| Information exchange has become an indispensable part of modern society, It has gradually aroused people’s attention about how to ensure the safety of information in a complex and diverse network environment.In recent years, with the rapid development of WEB technology, more and more mobile applications use JavaScript to write, but the protection of JavaScript is not perfect. Code obfuscation is one of the techniques of software protection. The main purpose is to protect some important information in software from being easily obtained. Through a series of obfuscation methods, it is more difficult for attacker to obtain software source code through reverse engineering. So as to achieve the purpose of protecting the software structure and data, code obfuscation is significant to the resistance of reverse engineering. As a supplement and development of encryption technology, more and more attention is paid to it. What’ more, code obfuscation plays a more and more important role in mobile application production.In this paper, we propose a class Rearrangement code obfuscation algorithm based on JavaScript, which intercepts method invocations by Proxy, and performs obfuscation transformation under the preserving program semantics, which realizes the balance between execution cost and confusion strength. The language structure of the program is changed,so that it can increase the difficulty of cracking the program and protect the purpose of the program. At the same time, we design and implement a JavaScript source code obfuscation tool, CROT (Class Rearrangement Obfuscation Tool). The main work of this paper is as follows:1. We studied the current software protection technology, researched the progress of code obfuscation technology and introduced the concept of code obfuscation. Then, we listed and explained the top four most popular obfuscation methods such as layout obfuscation,data obfuscation, control obfuscation and prevent obfuscation,introduced the evaluation criteria of code obfuscation such as the obfuscation potency, obfuscation resilience, obfuscation cost and code concealment.2. Based on the newest feature of ES2016, we designed class rearrangement obfuscation algorithm. The first stage of the algorithm adopted a class fusion method based on proxy and bogus identifier to mix several classes into one class. In the second stage of the algorithm, one single class has been disassembled into multiple classes based on random assignment. This algorithm achieved the purpose of obfuscate the internal structure of a program and the referenced method.3. We Designed and implemented a JavaScript-based obfuscator CROT based on babel. Introduced the purpose, development environment, design principle, system architecture and workflow of CROT in detail, and gave an sample program obfuscated by CROT.4. We made a Functional test of CROT and analysis the performance.From the results of functional test, it was found that CROT does not produce errors that affect the functionality of the program.Then we used CROT to obfucate five popular JavaScript libraries.From the aspects of correctness, potency, time cost and concealment, we found that CROT has a high degree of obfucation,complete correctness, low time cost and high code similarity(concealment). |
PDF Full Text Request