Obfuscation and reverse engineering deterrents for C++ Win/OSX app

Question

Hello,

I've got a C++ app that ships on Windows and OSX. It communicates with our backend using TCP (encrypted with OpenSSL, natch). I'd like to throw up some speed bumps for folks who are trying to reverse engineer the protocol and/or disassemble the executable.

Skype does an excellent job of this, which is why you won't find a lot of apps that speak skype. Here is a really good read about what it does: http://www.secdev.org/conf/skype_BHEU06.handout.pdf

I'd like some ideas about how to accomplish similar stuff our app. Are there commercial products that make code harder to statically analyze? What is the best way to invest my time to accomplish the goals I've listed?

Thanks,

Answer 1

Some simple suggestions for OSX:

• Prevent gdb from attaching to your program http://www.steike.com/code/debugging-itunes-with-gdb/ (this can be worked around, but will keep some casual explorers away)

• Have at least some of the code in your product stored outside the text segment of the executable, for example in data, or in an external (encrypted) shared library.

• Minimally protect any sensitive string data by not storing it in plain text. Run "strings" against your executable, and if you see anything that might be helpful to someone trying to figure out the protocol, encrypt it.

• GCC's -fomit-frame-pointer option can make debugging more painful (but can interact badly with C++ exceptions).

Answer 2

If I remember correctly Skype is using something similar (maybe they pay them to implement it in Skype, who knows) to "Code Guards" described in:

https://www.cerias.purdue.edu/tools%5Fand%5Fresources/bibtex%5Farchive/archive/2001-49.pdf