c++ - Protecting executable from reverse engineering? -
i've been contemplating how protect c/c++ code disassembly , reverse engineering. never condone behavior myself in code; current protocol i've been working on must not ever inspected or understandable, security of various people.
now new subject me, , internet not resourceful prevention against reverse engineering rather depicts tons of information on how reverse engineer
some of things i've thought of far are:
- code injection (calling dummy functions before , after actual function calls)
- code obfustication (mangles disassembly of binary)
write own startup routines (harder debuggers bind to)
void startup(); int _start() { startup( ); exit (0) } void startup() { /* code here */ }
runtime check debuggers (and force exit if detected)
function trampolines
void trampoline(void (*fnptr)(), bool ping = false) { if(ping) fnptr(); else trampoline(fnptr, true); }
pointless allocations , deallocations (stack changes lot)
- pointless dummy calls , trampolines (tons of jumping in disassembly output)
- tons of casting (for obfuscated disassembly)
i mean these of things i've thought of can worked around , or figured out code analysts given right time frame. there else alternative have?
what amber said right. can make reverse engineering harder, can never prevent it. should never trust "security" relies on prevention of reverse engineering.
that said, best anti-reverse-engineering techniques i've seen focused not on obfuscating code, instead on breaking tools people use understand how code works. finding creative ways break disassemblers, debuggers, etc both more effective , more intellectually satisfying generating reams of horrible spaghetti code. nothing block determined attacker, increase likelihood j random cracker wander off , work on easier instead.
Comments
Post a Comment