Files

T

Antigravity Agent 504fd5fb42 [G1-Sync] Manual knowledge update

2026-05-10 22:08:15 +09:00

4.7 KiB

Raw Blame History

id, title, category, status, canonical_id, aliases, duplicate_of, source_trust_level, confidence_score, verification_status, tags, raw_sources, last_reinforced, github_commit, tech_stack

title

Code Obfuscation

매 한 줄

"매 reverse-engineering cost 의 raise — semantic 보존하면서 readability 파괴". Crypto 처럼 secrecy 가 아닌 cost-shifting — determined attacker 는 매 결국 풀 수 있음. 매 modern usage: anti-piracy, anti-cheating, license validation, 매 LLM-based deobfuscation 의 등장으로 의미 retreat.

매 핵심

매 layer

Lexical: rename identifier (x_a1b2c3).
Control flow: opaque predicate, control-flow flattening.
Data: string encryption, constant unfolding.
Anti-analysis: anti-debug, VM detection, integrity check.
Virtualization: custom VM bytecode (VMProtect, Themida).

매 trade-off

Performance: 2-10× slowdown (virtualization 시).
Size: 2-5× binary bloat.
Stability: false positive 가능 (anti-debug).
Security: 매 cost-raise 만 — break 시간을 hours → weeks 로.

매 응용

JavaScript bundle (anti-scraping).
Mobile app DRM, license check.
Game anti-cheat (e.g., VAC, EAC).
Malware (defensive obfuscation).

💻 패턴

String encryption

// Before
const KEY = "secret-api-key";

// After
const _0xa1b2 = ['c2VjcmV0', 'LWFwaQ==', 'LWtleQ=='];
const _0xc3d4 = (i) => atob(_0xa1b2[i]);
const KEY = _0xc3d4(0) + _0xc3d4(1) + _0xc3d4(2);

Control-flow flattening

// Before: linear flow
void f() { a(); b(); c(); }

// After: dispatcher loop
void f_obf() {
    int state = 0;
    while (state != -1) {
        switch (state) {
            case 0: a(); state = 7; break;
            case 7: b(); state = 3; break;
            case 3: c(); state = -1; break;
        }
    }
}

Opaque predicate

// Always true at runtime, hard to determine statically
auto opaque = [](int x) { return (x*x*x - x) % 3 == 0; }; // always true for any int
if (opaque(rand())) real_logic();
else fake_branch();  // dead but appears live to disassembler

Identifier mangling (terser)

// terser config
{
  mangle: {
    toplevel: true,
    properties: { regex: /^_/ }
  },
  compress: { passes: 3, dead_code: true }
}

Anti-debug (browser)

setInterval(() => {
    const t = performance.now();
    debugger;  // pauses if devtools open
    if (performance.now() - t > 100) {
        // devtools detected
        location.href = 'about:blank';
    }
}, 1000);

LLVM IR pass (obfuscator-llvm style)

struct StringObfPass : PassInfoMixin<StringObfPass> {
    PreservedAnalyses run(Module &M, ModuleAnalysisManager&) {
        for (auto &GV : M.globals()) {
            if (auto *CDA = dyn_cast<ConstantDataArray>(GV.getInitializer())) {
                if (CDA->isString()) xor_encrypt(GV);
            }
        }
        return PreservedAnalyses::none();
    }
};

매 결정 기준

상황	Approach
Web bundle anti-scraping	terser + javascript-obfuscator
Native binary (commercial)	VMProtect / Themida
Open-source w/ embedded secret	DON'T — use server-side proxy
Game anti-cheat	Kernel driver + virtualization
Mobile DRM	Hardware-backed (TEE, SEP) — obfuscation 보조

기본값: Don't obfuscate — secrets belong server-side. Necessary 시 매 layered defense.

🔗 Graph

부모: Software Security · Reverse Engineering
변형: Virtualization Obfuscation · Whitebox Cryptography
응용: DRM · Anti-Cheat · Malware Analysis
Adjacent: Symbolic Execution · Decompilation · Ghidra · IDA Pro

🤖 LLM 활용

언제: Defense-in-depth context, malware analysis 학습, anti-tamper design. 언제 X: Hiding actual secrets — broken by definition. 매 server-side 가 답.

❌ 안티패턴

Security through obscurity (alone): 매 always falls.
Embedding API key in client: obfuscation 으로도 매 보호 불가.
Custom crypto: roll-your-own → obfuscation 보다 매 weaker.
Performance ignored: 10× slowdown 으로 UX 망침.
No update path: 매 break 되면 매 fresh release 필요 — automation 필수.

🧪 검증 / 중복

Verified (Collberg taxonomy, obfuscator-llvm, javascript-obfuscator).
신뢰도 A.

🕓 Changelog

날짜	변경
2026-05-08	Phase 1
2026-05-10	Manual cleanup — obfuscation taxonomy + JS/LLVM patterns

4.7 KiB Raw Blame History Unescape Escape