Control Flow Obfuscation

Article
06/18/2008

This process synthesizes branching, conditional, and iterative constructs that produce valid forward (executable) logic, but yield non-deterministic semantic results when decompilation is attempted. Control Flow obfuscation produces spaghetti logic that can be very difficult for a cracker to analyze. Consider the following example processed by Dotfuscator Professional Edition:

Original Source Code Before Obfuscation © 2001, Microsoft Corporation (Snippet from WordCount.cs C# example code)
public int CompareTo(Object o) { int n = occurrences – ((WordOccurrence)o).occurrences; if (n == 0) { n = String.Compare(word, ((WordOccurrence)o).word); } return(n); }

Reverse-Engineered Source Code After Control Flow Obfuscation By Dotfuscator Professional Edition
public virtual int _a(Object A_0) { int local0; int local1; local0 = this.a – (c) A_0.a; if (local0 != 0) goto i0; goto i1; while (true) { return local1; i0: local1 = local0; } i1: local0 = System.String.Compare(this.b, (c) A_0.b); goto i0; }

public virtual int _a(Object A_0) {
    int local0;
    int local1;
    local0 = this.a – (c) A_0.a;
    if (local0 != 0) goto i0;
    goto i1;
    while (true) {
       return local1;
       i0: local1 = local0;
    }
    i1: local0 = System.String.Compare(this.b, (c) A_0.b);
    goto i0;
}

Share via

Control Flow Obfuscation

Additional resources