X hits on this document





37 / 120

6 Basic Anti-Reversing Techniques

Having seen that it is fairly straight-forward for a reverse engineer to disable the

trial limitation on the machine code and Java bytecode implementations of the Password

Vault application, we now investigate applying anti-reversing techniques to both

implementations in order to make it significantly more difficult for the trial limitation to

be disabled. While anti-reversing techniques cannot completely prevent software from

being reverse engineered, they act as a deterrent by increasing the challenge for the

reverse engineer. [5] states “It is never possible to entirely prevent reversing” and “What

is possible is to hinder and obstruct reversers by wearing them out and making the

process so slow and painful that they give up.” The remainder of this section introduces

basic anti-reversing techniques, two of which are demonstrated in Sections 7 and 8.

While it is not possible to completely prevent software from being reverse

engineered, a reasonable goal is to make it as difficult as possible. Implementing anti-

reversing strategies for source code, machine code, and bytecode can have adverse effects

on a program's size, efficiency, and maintainability; therefore, it’s important to evaluate

whether a particular program warrants the cost of protecting it. The basic anti-reversing

techniques introduced in this section are meant to be applied post-production, after the

coding for an application is complete and tested. These techniques obscure data and logic

and therefore are difficult to implement while also working on the actual functionality of

the application—doing so could hinder or slow debugging and, even worse, create a

dependency between the meaningful program logic and the anti-reversing strategies used.


Document info
Document views527
Page views528
Page last viewedSun Jan 22 08:53:13 UTC 2017