Obfuscation - A guide covering all aspects you need to know

Discussion in 'General' started by herby2212, Nov 28, 2017.

?

What do you think about Obfuscation?

  1. Good

  2. Bad

  3. Depends on the plugin and its purpose

Results are only viewable after voting.
  1. Hey everyone,
    I will talk in this thread about how to obfuscate your plugins and what meaning, benefits it has. I already got some requests, so I decided to make a public thread to it. The idea for this comes from @Lenny :rolleyes:



    So what is obfuscating in general?
    There are several definitions out there, but you can say in general that the following fits well:
    Obfuscation is the act of creating code that deliberately conceal its purpose or logic, by using expressions and code designs that are hard to understand for other humans then the creator, to prevent tampering, reverse engineering, re-publishing or leaking.


    What are the Pro and Con's of Obfuscation regarding plugins?
    Pro:

    • "Protection" of your code
    • Harder to leak or modify by other persons
    • Repellent effect when a unauthorized person see the code, may preventing the person from trying modify the resource
    • Feeling of safety as creator
    • Can improve anti-piracy protection (if integrated into the plugin)
    Con:
    • Time consuming
    • Inefficient
    • Make working in your code harder
    • Disturb "customers" (Persons who fight for open source, potential leakers/pirates)

    Conclusion:
    In general it is up to you which of the points mentioned above are more important for you then others. But I recommend to only start obfuscating your plugins if they have a designated range of publicity or contains code, that it very special, or costed a lot of effort to develop.

    A special word for network owners: I recommend that you put your effort and money into reinforcing your network safety and infrastructure, before investing in extra time to obfuscate your plugins. Of course it is up to you at the end, but this just as a tip from money and needed time relation. (If you pay for the plugin development)


    How to obfuscate?
    There are to answers to this question, one quite easy the other one more complex.

    The first one would be to use a program, that obfuscate the code for you. It is easier for you, but also easier to deobfuscate by a other program. Additional it can be that you lose the overview of your plugin though the obfuscation process.

    The second one is to obfuscate your plugin by hand. Yes this will take a lot more time and thinking, but it allows you to develop your own obfuscation methods and structure, which will be a important factor to the efficiency of the plugin and the conceal effect.

    Every developer has his own kind of tricks and methods to obfuscate his plugins, so it is hard to cover them all. So I will tell some of my own methods, that proved to have a good effect:

    • Random/Fake class names: This means that I create a ton of empty fake classes and name them in alphabetic order.
    • Unreadable/Fake packages: Here I use the some tactic as with the classes, by creating a ton of fake packages filled with random classes. Additionally you can use some symbols like $ in the package names, which will prevent some decompilers to see this packages and the classes in it. => Not find able code
    • So it could look later like this:
    upload_2017-11-28_22-24-14.png

    This two methods will have the effect that it will take you a lot of time to find even a part of the code, which means that at this point most persons who try to steal your code, will have already surrendered.

    So to conclude this theme, it is like at the topics above a matter of how much time and effort you want to put into it. But I personally out of experience prefer the second method, because it will bring you to deal with your plugin, so you put more time and effort into it. A other good side factor of the second method is that you exactly know how the obfuscation is done and handled.


    Final words:
    Obfuscation is a theme itself, with a lot of depth and possibilities. I covered today just the simple part of it and I hope that this post may helped you finding your own decisions of how and if you want to obfuscate your plugin.

    Also if you have any questions or ideas, that I may missed in this thread, feel free to post them down below ;)

    I also thank you for your attention and for reading this long post until this point.

    Best Regards,
    @herby2212
     

Share This Page