the limit itself. This type of obfuscation is as strong as the function used to obscure the
actual condition is to unravel. Keep in mind that a reverse engineer will not have the
non-obfuscated machine code for reference, so even a very weak function, like the one
used in this solution, may be effective at wasting some of a reverser's time. The numeric
function used here is very simple; more complex functions can be devised that would
further decrease the readability of the machine code.
7.6.3 Control Flow Obfuscation for the Record Limit Check
We introduce some non-essential, recursive, and randomized logic to the
password limit check in PasswordVault.cpp to make it more difficult for a reverser to
perform static or live analysis. A design for obfuscated control flow logic which
ultimately implements the trial limitation check is given in Fig. 7.3. Since no standards
exist for control flow obfuscation, this algorithm was designed by the author using the
cyclomatic complexity metric defined by McCabe  as a general guideline for creating
a highly-complex control flow graph for the trial limitation check.