1

I am currently reading a research paper on obfuscation. Here's the portion of the paper that relates to my question.

"while current obfuscation schemes elevate some islets of static analysis, such as changing layout of the source code, changing control flow, and modifying data, they are easily exposed to reverse engineering analysis due to a lack of API concealment. Therefore, a quantitative evaluation scheme is needed to ensure that obfuscation is applied to an appropriate API with an adequate degree of resistance to reverse engineering."

Barath R
  • 199
  • 3
  • 12
  • 1
    It probably means renaming methods, fields and classes so that the names no longer mean anything, like `m_12345`. – Sweeper Sep 18 '18 at 05:32
  • Obfuscating directly relate to `reverse-engineering` and to prevent this `proguard` is used. Moreover to prevent API endpoints to being exposed, you can use `Dexguad`. – Radhey Sep 18 '18 at 05:55

1 Answers1

1

"Obfuscating the API" probably means changing the names of identifiers, like class names, method names, field names, etc, to very un-descriptive names. so that readers of your code wouldn't know what your code is doing.

Proguard is such a tool. Here is a post I found, involving using Proguard to obfuscate private methods in a simple class. You can see how privateStaticMethod turned into a, and how the parameter names turned into paramString1 and paramString2.

By doing so, readers won't know what a does just by looking, because a tells them literally nothing about what the method actually does. The methods that a calls might also be obfuscated as b or c, which makes it even harder to know what your code is doing.

Reverse-engineering here refers to trying to figure out how obfuscated code looked originally. Obviously, changing the names of methods and parameters makes it harder to reverse-engineer than just changing control flow and code layout.

Sweeper
  • 213,210
  • 22
  • 193
  • 313