Davide Pizzolotto, Roberto Fellin, Mariano Ceccato

OBLIVE: Seamless Code Obfuscation for Java Programs and Android Apps


Abstract

Malicious reverse engineering is a problem when a program is delivered to the end users. In fact, an end user might try to understand the internals of the program, in order to elaborate an attack, tamper with the software and alter its behaviour. Code obfuscation represents a mitigation to these kind of malicious reverse engineering and tampering attacks, making programs harder to analyze (by a tool) and understand (by a human).

In this paper, we present Oblive, a tool meant to support developers in applying code obfuscation to their programs. A developer is required to specify security requirements as singleline code annotations only. Oblive, then, reads annotations and applies state-of-the-art data and code obfuscation, namely xormask with opaque mask and java-to-native code, while the program is being compiled. Oblive is successfully applied both to plain Java programs and Android apps. Showcase videos are available for the code obfuscation part https://youtu.be/Bml-BkKP3CU and for the data obfuscation part https://youtu.be/zUizYVK42ps.

PDF version of the paper.

Valid XHTML 1.0!

Maintainer: ceccato at fbk dot eu