views:

318

answers:

6

Hi,

I recently came across the term Polymorphic Code, and was wondering if anyone could suggest a legitimate (i.e. in legal and business appropriate software) reason to use it in a computer program? Links to real world examples would be appreciated!

Before someone answers, telling us all about the benefits of polymorphism in object oriented programming, please read the following definition for polymorphic code (taken from Wikipedia):

"Polymorphic code is code that uses a polymorphic engine to mutate while keeping the original algorithm intact. That is, the code changes itself each time it runs, but the function of the code in whole will not change at all."

Thanks, MagicAndi.

Update

Summary of answers so far:

  • Runtime optimization of the original code
  • Assigning a "DNA fingerprint" to each individual copy of an application
  • Obfuscate a program to prevent reverse-engineering

I was also introduced to the term 'metamorphic code'.

A: 

Obfuscate a program i.e. prevent reverse-engineering: goal being to protect IP (Intellectual Property).

jldupont
Hi jldupont, an interesting application. +1 So, in theory, the application using this would run, perform its primary function, and then regenerate its own executable again using a new version of the re-obfuscated code? Are you aware of any applications making use of this method?
MagicAndi
I haven't come across this technique in some time back in the days I was reverse engineering..... but let's not get into that shall we. The idea was along the following: Block of code that uses a polymorphic algorithm to hide its decryption routine for another block of code "hidden". The latter would contain some "crucial bits of code" but I won't say more ;-)
jldupont
+2  A: 

Polymorphic code is a nice thing, but metamorphic is even nicer. To the legitimate uses: well, I can't think of anything other than anti-cracking and copy protection. Look at vx.org.ua if you wan't real world uses (not that legitimate though)

Metamorphic code is fun. Back in the days people thought computers will gain intelligence by that!
wishi
icefex, thanks for answering, and introducing me to the term metamorphic. +1.
MagicAndi
+4  A: 

Runtime optimization of the original code, based on actual performance statistics gathered when running the application in its real environment and real inputs.

Sami
Sami, I was thinking about genetic programming when I posted the question, but couldn't see an immediate link. Your answer is that link! +1
MagicAndi
+2  A: 

Digitally watermarking music is something often done to determine who was responsible for leaking a track, for example. It makes each copy of the music unique so that copies can be traced back to the original owner, but doesn't affect the audible qualities of the track.

Something similar could be done for compiled software by running each individual copy through a polymorphic engine before distributing it. Then if a cracked version of this software is released onto the Internet, the developer might be able to tell who cracked it by looking for specific variations produced the polymorphic engine (a sort of DNA test). As far as I know, this technique has never been used in practice.

It's not exactly what you were looking for I guess, since the polymorphic engine is not distributed with the code, but I think it's the closest to a legitimate business use you will find for this kind of technique.

Mark Byers
Mark, very interesting application; especially if combined with jldupont's answer - a specific obfuscation and watermark for each digital version of an application. Specifically, to carry the DNA analogy further, if you could identify which version a particular instance of the application descended from.
MagicAndi
Also, +1 as well!
MagicAndi
+1. It seems like this could be trivially overcome by just running the polymorphic engine over the software a second time... but that's what happens when you join any arms race. ;)
ojrac
@ojrac: Not if a) the polymorphic engine was closed source OR b) mutations are made at random, some of which are not easily reversible. These irreversible transformations would be a kind of genetic fingerprint.
Mark Byers
+1  A: 

Polymorph code can be used to obfuscate weak or proprietary algorithms - that may use encryption e. g.. There're many "legitimate" uses for that. The term legitimate these days is kind of narrow-minded when it comes to IT. The core-paradigms of IT contain security. Whether you use polymorph shellcode in exploits or detect such code with an AV scanner. You have to know about it.

wishi
+2  A: 

As Sami notes, on-the-fly optimisation is an excellent application of polymorphic code. A great example of this is the Fastest Fourier Transform in the West. It has a number of solvers at its disposal, which it combines with self-profiling to adjust the code path and solver parameters on subsequent executions. The result is the program optimises itself for your computing environment, getting faster with subsequent runs!

A related idea that may possibly be of interest is computational steering. This is the practice of altering the execution path of large simulations as the run proceeds, to focus on areas of interest to the researcher. The overall purpose of the simulation is not changed, but the feedback cycle acts to optimise the calculation. In this case the executable code is not being explicitly rewritten, but the effect from a user perspective is similar.

ire_and_curses
ire_and_curses, thanks for the example! +1
MagicAndi