LWN.net Logo

Not logged in

Log in now

Create an account

Subscribe to LWN

Recent Features

Book review: Open Advice

Linux support for ARM big.LITTLE

LWN.net Weekly Edition for February 9, 2012

XBMC 11 "Eden"

LWN.net Weekly Edition for February 2, 2012

Printable page
Weekly edition Kernel Security Distributions Contact Us Search
Archives Calendar Subscribe Write for LWN LWN.net FAQ Sponsors

WHO OBFUSCATES?

WHO OBFUSCATES?

Posted Apr 10, 2005 3:01 UTC (Sun) by b7j0c (subscriber, #27559)
Parent article: Protect Your Source Code: Obfuscation 101 (O'ReillyNet)

I hear about this from time to time but have yet to encounter a codebase anyone really cares about that obfuscates.

I remember working for a loser company years ago that dedicated an insane amount of time to the topic of code obfuscation. The simple point was their product was crap and was being written on contract for essentially one user. What was the danger of anyone plowing through their code?

But then again, the CTO of this company also printed out every email, so it doesn't surprise me that they spent a considerable amount of billed time thinking about obfuscating their crapware.

(Log in to post comments)

Who obfuscates?

Posted Apr 10, 2005 9:05 UTC (Sun) by MathFox (guest, #6104) [Link]

I've been working in "software maintainance" for some years and I can tell you why good code is never obfuscated: Maintaining obfuscated code costs far more than maintaining normal code. The most time consuming part of bugfixing is reverse engineering the path through the code that leads to the bug, try that with obfuscated code...
It is so that programs tend to accumulate "entropy" due to bug fixes and changes, making maintainance increasingly harder when no measures are taken. In a sane project there is a budget for "refactoring", to prevent chaos taking over.

Re: Who obfuscates?

Posted Apr 10, 2005 10:55 UTC (Sun) by Wummel (subscriber, #7591) [Link]

Maintaining obfuscated code costs far more than maintaining normal code.
You don't work with obfuscated code. Obfuscation is normally an automated step before compiling, for example calling retroguard for Java progs. Obfuscating with retroguard actually speeds up the startup time since variable names are shorter and the resulting .class files are smaller.

Another possibility is putting all the compiled code in an archive, encrypt it, and write a small C wrapper that loads the archive in memory, decrypts it and runs it (either in the Java/Python interpreter, or directly as a native executable). There is no runtime overhead with this method, only startup is slower. And it is hard to decompile since you have to trace the decryption routine with a disassembler, or make a memory dump of the decrypted program.

Re: Who obfuscates?

Posted Apr 11, 2005 7:03 UTC (Mon) by khim (subscriber, #9252) [Link]

You don't work with obfuscated code. Obfuscation is normally an automated step before compiling, for example calling retroguard for Java progs. Obfuscating with retroguard actually speeds up the startup time since variable names are shorter and the resulting .class files are smaller.

It also makes trace logs useless thus making support nightmare. And it does not make code that much harder to crack. So even automatic obfuscator is useless in 99% cases.

Re: Who obfuscates?

Posted Apr 11, 2005 12:57 UTC (Mon) by AAP (guest, #721) [Link]

Automated obfuscaters? Bah, I know of an ex-programmer where I work that can outdo any automatic obfuscation! It was one programmer, not a company policy, but he did it because he thought it would make him too "valuable" to fire. Unfortunately for me, he eventually left, and I was the poor schmoe that had to rewrite his crap!

Copyright © 2012, Eklektix, Inc.
Comments and public postings are copyrighted by their creators.
Linux is a registered trademark of Linus Torvalds