2

I am working on a collaborative project, for which I have to submit source code, which will be used/embedded in the main repository for re-compilation. Is there any way, I can encrypt the source code or may apply some other technique so that I can remove the readability of my code completely, but it still compiles well after applying decryption or anti-pattern.

Nature of my Project is an enterprise level distributed application, having different clients being written for cloud,desktop,web,mobile etc.

So, is there any general purpose technique/design pattern or some concept, by applying which I can publish my source and still not exposing it.

gnat
  • 21,442
  • 29
  • 112
  • 288
Qasim
  • 133
  • 1
  • 6

1 Answers1

10

This is called obfuscation.

What it does is that it performs a series of operations which don't affect the execution of the source code, but make it more difficult to read of a human.

For example, here are some commonly used obfuscation techniques:

  • Remove whitespace.

  • Remove comments.

  • Replace meaningful names of variables and members by names such as a, b, c.

With only those three basic techniques, this code:

public string GenerateFileName()
{
    var basePath = this.FindBasePath();
    do
    {
        var counter = this.CounterExists ? this.GetCounter() : 0;
        var name = this.GenerateName(counter);

        // If the file limit was exceeded, it indicates that something went wrong.
        // Possible causes include two services running side by side on the same machine
        // or two machines running the service using a share. Remember that the service
        // should be bound to a directory which is not used by any other application.
        if (counter > MaximumAllowedFiles)
        {
            throw new StorageThresholdException();
        }
    }
    while (File.Exists(Path.Combine(basePath, name)));
}

becomes:

public string c(){var a=this.h();do{var b=this.k?this.b():0;var c=this.d(b);if(b>i){throw
new af();}}while(File.Exists(Path.Combine(a,c)));}

Less frequently used obfuscation techniques include but not limited to:

  • Encryption of strings,

  • Inlining (i.e. moving the body of a method in the method which was calling the first one),

  • Control flow obfuscation,

  • Encryption of source code (the effectiveness of this technique is highly disputed, since if the machine running the application can decrypt the source code in order to run it, the user of this machine can do it as well).

Of course, you shouldn't do the obfuscation yourself, but rather search for a tool which makes this for the language of your choice.

Note that some tools don't have obfuscation as their primary goal, but still can be used for that. Google Closure Compiler, for example, is intended to (1) perform static checking of the code and to (2) reduce the size of JavaScript files, but has a side effect of making source code quite unreadable.

Arseni Mourzenko
  • 134,780
  • 31
  • 343
  • 513
  • 1
    Yes, thanks, exactly that's what i was looking for. – Qasim Dec 18 '14 at 12:37
  • I also like to use long names with visually similar characters. E.g, lots of letter L, but lower case, and digit 1, to get variable names like l1l1l1l1l1lll (maybe mix in a few upper or lower I too) Ditto zero & letter O. It effectiveness is somewhat dependant on font, but it throws another blocker in the way & slows the attacker a little. liI1liI1 :-) – Mawg says reinstate Monica Dec 18 '14 at 13:35
  • 2
    @Mawg: personally, I don't think it changes anything. Neither does the technique of some obfuscators to use unicode characters (including the ones which most editors don't display correctly). The reason is that the hacker will use a refactoring tool to rename, one by one, the variables into more and more meaningful names while exploring the code. – Arseni Mourzenko Dec 18 '14 at 13:43