While usage of obfuscation techniques become widely acceptable, Preda, M, & Giacobazzi, R (2009) raise a question of effectiveness of code obfuscation techniques - “it is hard to compare different obfuscating transformations with respect to their resilience to attacks and this makes it difficult to understand which technique is better to use in a given scenario” (Preda, M, & Giacobazzi, R. 2009) due to absence of theoretical research to formalize the metric of code obfuscation.
ProGuard “is a free Java class file shrinker, optimizer, obfuscator, and preverifier” (Eric Laforune, 2011). While advantages of the tool are easy integration into commonly used Integrated Development Environments (IDE) as well as ant tasks, and additional functionality such as optimizer and code shrieker, its obfuscation capabilities are limited to code morphing. More advance techniques, or combination of a number of obfuscation techniques such as flow obfuscation and string encryption could potentially (see previous paragraph discussing the lack of metric to measure the effectiveness of code obfuscation) exponentially increase the effort required to reverse engineer the code.
- Eric Lafortune, 2011. “ProGuard” [online]. Available from: http://proguard.sourceforge.net/ (accessed: March 30, 2012).
- Nikos Mavrogiannopoulos, Nessim, K, & Bart, P n.d., 'A taxonomy of self-modifying code for obfuscation', Computers & Security, ScienceDirect, EBSCOhost, viewed 29 March 2012.
- Preda, M, & Giacobazzi, R 2009, 'Semantics-based code obfuscation by abstract interpretation', Journal Of Computer Security, 17, 6, pp. 855-908, Academic Search Complete, EBSCOhost, viewed 29 March 2012.
- Ross J. Anderson, 2008. “A Guide to Building Dependable Distributed Systems”. 2nd Edition. Wiley Publishing.
- Victor, D 2008, 'Obfuscation: Obfuscation – how to do it and how to crack it', Network Security, 2008, pp. 4-7, ScienceDirect, EBSCOhost, viewed 29 March 2012.