bluemsi/2nd
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
Files
95cd8bb891bf94ea5dd50e4a490ee17d5707ecf2
2nd/10_Wiki/Topics/DevOps_and_Security/Code Obfuscation.md
T
Antigravity Agent f8b21af4be Wiki cleanup: error-doc removal, dedup merge, link normalization 
10_Wiki/Topics 대규모 정리:
- 오류 캡처/미완성 stub 문서 227개 제거
- 교차폴더 중복 43클러스터 병합 (63파일 → redirect)
- 링크명 정규화: 깨진 링크 수정·redirect 직결·개념 매핑 ~2,400건
- 카테고리 MOC 6개 신규 생성
- Graph 섹션 미해결 related-keyword 링크 10,058건 제거

Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
2026-05-20 23:52:15 +09:00

158 lines
4.5 KiB
Markdown
Raw Blame History

This file contains ambiguous Unicode characters
This file contains Unicode characters that might be confused with other characters. If you think that this is intentional, you can safely ignore this warning. Use the Escape button to reveal them.
---
id: wiki-2026-0508-code-obfuscation
title: Code Obfuscation
category: 10_Wiki/Topics
status: verified
canonical_id: self
aliases: [Obfuscation, Anti-Reverse Engineering]
duplicate_of: none
source_trust_level: A
confidence_score: 0.9
verification_status: applied
tags: [security, reverse-engineering, drm, javascript]
raw_sources: []
last_reinforced: 2026-05-10
github_commit: pending
tech_stack:
language: JavaScript/C++
framework: obfuscator.io/LLVM-Obfuscator
---
# Code Obfuscation
## 매 한 줄
> **"매 reverse-engineering cost 의 raise — semantic 보존하면서 readability 파괴"**. Crypto 처럼 secrecy 가 아닌 cost-shifting — determined attacker 는 매 결국 풀 수 있음. 매 modern usage: anti-piracy, anti-cheating, license validation, 매 LLM-based deobfuscation 의 등장으로 의미 retreat.
## 매 핵심
### 매 layer
- **Lexical**: rename identifier (`x_a1b2c3`).
- **Control flow**: opaque predicate, control-flow flattening.
- **Data**: string encryption, constant unfolding.
- **Anti-analysis**: anti-debug, VM detection, integrity check.
- **Virtualization**: custom VM bytecode (VMProtect, Themida).
### 매 trade-off
- Performance: 2-10× slowdown (virtualization 시).
- Size: 2-5× binary bloat.
- Stability: false positive 가능 (anti-debug).
- Security: 매 cost-raise 만 — break 시간을 hours → weeks 로.
### 매 응용
1. JavaScript bundle (anti-scraping).
2. Mobile app DRM, license check.
3. Game anti-cheat (e.g., VAC, EAC).
4. Malware (defensive obfuscation).
## 💻 패턴
### String encryption
```javascript
// Before
const KEY = "secret-api-key";
// After
const _0xa1b2 = ['c2VjcmV0', 'LWFwaQ==', 'LWtleQ=='];
const _0xc3d4 = (i) => atob(_0xa1b2[i]);
const KEY = _0xc3d4(0) + _0xc3d4(1) + _0xc3d4(2);
```
### Control-flow flattening
```c
// Before: linear flow
void f() { a(); b(); c(); }
// After: dispatcher loop
void f_obf() {
int state = 0;
while (state != -1) {
switch (state) {
case 0: a(); state = 7; break;
case 7: b(); state = 3; break;
case 3: c(); state = -1; break;
}
}
}
```
### Opaque predicate
```cpp
// Always true at runtime, hard to determine statically
auto opaque = [](int x) { return (x*x*x - x) % 3 == 0; }; // always true for any int
if (opaque(rand())) real_logic();
else fake_branch(); // dead but appears live to disassembler
```
### Identifier mangling (terser)
```javascript
// terser config
{
mangle: {
toplevel: true,
properties: { regex: /^_/ }
},
compress: { passes: 3, dead_code: true }
}
```
### Anti-debug (browser)
```javascript
setInterval(() => {
const t = performance.now();
debugger; // pauses if devtools open
if (performance.now() - t > 100) {
// devtools detected
location.href = 'about:blank';
}
}, 1000);
```
### LLVM IR pass (obfuscator-llvm style)
```cpp
struct StringObfPass : PassInfoMixin<StringObfPass> {
PreservedAnalyses run(Module &M, ModuleAnalysisManager&) {
for (auto &GV : M.globals()) {
if (auto *CDA = dyn_cast<ConstantDataArray>(GV.getInitializer())) {
if (CDA->isString()) xor_encrypt(GV);
}
}
return PreservedAnalyses::none();
}
};
```
## 매 결정 기준
| 상황 | Approach |
|---|---|
| Web bundle anti-scraping | terser + javascript-obfuscator |
| Native binary (commercial) | VMProtect / Themida |
| Open-source w/ embedded secret | DON'T — use server-side proxy |
| Game anti-cheat | Kernel driver + virtualization |
| Mobile DRM | Hardware-backed (TEE, SEP) — obfuscation 보조 |
**기본값**: Don't obfuscate — secrets belong server-side. Necessary 시 매 layered defense.
## 🔗 Graph
- 응용: [[Malware Analysis]]
## 🤖 LLM 활용
**언제**: Defense-in-depth context, malware analysis 학습, anti-tamper design.
**언제 X**: Hiding actual secrets — broken by definition. 매 server-side 가 답.
## ❌ 안티패턴
- **Security through obscurity (alone)**: 매 always falls.
- **Embedding API key in client**: obfuscation 으로도 매 보호 불가.
- **Custom crypto**: roll-your-own → obfuscation 보다 매 weaker.
- **Performance ignored**: 10× slowdown 으로 UX 망침.
- **No update path**: 매 break 되면 매 fresh release 필요 — automation 필수.
## 🧪 검증 / 중복
- Verified (Collberg taxonomy, obfuscator-llvm, javascript-obfuscator).
- 신뢰도 A.
## 🕓 Changelog
| 날짜 | 변경 |
|---|---|
| 2026-05-08 | Phase 1 |
| 2026-05-10 | Manual cleanup — obfuscation taxonomy + JS/LLVM patterns |
Reference in New Issue View Git Blame Copy Permalink