--- id: wiki-2026-0508-code-obfuscation title: Code Obfuscation category: 10_Wiki/Topics status: verified canonical_id: self aliases: [Obfuscation, Anti-Reverse Engineering] duplicate_of: none source_trust_level: A confidence_score: 0.9 verification_status: applied tags: [security, reverse-engineering, drm, javascript] raw_sources: [] last_reinforced: 2026-05-10 github_commit: pending tech_stack: language: JavaScript/C++ framework: obfuscator.io/LLVM-Obfuscator --- # Code Obfuscation ## 매 한 줄 > **"매 reverse-engineering cost 의 raise — semantic 보존하면서 readability 파괴"**. Crypto 처럼 secrecy 가 아닌 cost-shifting — determined attacker 는 매 결국 풀 수 있음. 매 modern usage: anti-piracy, anti-cheating, license validation, 매 LLM-based deobfuscation 의 등장으로 의미 retreat. ## 매 핵심 ### 매 layer - **Lexical**: rename identifier (`x_a1b2c3`). - **Control flow**: opaque predicate, control-flow flattening. - **Data**: string encryption, constant unfolding. - **Anti-analysis**: anti-debug, VM detection, integrity check. - **Virtualization**: custom VM bytecode (VMProtect, Themida). ### 매 trade-off - Performance: 2-10× slowdown (virtualization 시). - Size: 2-5× binary bloat. - Stability: false positive 가능 (anti-debug). - Security: 매 cost-raise 만 — break 시간을 hours → weeks 로. ### 매 응용 1. JavaScript bundle (anti-scraping). 2. Mobile app DRM, license check. 3. Game anti-cheat (e.g., VAC, EAC). 4. Malware (defensive obfuscation). ## 💻 패턴 ### String encryption ```javascript // Before const KEY = "secret-api-key"; // After const _0xa1b2 = ['c2VjcmV0', 'LWFwaQ==', 'LWtleQ==']; const _0xc3d4 = (i) => atob(_0xa1b2[i]); const KEY = _0xc3d4(0) + _0xc3d4(1) + _0xc3d4(2); ``` ### Control-flow flattening ```c // Before: linear flow void f() { a(); b(); c(); } // After: dispatcher loop void f_obf() { int state = 0; while (state != -1) { switch (state) { case 0: a(); state = 7; break; case 7: b(); state = 3; break; case 3: c(); state = -1; break; } } } ``` ### Opaque predicate ```cpp // Always true at runtime, hard to determine statically auto opaque = [](int x) { return (x*x*x - x) % 3 == 0; }; // always true for any int if (opaque(rand())) real_logic(); else fake_branch(); // dead but appears live to disassembler ``` ### Identifier mangling (terser) ```javascript // terser config { mangle: { toplevel: true, properties: { regex: /^_/ } }, compress: { passes: 3, dead_code: true } } ``` ### Anti-debug (browser) ```javascript setInterval(() => { const t = performance.now(); debugger; // pauses if devtools open if (performance.now() - t > 100) { // devtools detected location.href = 'about:blank'; } }, 1000); ``` ### LLVM IR pass (obfuscator-llvm style) ```cpp struct StringObfPass : PassInfoMixin { PreservedAnalyses run(Module &M, ModuleAnalysisManager&) { for (auto &GV : M.globals()) { if (auto *CDA = dyn_cast(GV.getInitializer())) { if (CDA->isString()) xor_encrypt(GV); } } return PreservedAnalyses::none(); } }; ``` ## 매 결정 기준 | 상황 | Approach | |---|---| | Web bundle anti-scraping | terser + javascript-obfuscator | | Native binary (commercial) | VMProtect / Themida | | Open-source w/ embedded secret | DON'T — use server-side proxy | | Game anti-cheat | Kernel driver + virtualization | | Mobile DRM | Hardware-backed (TEE, SEP) — obfuscation 보조 | **기본값**: Don't obfuscate — secrets belong server-side. Necessary 시 매 layered defense. ## 🔗 Graph - 응용: [[Malware Analysis]] ## 🤖 LLM 활용 **언제**: Defense-in-depth context, malware analysis 학습, anti-tamper design. **언제 X**: Hiding actual secrets — broken by definition. 매 server-side 가 답. ## ❌ 안티패턴 - **Security through obscurity (alone)**: 매 always falls. - **Embedding API key in client**: obfuscation 으로도 매 보호 불가. - **Custom crypto**: roll-your-own → obfuscation 보다 매 weaker. - **Performance ignored**: 10× slowdown 으로 UX 망침. - **No update path**: 매 break 되면 매 fresh release 필요 — automation 필수. ## 🧪 검증 / 중복 - Verified (Collberg taxonomy, obfuscator-llvm, javascript-obfuscator). - 신뢰도 A. ## 🕓 Changelog | 날짜 | 변경 | |---|---| | 2026-05-08 | Phase 1 | | 2026-05-10 | Manual cleanup — obfuscation taxonomy + JS/LLVM patterns |