Code obfuscation?


#1

Is there a obfuscator for rust or can’t a c/c++ one working on it?


#2

Obfuscator-LLVM probably can be made to work.


#3

Why would you do that? As soon as you compile the code you will not be able to decompile it to the original Code.


#4

This is sometimes the explicit goal :slight_smile:
E.g. in commercial software, to prevent reverse engineering by competitors, or in DRM code, or anti-cheat protection in video-games.
It’ll always be a form of security-through-obscurity, but for some (non-crypto, business) use-cases, that can be sufficient (or at least an additional layer).


#5

I might be wrong, but I think @hellow is saying that compilation already obfuscates the code a lot, so making it even more irreversible is often overkill.


#6

I am not at home in this field, but I have been shown that my own original assumption of “is practically impossible” was hilariously inaccurate by people in the infosec/security and hacking scenes.
So I can definitely understand the desire for obfuscation tools :smile:

I have heard of fairly sophisticated assembly-analyzers and decompilers (see wikipedia) that can extract function definitions, recognise the original programming language that was used, support “refactoring” of the decompiled code, and more. (Tools such as IDA, which is apparently not even the most advanced you can go :neutral_face:).


#7

Wouldn’t the existence of sophisticated decompilers defeat the whole point of the obfuscation? The obfuscation won’t carry over to the decompiled version anyway.


#8

As in many of these things, it’s an ever-ongoing arms race.

Take, for example, the DRM removal pirate scene. In the early ‘00s, most drms where cracked within days after game release, and companies like Sony basically rootkitted their customers’ PC with DRM drivers in order to even have remote chances. Then came the “unbreakable” DeNuVo, and for a few years the protectors had the upper hand. However, since recently it seems to have been “figured out”, and now we’re back to same-day No-CD cracks.

Same with memory leaks. First nobody cared, then the hackers starts partying, and now we have tools like fuzzers and address sanitisers (and Rust :smile:)


#9

Yes, but almost all of this is about encryption, not obfuscation of code that compiles with stripped symbols. I still can’t see any point of obfuscating Rust for any other reason than that one would actually want to distribute source code. None of the above has really hinted at that being a thing.


#10

I guess only @tes can explain his exact requirements, but my bet is embedding rust code in some form of production use case, where reverse engineering is a business concern.
Regardless of our personal preferences, that would imply more “production users” of Rust, which is always a cause for :tada::confetti_ball: :yum:


#11

@juleskers Reverse engineering is a concern. So a layered security.

Edit: anti-cheat.:wink:


#12

I don’t know C++ but going to use Rust or Nim.:thinking:


#13

Nice!

Is there a chance that you (or your company?) writes a blog or something to that effect about why you chose Rust? Even a tweet on the company twitter account would be great!
The official Rust Team (of which I am not a member) is always looking for feedback from commercial users, to increase Rust’s value for that audience.

There’s also the Friends of Rust page, where our community would be very grateful to wear your logo as proud supporter of the Rust ecosystem (nice signal boost for you as well :wink: )


#14

aammm, Personal project so no company.:frowning_face: I think Rust would be effective anti-cheat system but I haven’t pick a language yet. It is between Rust and Nim for a game project.


#15

Language choice doesn’t really make much of a difference if you’re compiling to native code. I’ve dabbled with reverse engineering programs before and there isn’t any noticeable difference between Rust code and C++ compiled with Clang (both use LLVM as the code generation backend).

You’re always going to be fighting an uphill battle with creating anti-cheat systems. It’s better to design your game in such a way that cheating via reverse engineering doesn’t actually give you much of an advantage. Otherwise you can always try to obfuscate your code to make the reverse engineering process more difficult, but that’s not always successful and can make the codebase unmaintainable if you obfuscate by messing with the source code’s control flow (hence why tools like Obfuscator-LLVM exist).


#16

I was thinking about memory safety in mind.:wink: I can’t find a comptable Obfuscator-LLVM for Rustc?