Obfuscating Android C Native Code

I’ve got way too many emails from this blog, but one has found my attention: a reader has emailed me asking for advice on Android Native Code obfuscation, in the same line of previous posts. It’s pretty clear that ProGuard it’s an excellent solution for the main language of the Android platform, Java, but there is no clear alternative for native development in C/C++ with ARM binaries.

The best way to frame this question is to start defining what would be the preferred tools to decompile/disassemble the binary code by Mallory, our evil cracker. Many tools have existed over the years to decompile C code (REC, DCC), Hex-Rays being the latest and most powerful one ever, so it would be the first in her tool chest. Fixed the chosen scalpel, the most effective countermeasure against that, and any decompiler, is self-modifying/metamorphic code, since it breaks their over-reliance on static binary analysis. But the downside of it being that it’s very difficult to create good, reliable self-modifying/metamorphic code, especially in these times in which almost everyone abhors assembly programming, so protecting most parts of the binary and decrypting them at program load time it’s a realistic substitute, much like UPX does (but no, it’s no protection at all).

Most people would recommend following the conventional route of code obfuscation (Mangle-It, Stunnix C/C++ Obfuscator, COBF, Thicket), but there also are some very creative approaches, vg: use the LLVM compiler infrastructure with the C back-end to produce an intermediate C representation, to be recompiled with gcc; or my favorite one, try to use a virtual machine like Oreans or Python for the most critical parts of the program.

For the sake of completeness, there has also been some very interesting papers on cryptographically-aided obfuscation, my favourite being the following one:

GDE Error: Error retrieving file — if necessary turn off error checking (404:Not Found)

And remember, enabling full compiler optimizations will always help!

Leave a Reply

Your email address will not be published. Required fields are marked *