More entropy in random names
Java class file shrinker, optimizer, obfuscator, and preverifier
Brought to you by:
guardsquare
Menu
▾
▴
#111 More entropy in random names
Between two runs of proguard i want different random names to be chosen. Right now i have observed that a.class b.class c.class retained the same original identity between two runs of proguard.
My goal is to make it more difficult for an adversary to maintain an up-to-date reverse-engineered code-base as i continue to upgrade my own code base.
also it would make it more difficult for my adversary to ever achieve a complete reverse engineered code base since an upgrade may become available and he would face the dilemma of sticking with an old version of my software or facing all new names in a newer version of my software.
also i do wonder if methods within a class maintain the same names and order. sometimes maintaining order is important: "The runtime system guarantees that static initialization blocks are called in the order that they appear in the source code." - http://download.oracle.com/javase/tutorial/java/javaOO/initial.html
though i do realize that there are other rarely changing attributes besides names that would make it easy to go from version to version. a single experienced adversary may have an easy time going from version to version while ignoring class/method names. however it is the names that are the easiest to communicate between to human beings, if these names were random it would be more difficult to for an experienced cracker to pass on his knowledge of my software. when it comes to game software there is cat and mouse game when dealing with cheaters.
Most users prefer processing to be deterministic and repeatable, but some have indeed requested randomization. I'll consider it. For now, you'd have to modify the source code (the NameFactory classes). You could also provide randomized dictionary files (-obfuscationdictionary, -classobfuscationdictionary).
The order of class members is always preserved. The optimization step may reorganize the code more significantly (e.g. method inlining, class merging), but it always tries to respect side effects such as static initializers.
+1 on this. The use case I have in mind is a library, where I would like each developer who uses the library to have a different (but repeatable for them if they choose) set of mappings; then reverse engineering one of the apps that uses the library won't be transferrable to another. Perhaps a random seed could be generated on the first run and reused thereafter?
Shortly after i made this ticket and got a response i easily made a solution to this problem.
I made a custom program that is executed by my ant script, the program generates a long list of random names to be used as a dictionary.
It's clean and very simple. No need to modify proguard.
DexGuard uses a ShufflingNameFactory as wrapper to add more entropy between different runs (if there are slight changes).