users are outside of the developing organization and the software is not open
source, you should probably consider introducing some form of antireversing
measures into the program. Granted, not every program is worth the effort of
reversing it. Some programs contain relatively simple code that would be
much easier to rewrite than to reverse from the program’s binary.
Some applications have a special need for antireversing measures. An excel-
lent example is copy protection technologies and digital rights management
technologies. Preventing or obstructing reversers from looking inside copy
protection technologies is often a crucial step of creating an effective means of
protection.
Additionally, some software development platforms really necessitate some
form of antireversing measures, because otherwise the program can be very
easily converted back to a near-source-code representation. This is true for
most bytecode-based platforms such as Java and .NET, and is the reason why
so many code obfuscators have been created for such platforms (though it is
also possible to obfuscate programs that were compiled to a native processor
machine language). An obfuscator is an automated tool that reduces the read-
ability of a program by modifying it or eliminating certain information from it.
Code obfuscation is discussed in detail later in this chapter.Basic Approaches to Antireversing
There are several antireversing approaches, each with its own set of advan-
tages and disadvantages. Applications that are intent on fighting off attackers
will typically use a combination of more than one of the approaches discussed.
Eliminating Symbolic Information The first and most obvious step in
hindering reversers is to eliminate any obvious textual information from
the program. In a regular non-bytecode-based compiled program, this
simply means to strip all symbolic information from the program exe-
cutable. In bytecode-based programs, the executables often contain large
amounts of internal symbolic information such as class names, class
member names, and the names of instantiated global objects. This is true
for languages such as Java and for platforms such as .NET. This informa-
tion can be extremely helpful to reversers, which is why it absolutely
must be eliminated from programs where reversing is a concern. The
most fundamental feature of pretty much every bytecode obfuscator is
to rename all symbols into meaningless sequences of characters.
Obfuscating the Program Obfuscation is a generic name for a number of
techniques that are aimed at reducing the program’s vulnerability to any
kind of static analysis such as the manual reversing process described in328 Chapter 10