Q

Home » Work » Lessons in Espionage: Code Obfuscation 101

Lessons in Espionage: Code Obfuscation 101

Enter your email address to follow this blog and receive notifications of new posts by email.

Join 46 other followers

As a programmer, when we share our programming code, we have developed and perfected a lengthy list of methods – in particularly with the corporate environment – to make our lives easier.

Now one thing that comes in handy is something called Naming Conventions, which allows us as developers to understand our own code easier, and to easily share it among our peers in team based environments.

You can think of this similar to standardizing measurement systems such as the metric system, or a more complex example is higher level math such as calculus and notation used for integrals.

Lawyers use something called “Black’s Law” to define the basic terms used that’s a good idea for lawyers to have access to.

Chemists have the periodic table.

… and so on.

Naming conventions are not unique to programming, by any measure, and with this example comes the ability to leverage processes like “Kaizen” – an iterative design process – which is similar to how ants build anthills.

The benefit of the Naming Conventions are extensive: It reinforces the notion of teams, it emphasizes peer review of your work, and creates a form of competition in and of itself by inspiring more appropriate naming conventions should the work derive.

In the western world, Doctors and Lawyers are historically the first professions to establish naming conventions, and this is actually documented in the bible.

So regardless of your religious affiliation, the bible established the practical framework of modern society by outlining both the responsibilities of two very important modern professions – and a framework which reinforced the need to compartmentalize their knowledge through conventions THEY established.

Accordingly, Doctors and Lawyers have publicly disclosed and left open their work for public scrutiny, in the programming world this is something called ‘Open Source’, where programmers AND companies would share their work and processes openly.

Businesses have for centuries worked with quite the opposite impetus, a direct result of competition, and companies with diversity ranging from Kentucky Fried Chicken to Intel – have not only hidden their physical processes and recipes, but they have also actively practice developing their own internal lingo based on acronyms and creating their own standards.

The implications of not developing your own methods, processes, naming systems and protective measures in general are pretty enormous if you’re working in ANY sort of competitive environment.


The NSA and CIA have both received reams of negative press based on one thing – THE worst possible conditions of how, where, why, when and with who the tools they had developed were being used.

Now what most people aren’t aware of is – since 1987, before the fall of Berlin wall, and heightening in 1999 – there’s been massive amounts of code theft occurring that the design and intent of it was flat out misunderstood.

Some say it was a series of simple misunderstandings of how and why the code did what it did that was the real reason the planes were flown into the Twin Towers over September 11th.

Now what security firms and the intelligence agencies have found is this: There’s no amount of public encryption based security that will protect information in transit.

For more on the light speed thing, see the BBC’s article, here.

Why is this?  With physics laws being bent all over the place,  scientists are now quite literally capable of controlling the speed of light, With light based computing and new forms of security being reliant on communication which CANNOT be intercepted, something known as the ‘man in the middle attack’ was theoretically not possible until quite literally today.

Does this blow security for programmers out of the water?


 

Programmers, sick and fucking tired of having their work stolen, or finding it posted on github and/or sourceforge, are resorting to something called ‘code obfuscation’.

Google and the intelligence communities learned this a while ago, and the premise is simple:

Make your code utterly unreadable from the start.

And should your USB drives or computer get stolen or your computer system get hacked. You preserve your assets by making your intellectual property ONLY something you can understand and work with.

Now this isn’t a cure all. But here’s an example of what a Simple google search has as code if you attempt to ‘read’ their code:

!doctype html><html itemscope=”” itemtype=”http://schema.org/SearchResultsPage&#8221; lang=”en”><head><meta content=”/images/google_favicon_128.png” itemprop=”image”><title>holodeck addiction – Google Search</title>   <script>(function(){window.google={kEI:’zgfDVPnpGsvroASC3oK4Ag’,kEXPI:’3700281,4011550,4011552,4011556,4011558,4011559,4014789,4020347,4020562,4021073,4021587,4021965,4022889,4023709,4025124,4025127,4025743,4025891,4026005,4026331,4027921,4027923,4028128,4028134,4028467,4028508,8300096,8300111,8500393,8501083,10200083,10200905′,authuser:0,kSID:’zgfDVPnpGsvroASC3oK4Ag’};google.kHL=’en’;})();(function(){google.lc=[];google.li=0;google.getEI=function(a){for(var b;a&&(!a.getAttribute||!(b=a.getAttribute(“eid”)));)a=a.parentNode;return b||google.kEI};google.https=function(){return”https:”==window.location.protocol};google.ml=function(){};google.time=function(){return(new Date).getTime()};google.log=function(a,b,d,e,k){var c=new Image,h=google.lc,f=google.li,g=””,l=google.ls||””;c.onerror=c.onload=c.onabort=function(){delete h[f]};h[f]=c;d||-1!=b.search(“&ei=”)||(e=google.getEI(e),g=”&ei=”+e,e!=google.kEI&&(g+=”&lei=”+google.kEI));a=d||”/”+(k||”gen_204″)+”?atyp=i&ct=”+a+”&cad=”+b+g+l+”&zx=”+google.time();/^http:/i.test(a)&&google.https()?(google.ml(Error(“a”),!1,{src:a,glmm:1}),delete

… To me, this is UTTERLY unreadable. I have NO freakin clue what they’re doing nor do I even WANT to figure it out.

