Re: Need help evaluating proposed encryption architecture.

From: Alek Davis (alek_xDOTx_davis_xATx_intel_xDOTx_com)
Date: 05/07/04 

Date: Fri, 7 May 2004 09:52:50 -0700

Michel,

Transcoder looks like a good piece of software, but the documentation says
that it works with C code only. I did not see any mentioning of .NET, C#,
etc, and frankly, I would be really surprised otherwise. Conceptually it
look to me very similar to control flow obfuscation. I am not sure how
important this is for applications written in C. I think, it is not as
critical. Even though I keep hearing people claiming that C code can be
reverse engineered, I have not yet found a C decompiler which would produce
code anywhere close to the original source. Yes, I understand that it is
possible to get a disassembly and convert it to C source (at least in
theory), but it is very, very hard. I guess, using Transcoder would not hurt
(hopefully), but it is not an option for managed applications.

Alek

"Alek Davis" <alek_xDOTx_davis_xATx_intel_xDOTx_com> wrote in message
news:eth85D5MEHA.268@TK2MSFTNGP11.phx.gbl...
> I haven't heard about this one (Transcoder). Interesting. I will check it
> out (probably tomorrow, if I have time). Thanks for the reference. I will
> post a response if I find anything worth sharing.
>
> As far as transformations go, I am only familiar with "control flow
> obfuscation" offered by DotFuscator. Ideally, it should be a nice feature,
> but as Brent Rector says, if it does not work under some specific
conditions
> (which, I guess, can be possible, at least you must consider this as a
> theoretical option), then it will be pretty hard to troubleshoot and fix.
>
> Alek
>
> "Michel Gallant" <neutron@istar.ca> wrote in message
> news:Of2BmIwMEHA.2592@tk2msftngp13.phx.gbl...
> > Cloakware.com have a product called "Transcoder":
> > http://206.191.60.52/products/transcoder.html
> > which it appears takes obfuscation up a notch by using various some sort
> > of sophosticated "transformations".
> > The product is basically a source-code transformer application.
> > It seems to be intended for hiding secrets or algorithmic procedures in
> some
> > sophosticated way.
> > Any comments on this product versus similar products?
> >
> > - Mitch Gallant
> > MVP Security
> >
> > "Alek Davis" <alek_xDOTx_davis_xATx_intel_xDOTx_com> wrote in message
> > news:uuk1f%23vMEHA.2628@TK2MSFTNGP12.phx.gbl...
> > > The assumption is that a hacker can manage to get a read access to the
> file
> > > system holding the assembly and can make a copy of the file (binary).
> Yes,
> > > obfuscation can help somewhat, but it is still not bullet proof. Some
> > > obfuscators provide false sense of security, although other (like
> Demeanor)
> > > can be sufficient deterrents. So let's say that you buy Demeanor,
write
> the
> > > code in such a way that it is hard to make sense after decompilation,
> and
> > > obfuscate it using renaming to non-printable Unicode symbols. Now, a
> hacker
> > > must buy a decompiler (like Salamander), and spend time and effort on
> > > reverse-engineering. Depending on how willing the hacker is to get
your
> > > data, this may be reasonable approach, but it is generally not
> recommended
> > > by security professionals. This is what is commonly called "security
> through
> > > obscurity", and is normally regarded as the weakest option. But again,
> it
> > > all depends on the value of data, intrusion risk, etc.
> > >
> > > Alek
> > >
> > > "Srini" <anonymous@discussions.microsoft.com> wrote in message
> > > news:B5E980E6-A93B-4254-ABF8-DD105C8ED030@microsoft.com...
> > > > How is the hacker going to get the compiled assembly/binary code? Is
> it
> > > from taking the memory snap-shot? or while it is being being accessed?
> Just
> > > curious. Code obfuscation might improve the protection little more, as
> we
> > > know.
> > > >
> > > > Thanks inadvance.
> > > >
> > >
> > >
> >
> >
>
>

Loading