Obfuscating C++ unmanaged code

Question

4.00/5 (1 vote)

See more:

Hi,

I am using static lib which has intellectual property. I wanted to obfuscate my lib. Can you please suggest any tool for this. I have spent enough time Googling on this, but I found lots of tools for managed code only and not for unmanaged one.

Happy Programming

Posted 21-Jun-12 22:27pm

Pranit Kothari

Add a Solution

Comments

Richard MacCutchan 22-Jun-12 5:12am

I do not think you can obfuscate unmanaged code as it is actual machine language and has to be loaded "as is".

[no name] 22-Jun-12 5:16am

Can can obfuscate C++ code itself? Actually static lib can be easily reverse engineered using tools.

Richard MacCutchan 22-Jun-12 8:02am

There is little you can do to protect against a determined hacker, and quite frankly it's not worth the effort. Do you need to distribute the static library to your users or are you using it to build an application for them?

Albert Holguin 22-Jun-12 11:25am

I agree... not worth a huge amount of effort.

[no name] 22-Jun-12 8:12am

We need to distribute library.

Vitaly Tomilov 22-Jun-12 9:50am

The term obfuscate in programming refers to messing up non-binary code only. There is not such thing as binary code obfuscation. You need to search for Anti-Debugging tools and methods instead.

[no name] 22-Jun-12 23:32pm

The term intellectual property is widely misused. Once someone sees what your library does it can easily be replicated. Reverse engineering does not usually mean disassembly. You may be able to disassemble the library but getting production code is a different matter. This is the kind of red herring managers and lawyers love as it keeps them employed.

Sergey Chepurin 24-Jun-12 13:43pm

Chances are great this problem was already discussed somewhere. See Obfuscating C/C++ Code[^]

2 solutions

Solution 1

In my experience you can make the hacker life more difficult by complicating the logic in your code and put some distance between detection of a threat and the action you take about it.

I'll show some example.
I used C# syntax but it can be applied to any language.

Worst scenario.

C#

public bool IsLoggedIn(string userid, string password)
{
  // logic here
}

This is classic and very easy for hackers as they don't have to know what the logic is, they will replace your entire function by return 1

If you were to return a more complex object it is far harder for the hacker without your source to find out what is going on.

If you put a bit of multi-tasking into it it becomes near impossible.
I don't think there are any tools to do that.

Posted 22-Jun-12 0:31am

Pascal Ganaye

Add a Solution

Add your solution here

Treat my content as plain text, not as HTML

Preview 0

…

Existing Members

Sign in to your account

...or Join us

Download, Vote, Comment, Publish.

Your Email
Password
Forgot your password?

Your Email
This email is in use. Do you need your password?
Optional Password

I have read and agree to the Terms of Service and Privacy Policy
Please subscribe me to the CodeProject newsletters

When answering a question please:

Read the question carefully.
Understand that English isn't everyone's first language so be lenient of bad spelling and grammar.
If a question is poorly phrased then either ask for clarification, ignore it, or edit the question and fix the problem. Insults are not welcome.
Don't tell someone to read the manual. Chances are they have and don't get it. Provide an answer or move on to the next question.

Let's work to help developers, not make them feel stupid.

This content, along with any associated source code and files, is licensed under The Code Project Open License (CPOL)

W∴ Balboos, *GHB* · Accepted Answer · 2012-06-22T00:42:00

You, of course, know that the unmanaged library is binary - certainly not human-readable - which is the typical point of obfuscation. If you're talking about the .lib source code, you may consider this article (http://en.wikipedia.org/wiki/Obfuscated_code[^]) which does have ref's to obfuscation software for C/C++ .

Ultimately, you'll need to send your users something - and as even the biggest software manufacturers know - if your software is worth the time/trouble/expense of hacking it will be done. This begs a question: will your user base have the time/aptitude/inclination to try to steal the information? It's only a delaying tactic - if "they" are coming to get you, they'll "get you".

Other options, depending upon exactly what it is you're sending: self-modifying code and encryption.