System and method for branch extraction obfuscation
First Claim
1. A method of obfuscating code, the method comprising:
- identifying a Boolean statement in a conditional statement in a computer program, wherein when executed the Boolean statement evaluates to a Boolean output value in response to one or more input values;
creating a function that when executed evaluates to the Boolean output value in response to the one or more input values;
extracting a subset of intructions from a path associated with the conditional statement;
removing the subset of instructions from the path and inserting the subset of instructions in the function; and
replacing the Boolean statement with a call to the function, the function called using a pointer obtained from an array of pointers, wherein an index in the array identifying the pointer is dynamically calculated during execution of the computer program.
2 Assignments
0 Petitions
Accused Products
Abstract
Disclosed herein are systems, methods, and computer readable-media for obfuscating code. The method includes extracting a conditional statement from a computer program, creating a function equivalent to the conditional statement, creating a pointer that points to the function, storing the pointer in an array of pointers, replacing the conditional statement with a call to the function using the pointer at an index in the array, and during runtime of the computer program, dynamically calculating the index corresponding to the pointer in the array. In one aspect, a subset of instructions is extracted from a path associated with the conditional statement and the subset of instructions is placed in the function to evaluate the conditional statement. In another aspect, the conditional statement is replaced with a call to a select function that (1) calculates the index into the array, (2) retrieves the function pointer from the array using the index, and (3) calls the function using the function pointer. Calls can be routed through a select function before the function pointer is used to call the function evaluating the conditional statement. Each step in the method can be applied to source code of the computer program, an intermediate representation of the computer program, and assembly code of the computer program.
-
Citations
14 Claims
-
1. A method of obfuscating code, the method comprising:
-
identifying a Boolean statement in a conditional statement in a computer program, wherein when executed the Boolean statement evaluates to a Boolean output value in response to one or more input values; creating a function that when executed evaluates to the Boolean output value in response to the one or more input values; extracting a subset of intructions from a path associated with the conditional statement; removing the subset of instructions from the path and inserting the subset of instructions in the function; and replacing the Boolean statement with a call to the function, the function called using a pointer obtained from an array of pointers, wherein an index in the array identifying the pointer is dynamically calculated during execution of the computer program. - View Dependent Claims (2, 3, 4, 5)
-
-
6. A system for obfuscating code, the system comprising:
-
a processor; a module configured to control the processor to identify a Boolean statement in a conditional statement in a computer program, wherein when executed the Boolean statement evaluates to a Boolean output value in response to a one or more input values; a module configured to control the processor to create a function that when executed evaluates to the Boolean output value in response to the one or more input values; a module configured to control the processor to extract a subset of instructions from a path associated with the conditional statement; a module configured to control the processor to remove the subset of instructions from the path and insert the subset of instructions in the function; and a module configured to control the processor to replace the Boolean statement in the conditional statement with a call to the function, the function called using a pointer obtained from an array of pointers, wherein an index in the array identifying the pointer is dynamically calculated during execution of the computer program. - View Dependent Claims (7, 8, 9, 10)
-
-
11. A non-transitory computer-readable medium storing a computer program having instructions for obfuscating code, the instructions comprising:
identifying a Boolean statement in a conditional statement in a computer program, wherein when executed the Boolean statement evaluates to a Boolean output value in response to a one or more input values; creating a function that when executed evaluates to the Boolean output value in response to the one or more input values; extracting a subset of instructions from a path associated with the conditional statement; removing the subset of instructions from the path and inserting the subset of instructions in the function; and replacing the Boolean statement with a call to the function, the function called using a pointer obtained from an array of pointers, wherein an index in the array identifying the pointer is dynamically calculated during execution of the computer program. - View Dependent Claims (12, 13, 14)
Specification