Code Obfuscation : methods and practicality within automation
Wilhoite, Kurtis (2023)
2023
All rights reserved. This publication is copyrighted. You may download, display and print it for Your own personal use. Commercial use is prohibited.
Julkaisun pysyvä osoite on
https://urn.fi/URN:NBN:fi:amk-202301151307
https://urn.fi/URN:NBN:fi:amk-202301151307
Tiivistelmä
This thesis discusses, analyses, and explains the four primary methods of code obfuscation: renaming, control flow, debug, and string obfuscation, as well as briefly covering two other notable protections: tamper-proofing and watermarking. Examples of implementations were outlined and explained, as well as considerations to the various forms that these implementations could take.
Four code obfuscation solutions were selected for their professionalism, cost, security, and being reliably updated when compared to other solutions: ConfuserEx2, Eziriz’s .Net Reactor, Eazfuscator, and Babel.
Tests were then explained and implemented to assess the four code obfuscation solutions and their qualities of functionality preservation, usability, the level of obfuscation they deliver, and the performance cost prevalent in each. The obfuscation methods offered by each tool were outlined, as well as any other possibly unique protection features.
Functionality was performed as a pass or fail test using a real sample process prevalent in an automation company. Usability was scored using a base of credentials and qualities. Obfuscation level was analysed and various techniques the tools implement were noted and explained. Performance cost was tested through the timing of a sample process from start to finish, and then cross referenced with the non-obfuscated sample code’s original performance.
Lastly, comparisons were drawn between the four compared tools, and each were ranked based on each test and their performance. Ultimately, it was concluded that .Net Reactor was the most favourable of these, using the typical environment of an automation company, due to the strong level of obfuscation, low performance cost, and easy to use UI (User Interface).
Four code obfuscation solutions were selected for their professionalism, cost, security, and being reliably updated when compared to other solutions: ConfuserEx2, Eziriz’s .Net Reactor, Eazfuscator, and Babel.
Tests were then explained and implemented to assess the four code obfuscation solutions and their qualities of functionality preservation, usability, the level of obfuscation they deliver, and the performance cost prevalent in each. The obfuscation methods offered by each tool were outlined, as well as any other possibly unique protection features.
Functionality was performed as a pass or fail test using a real sample process prevalent in an automation company. Usability was scored using a base of credentials and qualities. Obfuscation level was analysed and various techniques the tools implement were noted and explained. Performance cost was tested through the timing of a sample process from start to finish, and then cross referenced with the non-obfuscated sample code’s original performance.
Lastly, comparisons were drawn between the four compared tools, and each were ranked based on each test and their performance. Ultimately, it was concluded that .Net Reactor was the most favourable of these, using the typical environment of an automation company, due to the strong level of obfuscation, low performance cost, and easy to use UI (User Interface).