Software obfuscation or obscuring a software is an approach to defeat the practice of reverse engineering a software for using its functionality illegally in the development of another software.Java applications are more amenable to reverse engineering and re-engineering attacks through methods such as de-compilation because Java class files store the program in a semi complied form called 'byte' codes. The existing obfuscation systems obfuscate the Java class files. Obfuscated source code produce obfuscated byte codes and hence two level obfuscation (source code and byte code level) of the program makes it more resilient to reverse engineering attacks. . But source code obfuscation is much more difficult due to richer set of programming constructs and the scope of the different variables used in the program and only very little progress has been made on this front.In this paper are proposing a framework named "JConstHide" for hiding constants, especially integers in the java source codes, to defeat reverse engineering through de-compilation. To the best of our knowledge, no data hiding software are available for java source code constant hiding.
The Figure gives a snapshot of the JConstHide framework, containing main modules for Source Code Formatting (SCF) and Constant Hiding (CH). The first iteration for obfuscation is performed by the SCF module and the next set of subsequent iterations is performed by the CH module. The functionality of the SCF module is to rewrite the source code in a different format for effective source code obfuscation and the CH module implements obfuscation by hiding the constants of the formatted code with expressions. During a session of obfuscation, the tool provides only a single iteration option for ‘formatting’ and multiple iterations option for obfuscation. The formatted file can be chosen repeatedly to implement further levels of
obscurity by data hiding.
Reference Paper Details:
JConstHide: A Framework for Java Source Code Constant Hiding
Journal of Information Assurance and Security 4 (2009) 21-29
Praveen Sivadasan1, P Sojan Lal2 ,Naveen Sivadasan3
