Posted 25 November 2007 - 05:54 AM

A Simple Introduction to Obfuscated Code

Some Simple Techniques for Obfuscation

Identifier Names: Unlearn All Those Good Programming Practices

#include "stdio.h" void _(int O, int _O, char _0) { for (; O<_O; ++O) { printf("%c

",_0); _0++; } } int main() { _('O','o','O'); return 0; }

#include "stdio.h" void _(int O, int _O, char _0) { for (; O<_O; ++O) { printf("%c

",_0); _0++; } } int main() { int _0='O', O='o'; char _O=79; _(_0,O,_O); return 0; }

Arrays and Indexes: Where Pointers Come to Get Freaky

array_name[index_variable]

array_name

int arr[]={0,1,2,3,4}; //declaration of array arr[ind]; //element <index> of array_name arr; //base address of array_name arr + ind; //pointer arithmetic - returns address of <ind>th //element of <arr> *(arr_name+ind); //dereference address of <ind>th element; //equivalent to arr[ind]

arr[ind]

*(arr+ind)

arr[ind]; //equivalent to: *(arr+ind); //...which is equivalent to: *(ind+arr); //...again, equivalent to: *(arr+ind); //...which, finally, is equivalent to: ind[arr];

arr[ind]

ind[arr]

#include "stdio.h" void myFunction(int integer) { int i; for (i=0; i<10; ++i) { printf("%d ",*((int*)integer+i)); } } int main() { int array[]={0,1,2,3,4,5,6,7,8,9}; int integer=int(array); myFunction(integer); return 0; }

The Conditional Operator ?: and the Comma Operator ,

<variable_name> = (<test_condition>) ? (<value_if_true>) : (<value_if_false>);

if (<test_condition>) { <variable_name> = <value_if_true>; } else { <variable_name> = <value_if_false>; }

<variable_name> = (<test_condition>) ? (<expression_a1>, ..., <value_if_true>) : (<expression_b1>, ..., <value_if_false>);

int a=0; int b=3; a = (b+=3, b-1);

a=5

int a=1; int b=2; int c=3; if (a<0) { b+=3; a=b-1; } else { c+=b; a=c+2; }

int a=1; int b, c; a=(b=2, c=3, a<0) ? (b+=3, b-1) : (c+=b, c+2);

Recursion

#include "stdio.h" int main() { int array[]={0,1,2,3,4,5,6,7,8,9}; int i; for (i=0; i<10; ++i) { printf("%d ",array[i]); } return 0; }

#include "stdio.h" void recursiveFunction(int array, int i, int stop) { printf("%d ",*((int*)array+i)); i++; if (i < stop) { recursiveFunction(array, i, stop); } } int main() { int array[]={0,1,2,3,4,5,6,7,8,9}; recursiveFunction((int)array, 0, 10); return 0; }

#include "stdio.h" #include "math.h" int n=20; int i, isPrime; int main() { isPrime=1; for (i=2; i<=sqrt(n); i++) { isPrime *= (n%i == 0) ? 0 : 1; } (isPrime==1) ? printf("%d

",n) : 0; n--; return (n>1 ? main() : 0); }

Other Techniques for Obfuscation

Putting It All Together: A Simple Example

#include "stdio.h" int main() { printf("Hello World!"); return 0; }

#include "stdio.h" void myFunction(int array[], int arraySize) { int i; for (i=0; i<arraySize; ++i) { printf("%c", array[i]); } } int main() { int array[]={72,101,108,108,111,32,87,111,114,108,100,33}; myFunction(array,12); return 0; }

#include "stdio.h" void myFunction(int integer, int arraySize) { int i; for (i=0; i<arraySize; ++i) { printf("%c", *((int*)integer+i)); } } int main() { int array[]={72,101,108,108,111,32,87,111,114,108,100,33}, integer=(int)array; myFunction(integer,12); return 0; }

#include "stdio.h" void myFunction(int integer, int arraySize, int i) { (i<arraySize) ? printf("%c", *((int*)integer + i++ )), myFunction(integer, arraySize, i) : 0; } int main() { int array[]={72,101,108,108,111,32,87,111,114,108,100,33}; myFunction((int)array,12, 0); return 0; }

#include "stdio.h" void myFunction(int integer, int arraySize, int i, int k) { (i<arraySize) ? (i==2)||(i==3)||(i==9) ? k++, i++, printf("%c",108) : printf("%c", *((int*)integer + i++ - k)), myFunction(integer,arraySize, i, k) : 0; } int main() { int array[]= { 72, 101, 111, 32, 87, 111, 114, 100, 33 }; myFunction((int)array, 12, 0, 0); return 0; }

#include "stdio.h" void myFunction(int integer, int arraySize, int i, int k) { (i<arraySize) ? printf("%c",(i==2)||(i==3)||(i==9) ? k++, i++, 108 : *((int*)integer + i++ - k)), myFunction(integer,arraySize, i, k) : 0; } int main() { int array[]= { 72, 101, 111, 32, 87, 111, 114, 100, 33 }; myFunction((int)array, 12, 0, 0); return 0; }

#include "stdio.h" void myFunction(int __, int _0, int O_, int ___) { (O_<_0) ? printf("%c",(O_==2)||(O_==3)||(O_==9) ? ___++, O_++, 108 : *((int*)__ + O_++ - ___)), myFunction(__,_0, O_, ___) : 0; } int main() { int array[]= { 72, 'e', 111, 040, 0127, 0x6F, 'r', 0x64, 041 }; myFunction((int)array, 12, 0, 0); return 0; }

#include "stdio.h" _(__, _0, O_, ___) { (O_<_0) ? printf("%c",(O_==2)||(O_==3)||(O_==9) ? ___++, O_++, 108 : *((int*)__ + O_++ - ___)), _(__,_0, O_, ___) : 0; } main() { int array[]= { 72, 'e', 111, 040, 0127, 0x6F, 'r', 0x64, 041 }; _(array, 12, 0, 0); }

#include "stdio.h" _(__,_0,O_,___){(O_<_0)?printf("%c",(O_==2) ||(O_==3)||(O_==9)?___++,O_++,108:*((int*)__ +O_++-___)),_(__,_0, O_, ___):0;}main(){int array []={72,'e',111,040,0127,0x6F,'r',0x64,041 };_(array , 12 , 0 , 0 ) ; }

Conclusions