What is Control Flow Obfuscation?
DashO includes a strong form of protection called Control Flow Obfuscation. Reverse-engineering tools and Java runtimes differ in one very important area: runtimes execute code – if the code says “goto”, the runtime does. Reverse-engineering tools attempt to view sections of code at once and identify those pieces of code as for-loops, if-blocks, or whatever structures were present in the source code. Runtimes don’t require those structures. Loops are simply a commonly followed goto. Control Flow Obfuscation destroys the common perception of compiled control structures. The runtime doesn’t care as one set of goto’s has been replaced by another. But reverse engineering tools are left with spaghetti code. Since Java has no actual goto command (compiled Java bytecode does) this often poses a significant reverse-engineering problem.
Dotfuscator includes a strong form of protection called Control Flow Obfuscation. Reverse-engineering tools and managed runtimes differ in one very important area: Runtimes execute code – if the code says “goto”, the runtime does; Reverse-engineering tools attempt to view sections of code at once and identify those pieces of code as for-loops or if-blocks or whatever structures were present in the source code. Runtimes don’t require those structures. Loops are simply a commonly followed goto. Control Flow Obfuscation destroys the common perception of a compiled control structure. The runtime isn’t affected if one set of gotos has been replaced by another. However, the reverse engineering tools are left with spaghetti code.
Control flow obfuscation is a traditional but effective obfuscation technique. Reverse-engineering tools and the Flash player differ in one very important area. The Flash player executes code – if the code says “GOTO”, the Flash player does. Reverse-engineering tools attempt to view sections of code at once and identify those pieces of code as for-loops or if-blocks or whatever structures were present in the source code. The Flash player does not particularly care and certainly does not need those structures. Loops are simply a commonly followed GOTO. Control flow obfuscation destroys the common perception of a compiled control structures. The Flash player doesn’t care if one set of GOTOs has been replaced by another. But reverse engineering tools now are left with spaghetti code. Since ActionScript has no actual GOTO command (compiled byte code does) this often poses a significant reverse-engineering problem.
