The importance of obfuscating the code?

One of the most frustrating aspects of working as a developer is spending all day debugging code — but you'll soon learn that this is only part of the job. And after all the effort of building, debugging, and deploying your app, the last thing you want is for someone else to capture and reuse all that effort. Thankfully, a common method of coding known as code obfuscation can help protect your work. In this article, I will walk you through the basics of code obfuscation.

The Importance of Obfuscating the Code?

What is source code obfuscation?

Code obfuscation is the deliberate act of obscuring source code, making it very difficult for humans to understand and rendering it useless to hackers with ulterior motives. it can also be used to prevent software reverse engineering.

Essentially, obfuscation completely changes the source code; However, it is still functionally equivalent to the original code.

Obfuscation is NOT the same as encryption. The purpose of encryption is to transform data to keep it secret from others. The purpose of obfuscation is to make it difficult for humans to understand the data. Encrypted code always needs to be decrypted before execution, while decryption does not require the code to go through decryption to execute it.

How obfuscation works

Code obfuscation consists of a number of different techniques, each built on top of the other, thus making the code difficult to understand. The following are some of the obfuscation techniques used.

Rename Obfuscation: Renaming essentially modifies variable and method names, making the code confusing for humans. However, it still maintains program execution behavior. This basic technique is most commonly used by Android, Java and IOS obfuscators.

String Encryption: While the renaming technique simply changes variable and method names, string encoding is intended to encode all unambiguously readable strings. (You should be aware that with this technique, decoding strings at runtime may incur a small runtime performance penalty.)

Insert pseudocode: This involves inserting code into the executable. This technique makes reverse engineered code very difficult to analyze. However, the insertion does not affect the logic and/or execution of the program.

Before Obfuscation:

function sayHello() {

remote control. log ( "Hello World" );

}

sayHello() ;

After Obfuscation:

var _0x12b3 = [ "\x48\x65\x6C\x6C\x6F\x20\x57\x6F\x72\x6C\x64" , "\x6C\x6F\x67" ] ;

function sayHello() { console [ _0x12b3 [ 1 ]] ( _0x12b3 [ 0 ])} sayHello()

Why use an obfuscator code?

1. When you develop an Android app (or any app for that matter), you should try to make it much harder for attackers to review the code and analyze the app.

2. It is essential to hide business logic and code to make it difficult for attackers to gain access and start debugging and tampering with your application. (They often repackage an app with malicious code.)

3. Code obfuscation can greatly reduce file size and download time can also be greatly reduced. (Let's consider JavaScript as an example.)

4. People are creating careers by reverse engineering — So you want to make it as difficult as possible to stop them.

5. A company that develops applications for customers may not want their customers to be able to read them.

Drawbacks of using an obfuscator

1. In some cases, anti-virus software like AVG AntiVirus will warn you when you visit a website that has been obfuscated (because one of the purposes of obfuscation is to hide malicious code). harmful). However, in case the obfuscation is done for security reasons, it can prevent the user from using or accessing a website.

2. Some techniques can negatively affect the performance of algorithms.

Here are some tools you can use:

.NET: Dotfuscator, ILProtector

JavaScript: Javascript Obfuscator , Jscrambler

Android: ProGuard

While obfuscation can make reading and reverse engineering a program difficult and time-consuming, it does not make it impossible. It's important to note that while the source code obfuscation tool does a good job of hiding the source code, no decryption tool guarantees maximum security. Therefore, in cases where security is of high importance, you will want to use other measures, including different encryption schemes.