1631,"href":"http:\/\/cerezo.name\/blog\/wp-json\/wp\/v2\/posts\/839\/revisions\/1631"}],"wp:attachment":[{"href":"http:\/\/cerezo.name\/blog\/wp-json\/wp\/v2\/media?parent=839"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"http:\/\/cerezo.name\/blog\/wp-json\/wp\/v2\/categories?post=839"},{"taxonomy":"post_tag","embeddable":true,"href":"http:\/\/cerezo.name\/blog\/wp-json\/wp\/v2\/tags?post=839"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}