Abstract
In this paper, we propose an obfuscation method to shuffle the stack status for preventing illegal analysis from crackers. Generally, crackers tries building a call flow graph of a program to clarify its behaviors. The call flow graph represents relations among methods, and helps comprehension of a program. On the other hand, a callee is fixed by a method name and the stack status in object oriented languages. Then, changing a stack status causes changing a callee when the callee is overloaded. Therefore, we focus on a hook mechanism to change a callee at runtime by changing the stack status. The program applied our method makes a fake call flow graph (CFG) from reverse-engineering tools, and the fake CFG leads misunderstanding of the program. We conducted two experiments to evaluate the proposed method. First is to evaluate the tolerance against existing reverse-engineering tools: Soot, Jad, Procyon, and Krakatau. The Procyon only succeeded decompilation, the others crashed. Second is to evaluate understandability of the program obfuscated by our method. Only one subject in the nine subjects answered the correct value. The experiments show the proposed method leads misunderstanding even if the target program is tiny and simple.
Talk to us
Join us for a 30 min session where you can share your feedback and ask us any queries you have
Schedule a callDisclaimer: All third-party content on this website/platform is and will remain the property of their respective owners and is provided on "as is" basis without any warranties, express or implied. Use of third-party content does not indicate any affiliation, sponsorship with or endorsement by them. Any references to third-party content is to identify the corresponding services and shall be considered fair use under The CopyrightLaw.
