obfuscation


Mono.Cecil - obfuscated malicious code


In this great article (http://eatplayhate.wordpress.com/2010/07/18/mono-cecil-vs-obfuscation-fight/), the author claims that Mono.Cecil is not perfect, but that it translated a good 90% of the functions without any issues.
My question to you guys is: Can an evil programmer obfuscate malicious code that could not be deobfuscated using Mono.Cecil and thus cause a serious breach in my program (3rd party code)?
If the answer is yes, do you know what symbols I can use to write such code, or how I can protect my self from such code?
Of course an evil programmer can always obfuscate code better than you can deobfuscate it. Determining the behavior of arbitrary code in advance is an undecidable problem after all.
More practically, the obfuscation vs deobfuscation fight is just over who puts in more effort. Obfuscation is much easier than deobfuscation, but commercial obfuscators tend to be much less sophisticated than what you can write by hand or with a custom obfuscator, for various reasons. The fact that Mono Cecil is good enough to debofuscate many common obfuscation tools doesn't mean it can do anything about the later.
If you want to see some of the tricks you can pull with hand obfuscated code, take a look at this crackme. It's Java bytecode rather than CLI, but the idea is similar. As of this writing, noone has even solved it, despite the crackme consisting of a single method in a single class. And it doesn't even use Reflection, the proper use of which makes automated deobfuscation all but impossible.
The real question however, is what you're trying to do with this. Are you trying to check arbitrary code for malicious behavior? Sorry, but that's not really possible. You need to run it in a sandbox.

Related Links

Obfuscated assembly detected by antivirus ( false positive)
Automatically log error and terminate application with SmartAssembly
Protect AdWords Scripts
JS obfuscation not working?
Obfuscate single package with all dependencies
Obfuscating names with human readable names
Linux based virus / malware source code in C [closed]
Keep class methods but obfuscate packages in proguard
Mono.Cecil - obfuscated malicious code
TypeScript Obfuscation
.NET Reactor and InnoSetup
Theory of obfuscation and symbolic computation
Eazfuscator.NET error for custom build configuration
ProGuard obfuscate package name with -keeppackagenames
How to avoid that proguard obfuscates the classes annotated with #OnStart
Obfuscating URLs in WordPress

Categories

HOME
beautifulsoup
grok
alexa-skills-kit
angular2-material
numbers
cublas
tail
vsm
crystal-reports-2013
opengl-3
character
ycsb
magnetic-cards
google-content-api
template-engine
jersey-1.0
google-picker
soci
pyramid
nim
pimcore
tosca
xunit
google-api-client
windows-server-2003
opentk
jackson-modules
nstimer
quantlib
user-defined-functions
failover
mql
sql-server-2000
catch-unit-test
mailkit
code-snippets
slacktextviewcontroller
getlasterror
reason
google-knowledge-graph
lint
sql-server-ce
xcode7.3
imagenet
datacachefactory
parser-generator
softmax
berkeley-db-je
clang++
reportservice2010
mongotemplate
aquamacs
static-cast
truezip
pdf-conversion
filenet
node-request
usart
simplepie
meteor-packages
webjars
qtplugin
iotivity
x-tag
synonym
observablecollection
refinerycms
embedding
google-query-language
cassia
php-socket
aurora
nio2
invoke-sqlcmd
false-sharing
toast
ascii-art
decimalformat
iokit
text-search
dock
branch-and-bound
zend-currency
procedural-programming
adehabitathr
entry-point
genymotion-call
xml-dsig
buffering
gwt-openlayers
patricia-trie
rmiregistry
fusefabric
jquery-address
u2netdk
umra
timthumb
inline-formset
appledoc
scrollbars
cfwindow
data-mapping
wcf-instancing
complex-event-processing
wysiwym
product-management
online-storage
mathematical-typesetting
idatareader

Resources

Mobile Apps Dev
Database Users
javascript
java
csharp
php
android
MS Developer
developer works
python
ios
c
html
jquery
RDBMS discuss
Cloud Virtualization
Database Dev&Adm
javascript
java
csharp
php
python
android
jquery
ruby
ios
html
Mobile App
Mobile App
Mobile App