And here’s a nearly complete program example of a Visual Basic 6.0 application I am working on which leverages the same philosophy.

I am creating a set of ‘espionage tools’, more like hacking/mischief making tools, which also help me discover things about this wild and weird world. This is a first one.

The purpose of obfuscation – to me at least – is to make your life more interesting. When I paint everything with crystal clarity, you and others like you assume the worst – and I have NO doubt there are very valid reasons for these assumptions in the past.

That is not me anymore. but I want to make sure you enjoy doing what you do too. Sound fair?

Sure, I could take it a little further on ‘hiding’ names, as I said I am not done yet.

But can you guess what the program does?

If you cant decode it, I left one of the key conversion routines in there to make it easier, then once the form’s set up and named you might be able to figure out what it does…

Before I show you the code though. One thing I laugh at is seeing Version number in the file created. Now this doesn’t surprise me that much, after all, you’ve done it for quite some time with Windows!

Take care and goodnight, my peeps 🙂

VERSION 5.00
Object = "{831FDD16-0C5C-11D2-A9FC-0000F8754DA1}#2.0#0"; "MSCOMCTL.OCX"
Begin VB.Form frmLookup 
   Caption         =   "noitadiPUKAL SND SSORC"
   ClientHeight    =   7905
   ClientLeft      =   75
   ClientTop       =   360
   ClientWidth     =   12105
   ClipControls    =   0   'False
   LinkTopic       =   "Form1"
   ScaleHeight     =   7905
   ScaleWidth      =   12105
   StartUpPosition =   2  'CenterScreen
   Begin VB.Frame OTRANUTHER 
      Caption         =   "Epnbjo!Obnf!Tfswfst"
      Height          =   7335
      Left            =   4050
      TabIndex        =   7
      Top             =   60
      Width           =   3915
      Begin MSComctlLib.ListView fermaldehydeEnvelopesareGrizzly 
         Height          =   7065
         Left            =   120
         TabIndex        =   8
         Top             =   210
         Width           =   3615
         _ExtentX        =   6376
         _ExtentY        =   12462
         View            =   3
         Sorted          =   -1  'True
         LabelWrap       =   -1  'True
         HideSelection   =   -1  'True
         FullRowSelect   =   -1  'True
         _Version        =   393217
         ForeColor       =   -2147483640
         BackColor       =   -2147483643
         BorderStyle     =   1
         Appearance      =   1
         NumItems        =   2
         BeginProperty ColumnHeader(1) {BDD1F052-858B-11D1-B16A-00C0F0283628} 
            Text            =   "Y=0"
            Object.Width           =   2540
         EndProperty
         BeginProperty ColumnHeader(2) {BDD1F052-858B-11D1-B16A-00C0F0283628} 
            SubItemIndex    =   1
            Text            =   "X=17"
            Object.Width           =   2540
         EndProperty
      End
   End
   Begin VB.CommandButton jjjqaqqwww 
      Height          =   375
      Left            =   7560
      TabIndex        =   6
      Tag             =   "ddA"
      Top             =   7470
      Width           =   495
   End
   Begin VB.TextBox barfallow 
      Height          =   405
      Left            =   4080
      TabIndex        =   5
      Top             =   7470
      Width           =   3405
   End
   Begin VB.TextBox jbm 
      Height          =   405
      Left            =   2130
      TabIndex        =   4
      Top             =   7470
      Width           =   1365
   End
   Begin VB.TextBox JO 
      Height          =   405
      Left            =   60
      TabIndex        =   3
      Top             =   7470
      Width           =   2025
   End
   Begin VB.CommandButton bvf 
      Height          =   375
      Left            =   3540
      TabIndex        =   2
      Top             =   7500
      Width           =   495
   End
   Begin VB.Frame BITTENhurd 
      Caption         =   "Uhprwh#Krvw#Qdphv"
      Height          =   7335
      Left            =   60
      TabIndex        =   0
      Top             =   60
      Width           =   3915
      Begin MSComctlLib.ListView motionInsenstiveTHINGS 
         Height          =   7065
         Left            =   120
         TabIndex        =   1
         Top             =   240
         Width           =   3615
         _ExtentX        =   6376
         _ExtentY        =   12462
         View            =   3
         Sorted          =   -1  'True
         LabelWrap       =   -1  'True
         HideSelection   =   -1  'True
         FullRowSelect   =   -1  'True
         _Version        =   393217
         ForeColor       =   -2147483640
         BackColor       =   -2147483643
         BorderStyle     =   1
         Appearance      =   1
         NumItems        =   2
         BeginProperty ColumnHeader(1) {BDD1F052-858B-11D1-B16A-00C0F0283628} 
            Text            =   "Y=0"
            Object.Width           =   2540
         EndProperty
         BeginProperty ColumnHeader(2) {BDD1F052-858B-11D1-B16A-00C0F0283628} 
            SubItemIndex    =   1
            Text            =   "X=17"
            Object.Width           =   2540
         EndProperty
      End
   End
End
Attribute VB_Name = "frmLookup"
Attribute VB_GlobalNameSpace = False
Attribute VB_Creatable = False
Attribute VB_PredeclaredId = True
Attribute VB_Exposed = False
Option Explicit
Private camsnayrcnsiduaCGS As String

