Author: Pawel Krawczyk
This library is still work in progress. It contains bugs and the operators set is very limited. Suggestions and improvements are welcome.
This library defines set of data types and artithmetic operators, which can be used to code procedures with the intent to produce binary code which is difficult to analyse and reverse engineer.
This is achieved by moving all the calculations to yet another layer, which produces messy binary code being difficult to read and figure out, what calculations are actually performed and on which data.
There are following data types:
One obit is encoded in one standard byte. This bits are random except the byte evenness encodes obit. Even byte encodes 1, odd byte encodes 0.
One obyte is encoded as 8 standard bytes (8 obits, 64 standard bits).
#include "obcode.h"
struct obyte ob1;
struct obyte ob2;
struct obyte obsum;
unsigned char sum;
obcode_init(0); /* Initialise obyte random */
obyte_set(&ob1, 12); /* Normal number 12 to obyte */
obyte_set(&ob2, 33); /* Normal number 33 to obyte */
obyte_add(&ob1, &ob2, &obsum); /* Perform OBCODE addition */
sum = obyte_get(&obsum); /* Return to normal world */
obcode_finish();
If those numbers were already encoded as obytes, people reverse engineering the code would never see 12 and 33, only messy operations on long, random looking data streams, eventually giving the product of 45.
Implementation of RC4 stream cipher is provided (obrc4) as an working example how to utilise the library. Unoptimized code is about 15x slower than the original C implementation, while code optimized with gcc-3.0 -O4 switch is only 2-3x slower.
Every code that has been compiled by a human, can be reverse-engineered by another clever human. In some cases it will take less time, in some it will take more time. This library is for people who want their code require more time to reverse-engineer. Though not perfectly secure, this library introduces yet another time factor, that may increase cost of the cracking process.
People were asking about sense of releasing such a library as source code. Well, there are two arguments that it really doesn't break its security significantly. First, knowing the basic primitives shouldn't really help reversing the actual algorithm that uses them. Second, the library attempts to be strongly parametrised - there's simple secret parameter (ob_key) and there's random parameter (sliding code blocks).
The idea is to make every instance of the library different so that reversing one instance wouldn't help much reversing another one.
Also, my basic assumption is that the main strength of the library is the virtualisation of the code, not the simple anti-debugging tricks which are present in the code as well. Nor is secrecy of the library's code itself.
The idea was inspired by one of Solar Designer's crackmes coded in i386 assembly for DOS and using similiar concept.
Redistribution of this package is permitted under the Lesser GNU Public License. See `COPYING' file for further details.
People were asking me what is the point of releasing such code on GPL, as it was up to version 1.0.4 because of my lack of full understanding of the licensing problem. So the version 1.0.5 was released as Lesser GPL, thus allowing proprietary code to be linked to this library.
However, if you read the LGPL thoroughly you will notice that there's much difference between code USING this library and code DERIVED from the library.
This means that if you add your own code to the library or improve it in any other way you must release them to the public. I hope this is the best compromise between the library usability and my wish to keep it free and open.
Official site for now is http://echelon.pl/pubs/obcode.html