SecurityAlso called: "code obfuscation", "code mangling"
Obfuscation transforms code to hinder reverse engineering while maintaining functionality.
Obfuscation techniques
- Rename variables: Meaningful names → a, b, c, x1, x2.
- Remove whitespace: Minimize code to one line.
- String encoding: Encrypt strings, decode at runtime.
- Control flow flattening: Reorder logic to confuse.
- Dead code injection: Add useless code paths.
- Opaque predicates: Conditionals with predetermined outcomes.
Legitimate uses
- Protect proprietary algorithms.
- Prevent license key extraction.
- Mobile app anti-tampering.
- JavaScript client-side protection.
Malicious uses
- Hide malware functionality.
- Evade antivirus detection.
- Conceal backdoors and exploits.
- Bypass security scanning.
Limitations
- Determined attackers can still reverse engineer.
- Impacts performance.
- Makes debugging harder.
- Not a substitute for proper security.
Deobfuscation
- Static analysis tools.
- Dynamic analysis (run and observe).
- Pattern recognition.