Jump to content
  • Sign Up

Archived

This topic is now archived and is closed to further replies.

ClassiCool

How obfuscated can you code?

Recommended Posts

I want you to make some obfuscated code that does one simple task: creates a password protected document. There are two ways you can do this...

Option 1:

Make your own code. The document can be about anything, but it should not be stored as a file. Instead, you type in a password into the command line and then the program checks for a file, with the name being the second password and the file's contents being the first password and the third password together. The passwords can be any length you want, but I'd recommend going for more than 16 characters. However, you can create as many password files as you can. The more, the safer. See an example of this below, using three passwords, two contained in a file.

Option 2:

If you are unsure, you can start off with my C++ example. Obfuscate it however you want, port it to whatever language you want, but keep the document, password file and command line password the same.

RULES:

  1. In your submission, make sure to show: the original non-obfuscated source code, the obfuscated source code and two programs each compiled from the said code.
  2. You can pick any programming language that supports reading and writing files, such as C++, Python or Java.
  3. Try to put in some effort into your submission.

EXAMPLE:

C++ compiled with G++

non-obfuscated.cppobfuscated.cpp

You'll need this file in the same directory as the EXE:

fIYElya1HOAetOy2QI9di1Jr8FbaawFSXuNkEtYQRQ4JZLoFvbSvgNwOVbpBwAQfpoiO0ovwHZFebTgBkAw8x1bM8kbh5C9xgt1POTz1hGzLglwr8mX3DaCVIDsbGFoe.txt

I can't wait to see what you can make up!

Go compile them yourself. EXEs are banned.

g++ name.cpp -o name.exe

Share this post


Link to post
18 minutes ago, AndrewPH said:

don't share executable files on here, no matter how innocent they may be.

Just wondering why we cant share files?

Not complaining just wondering

Share this post


Link to post
3 minutes ago, Matthew132 said:

Just wondering why we cant share files?

Not complaining just wondering

you can share files, but don't share executable files. even with source code provided, there's no way to know for sure they aren't malicious.

Share this post


Link to post
1 hour ago, AndrewPH said:

you can share files, but don't share executable files. even with source code provided, there's no way to know for sure they aren't malicious.

I see... thanks

Share this post


Link to post

Alright, i have made what could be seen as heavily obfuscated C code, i stripped as much whitespace as i can, along with renaming all symbols to something impossible to tell what leads to where.
The code is slightly different from the un-obfuscated code to also strip as much constant strings as possible, the only constant strings left in the program are those of program output that isn't sensitive, and the constant strings that the constant string generator uses, but no worries, those characters are jumbled and added onto.
Password: "Au5zKIegwzNktzaPXYp8csbdQERlBow9Ire1jFTW"

Here is the code files, both unobs and obs, and the input text file.
Make sure the program and the input text file are in the same directory. Only way to solve the obfuscation, is possibly to debug it, as with all.

non-obs.c obss.c X9x0Gg95FhroRUFpQoWFk33ZaquGQDIF7uprESYP.txt

Share this post


Link to post
On 12/14/2020 at 12:48 AM, popgoesme700 said:

Alright, i have made what could be seen as heavily obfuscated C code, i stripped as much whitespace as i can, along with renaming all symbols to something impossible to tell what leads to where.
The code is slightly different from the un-obfuscated code to also strip as much constant strings as possible, the only constant strings left in the program are those of program output that isn't sensitive, and the constant strings that the constant string generator uses, but no worries, those characters are jumbled and added onto.
Password: "Au5zKIegwzNktzaPXYp8csbdQERlBow9Ire1jFTW"

Here is the code files, both unobs and obs, and the input text file.
Make sure the program and the input text file are in the same directory. Only way to solve the obfuscation, is possibly to debug it, as with all.

non-obs.c 2.5 kB · 16 downloads obss.c 6.98 kB · 14 downloads X9x0Gg95FhroRUFpQoWFk33ZaquGQDIF7uprESYP.txt 170 B · 13 downloads

It's easier to understand if you're using something like Visual Studio Code and you are able to rename symbols. Non-obfuscated already got my head scratching, even though I know a bit of C!

Share this post


Link to post
On 3/10/2021 at 9:16 AM, ClassiCool said:

It's easier to understand if you're using something like Visual Studio Code and you are able to rename symbols. Non-obfuscated already got my head scratching, even though I know a bit of C!

Meh, i literally did do that feature to find and replace all the symbols with the obstructed stuff. Its just meant to add some time to the obstruction, seeing as most of obstructions do this, despite the fact that it is "easy" to figure it out. What would've made it nicer is if i made you have to move your standard C library to the same directory, and the program will load a second copy of it into memory using dlopen (or the windows variant of the API), then i encode the strings/functions i pass into the dlsym (or the windows variant) in a similar but different fashion as i do for the strings pertaining to the files and input.
 

Essentially i could attempt to obstruct the actual function calls to things like printf and malloc further if i really want to go through the trouble (though i am also not entirely sure if its possible to load the standard C library "twice" in a program?)

Also on linux, i think i figured out some form of way to do this, not entirely sure how it would work on windows platform entirely, but the musl libc library could be used, if indeed possible.

Share this post


Link to post

×
×
  • Create New...