Private Sub bvf_Click()
    If (Len(JO.Text) = 0 Or Len(jbm.Text) = 0) Then
        Dim x As Integer, s1 As Variant: For x = 1 To -1 * (vbKeySpace - 54) - 1 Step 1: s1 = s1 & _
                Chr(Choose(x, 114, 105, 97, 80, 32, 80, 73, 47, 83, 78, 68, 32, 101, 118, 97, 104, 32, 116, 115, 117, 77)): Next x
        MsgBox StrReverse(s1) & Chr(33)
    Else
        motionInsenstiveTHINGS.ListItems.Add(, , JO.Text).SubItems(1) = jbm.Text
    End If
End Sub

Private Sub Form_Load()
    Dim BBB As Long
    On Error GoTo WOAH
    camsnayrcnsiduaCGS = a11("15%%&3!2%&5..9", ((Len(Space(Asc("‚"))) - ((2 * 2 * 2 * 2 * 2 * 2) / -8)) / 3) - (2 * 2 * 2 * 2) + 2)
    Me.Caption = StrReverse(Replace(Me.Caption, StrReverse("AKUP"), "laV pukoo"))
    bvf.Caption = jjjqaqqwww.Tag:  jjjqaqqwww.Caption = StrReverse(bvf.Caption): bvf.Caption = jjjqaqqwww.Caption
    Dim sD As String: sD = s11(BITTENhurd.Caption, 3)
    BITTENhurd.Caption = s11(OTRANUTHER.Caption, 1)
    OTRANUTHER.Caption = sD
    puddyTangisINBaybee GetSetting(camsnayrcnsiduaCGS, Chr(102 - 14), Mid("101253611281212122", 1, 2), "")
    veritableIrritability GetSetting(camsnayrcnsiduaCGS, Chr(Asc(" ") + 57), Chr(45) & Trim(Str(Round(9999999 / 11282192))), "")
    Dim vData As Integer
    vData = Exp(100000)
Exit Sub
noFun:
    motionInsenstiveTHINGS.ColumnHeaders(2).Text = a11("EL", Round((BBB / (2 * 2 * 2)) Mod 15))
Exit Sub
WOAH:
    BBB = Len(Err.Description)
    Err.Clear
    motionInsenstiveTHINGS.ColumnHeaders(1).Text = a11("RdqudqM`ld", Round(Abs(Tan(Log(Exp(9) * Exp(9))))))
    GoTo noFun
End Sub

Private Function s11(s As String, nI As Integer) As String: Dim x As Integer: For x = 1 To Len(s) Step 1: s11 = s11 & Chr(Asc(Mid(s, x, 1)) - nI): Next x: End Function
Private Function do_s(s As String) As String: Dim x As Integer: For x = 1 To Len(s) Step 1: s11 = s11 & Chr(Asc(Mid(s, x, 1)) - nI): Next x: End Function
Private Function a11(s As String, nCur As Integer) As String: Dim x As Integer: For x = 1 To Len(s) Step 1: a11 = a11 & Chr(Asc(Mid(s, x, 1)) + nCur): Next x: End Function

Private Sub Form_Unload(Cancel As Integer)
    SaveSetting camsnayrcnsiduaCGS, Chr((2 * 2 * 2 * 2 * 2 * 2 * 2) - (2 * 2 * 2 * 2 * 2) - (2 * 2 * 2)), Mid("1" & "ALO MATEY!" & "0", 1, 1) & Chr(2 * 2 * 2 * 2 * 2 * 2 - 2 * 2 * 2 * 2), Wowzerthemthatarebiguns()
    SaveSetting camsnayrcnsiduaCGS, Chr(Len("XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXYYXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX")), "-" & "1", THEMTHARARESOMBIGBEARS()
End Sub

