Interleave Methods Obfuscation Algorithm

Author

Zach Heidepriem (zachary@cs.arizona.edu)

Description

This obfuscation finds pairs of methods in the input application and interleaves them into one method. It selects pairs such that both methods have the same signature and are not "Java" methods (e.g. toString()) or "special" methods (e.g. main()). It interleaves two methods A and B into a third method C:

  • Assume A has basic blocks A1...An, B has basic blocks B1...Bm
  • A({sig}), B({sig}) are interleaved into C({sig},byte b)
  • C has the form:
    C({sig}, byte b){
          Random r = new Random(b);
          int[] matches = new int[n+m];
          for(int i = 0; i \< n+m; i++)
             matches[i] = r.nextInt();
          int pc = 0;
          while true{
             switch(matches[pc]){
                [constant]: Ai ; break;            
                [constant]: Bj  ; break;           
                ...for all basic blocks in A and B
             }
             pc++;
          }
  • If a block contains a branch instruction, that instruction is replaced with an appropriate modification to pc. Also note that since not all basic blocks will leave the stack unaffected, the case statements may contain more than one block. (This allows the code to verify.)

    Example

    Configuration

    There are no extra configuration parameters necessary to run this obfuscator.

    References