I have obfuscated my JavaScript. It made it smaller, thus reducing download times. In addition, since the code is handed to the client, my company didn't want them to be able to read it.
If you have Javascript in Browser, everyone with access to the page can get the script. Obfuscation is only a little hurdle. – Mnementh May 16 '09 at 5:54 1 I tell them, buy they get what they want.
The code isn't worth stealing anyway. – geowa4 May 16 '09 at 15:19 1 this 20% of hurdle is probably sufficient for 80% of the stealers. – lImbus May 22 '09 at 15:45 3 haha, everything in software is "20% of ____________________ for 80% of ___________________" – Carson Myers Jun 15 '09 at 17:55.
Yes, to make it harder to reverse engineer.
Yes. Harder, but not impossible. :-) – Jesse Weigert May 16 '09 at 3:03 4 Yes we all know its impossible to make something unhackable.
Just like it is impossible for a building to be 100% safe, we still try as much as we can. – Unknown May 16 '09 at 3:16 @Unkown - +1 for your short and to the point answer – Yatendra Goel Jan 23 '10 at 17:43.
To ensure a job for life, of course (kidding). This is pretty hilarious and educational: How to Write Unmaintanable Code.
It's called "Job Security". This is also the reason to use Perl -- no need to do obfuscation as separate task, hence higher productivity, without loss of job security. Call it "security through obsfuscability" if you will.
(yes -- I am vain enough to think I need not resort to such tricks) – StaxMan May 18 '09 at 17:35.
I don't believe making reverse engineering harder is a valid reason. One rather good reason to obfuscate your code is to reduce the compiled footprint. For instance, J2ME appliactions need to be as small as possible.
If you run you app through an obfuscator (and optimiser) then you can reduce the jar from a couple of Mb to a few hundred Kb. The other point, nestled above, is that most obfuscators are also optimisers which can improve your application's performance.
The reason I don't think that making reverse engineering harder is a legitimate reason is that it making something difficult doesn't stop it from happening. – recursv May 16 '09 at 3:13 That's called compiler optimization. The fact that it happens to obfuscate is a side effect, not the main purpose.
– Unknown May 16 '09 at 3:17 3 Locks don't stop cars from being stolen, but they do make it harder. Someone has to really want the car rather than just an average Joe wanting a joy-ride. Obfuscation makes it harder to steal the code.
Someone that really wants it will still do it, but it'll stop your average script-kiddie. (-1) – bsneeze May 16 '09 at 4:27 -1, it makes RCE harder, I've done so many RCE tasks for security reasons and I hate obfuscated code, it takes so much more time to figure out what the hell is going on. – dr. evil May 16 '09 at 5:23 -1 "Not a valid reason"?
Why not. While not impossible, sure makes it harder. Probably enough to discourage most people.
– Ed S. May 16 '09 at 5:49.
When your source code is publically available (javascript etc) you might want to at least it somewhat harder to understand what is actually occuring on the client side. Security is always full of compromises. But I think that security by obscurity is one of the least effective methods.
I believe all TV cable boxes will have the java code obfuscated. This does make things harder to hack, and since the cable boxes will be in your home, they are theoretically hackable. I'm not sure how much it will matter since the cable card will still control signal encryption and gets its authorization straight from the video source rather than the java code guide or java apps, but they are pretty dedicated to the concept.By the way, it is not easy to trace exceptions thrown from an obfuscated stack!
I actually memorized at one point that aH meant "Null Pointer Exception" for a particular build.
I remember creating a Windows Service for Online Backup application that was built in .NET. I could easily use either Visual Studio or tools like . NET Reflector to see the classes and the source code inside it.
I created a new Visual Studio Test application and added the Windows Service reference to it. Double clicked on the reference and I can see all the classes, namespaces everything (not the source code though). Anybody can figure out the internal working of your modules by looking at the class names.In my case, one such class was FTPHandler that clearly tells where the backups are going.
. NET Reflector goes beyond that by showing the actual code.It even has an option to Export the whole project so you get a VS project with all the classes and source code similar to what the developer had. I think it makes sense to obfuscate, to make it atleast harder if not impossible for someone to disassemble.
Also I think it makes sense for products involving large customer base where you do not want your competitors to know much about your products.
If I am delivering Java Swing apps to clients, I always obfuscate the class files before distribution. You can never be too careful - I once pointed a decent Java decompiler (I used the JD Java Decompiler - djjavadecompiler.com/ ) at my class files and was rewarded with an almost perfect reproduction of the original code. That was rather unnerving, so I started obfuscating my production code ever since.
I use Klassmaster myself (zelix.com/klassmaster/) Cheers, -Richard.
Pirates will copy it anyway regardless of obfuscation. Legitimate business clients won't care one way or the other. – 20th Century Boy May 16 '09 at 5:06 We have people who would very much like to reverse engineer our code and put out a competing product.
-R – Huntrods May 17 '09 at 3:10.
Looking at some of the code I wrote for my disk driver project makes me question what it means to be obfuscated. ((int8_t (*)( int32_t, void * )) hdd->_ctrl)( DISK_CMD_REQUEST, (void *) dr ); Or is that just system programming in C? Or should that line be written differently?Questions...
That's not that bad... They could have used a typedef on the function type though. For others, hdd->_ctrl is a function that takes (int32_t, void*), and returns an int8_t. We pass it the actual parameters DISK_CMD_REQUEST and dr. – sharth May 16 '09 at 5:07.
Yes and no, I haven't delivered apps with a tool that was easy decompilable. I did run something like obfuscators for old Basic and UCSD Pascal interpreters, but that was for a different reason, optimizing run time.
It's most commonly done when you need to provide something in source (usually due to the environment it's being built in, such as systems without shared libraries, especially if you as the seller don't have the exact system being build for), but you don't want the person you're giving it to to be able to modify or extend it significantly (or at all). This used to be far more common than today. It also led to the (defunct?) Obfuscated C Contest.
A legal (though arguably not "legitimate") use might be to release "source" for an app you're linking with GPL code in obfuscated fashion. It's source, it can be modified, it's just very hard. That would be a more extreme version of releasing it without comments, or releasing with all whitespace trimmed, or (and this would be pushing the legal grounds probably) releasing assembler source generated from C (and perhaps hand-tweaked so you can say it's not just intermediate code).
Enh. If that was true, then what's stopping you from releasing it as assembly? – sharth May 16 '09 at 5:05 3 Obfuscated source does not comply with the GPL requirements.
GPL-2 and GPL-3 both say "The source code for a work means the preferred form of the work for making modifications to it. " Clearly, that is not the obfuscated version. And definitely not the assembly output.
– derobert May 16 '09 at 5:06 I hadn't checked if there was such language; certainly such a release violates the intention of the GPL. I suspect there's considerable legal gray area there (stripping comments? Not including external documentation?) but true obfuscation would seem to violate that clause.
– jesup May 16 '09 at 20:12.
I cant really gove you an answer,but what I can give you is a way to a solution, that is you have to find the anglde that you relate to or peaks your interest. A good paper is one that people get drawn into because it reaches them ln some way.As for me WW11 to me, I think of the holocaust and the effect it had on the survivors, their families and those who stood by and did nothing until it was too late.