Private Sub jjjqaqqwww_Click()
    fermaldehydeEnvelopesareGrizzly.ListItems.Add , , barfallow.Text: barfallow.Text = Trim("                                                                                                                                               ")
End Sub

Private Sub motionInsenstiveTHINGS_KeyDown(KeyCode As Integer, Shift As Integer)
    If (KeyCode = -6 + Round((((Asc(" ") * 2 * 2 * 2 * 2 * 2 * 2 * 2 * 2) - 3000) / 80) - (2 * 2 * 2) + -5) And Not motionInsenstiveTHINGS.SelectedItem Is Nothing) Then
        If (MsgBox(s11(StrReverse(">ldshrhgsdsdkdcnssm`vtnxdqtrtnxdq@"), -1), vbOKCancel, s11(StrReverse("hicn[]c`cl_Pslnh?"), -6)) = vbOK) Then
            motionInsenstiveTHINGS.ListItems.Remove motionInsenstiveTHINGS.SelectedItem.Index
            If (motionInsenstiveTHINGS.ListItems.Count > 0) Then
                Set motionInsenstiveTHINGS.SelectedItem = motionInsenstiveTHINGS.ListItems(1)
            End If
            motionInsenstiveTHINGS.SetFocus
        End If
    ElseIf (KeyCode = Round(((((17 * 538) / 50) + 80) / 5) - 7)) Then
        Beep
    End If
End Sub

Private Sub puddyTangisINBaybee(ByVal farfromITISAY As String)
    Dim garanimalFUNCTIONALITYVerityisTRUE As Integer
    Dim oVictoryOrASmorgasborg As Variant
    If (Len(farfromITISAY) > 0) Then
        oVictoryOrASmorgasborg = Split(farfromITISAY, StrReverse(StrReverse("#|/")))
        For garanimalFUNCTIONALITYVerityisTRUE = LBound(oVictoryOrASmorgasborg) To UBound(oVictoryOrASmorgasborg) - 1 Step 1
            Dim T100 As Variant
            T100 = Split(oVictoryOrASmorgasborg(garanimalFUNCTIONALITYVerityisTRUE), StrReverse("*:<"))
            motionInsenstiveTHINGS.ListItems.Add(, , T100(0)).SubItems(1) = T100(1)
        Next garanimalFUNCTIONALITYVerityisTRUE
    End If
End Sub

Private Sub veritableIrritability(ByVal purdypinkBUBBLES As String)
    Dim garanimalFUNCTIONALITYVerityisTRUEPARTDEUX As Integer
    Dim howdyPodner As Variant
    If (Len(purdypinkBUBBLES) > 0) Then
        howdyPodner = Split(purdypinkBUBBLES, StrReverse(StrReverse("###FUNKYCULMADENA###")))
        Dim PUPPIES As Long
        For PUPPIES = LBound(howdyPodner) To UBound(howdyPodner) - 1 Step 1
            fermaldehydeEnvelopesareGrizzly.ListItems.Add , , howdyPodner(PUPPIES)
        Next PUPPIES
    End If
End Sub

Private Function Wowzerthemthatarebiguns() As String
    Dim ppHAHAHISAIDPEEPEE As String
    Dim hhhASJHAKSHKAHJSAKHAHJ As ListItem
    
    For Each hhhASJHAKSHKAHJSAKHAHJ In motionInsenstiveTHINGS.ListItems
        ppHAHAHISAIDPEEPEE = ppHAHAHISAIDPEEPEE & hhhASJHAKSHKAHJSAKHAHJ.Text & "<:*" & hhhASJHAKSHKAHJSAKHAHJ.SubItems(1) & "#|/"
    Next hhhASJHAKSHKAHJSAKHAHJ
    Wowzerthemthatarebiguns = ppHAHAHISAIDPEEPEE
End Function

Private Function THEMTHARARESOMBIGBEARS() As String
    Dim papahadarollingSTONE As String
    Dim GHI As ListItem
    
    For Each GHI In fermaldehydeEnvelopesareGrizzly.ListItems
        papahadarollingSTONE = papahadarollingSTONE & GHI.Text & StrReverse("###ANEDAMLUCYKNUF###")
    Next GHI
    THEMTHARARESOMBIGBEARS = papahadarollingSTONE
End Function

Leave a Reply

Please log in using one of these methods to post your comment:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s

Enter your email address to follow this blog and receive notifications of new posts by email.