An obfuscator is a process or device that is intended to make a program more difficult to understand. Generally, the approach of the obfuscator is to take a program that is relatively straightforward and make the underlying code more complex. While the end user is not likely to notice a difference in the way the code runs, the function of the obfuscator makes it harder to hack the code and hijack the program. From this perspective, using this type of tool can be seen as a security measure.
The name for the device or process is borrowed from the word “obfuscate,” which refers to complicating a verbal presentation in an attempt to confuse or bewilder. In like manner, the obfuscator seeks to make the process of comprehending the code somewhat perplexing. This essentially makes it harder for the code to be undermined, since the real meat of the code is so deeply buried or obfuscated that it is hard to extract the essential working portions of the code.
There are several program languages that tend to respond very well to the process of obfuscation. C++ is among the most popular of languages and makes it possible to employ an obfuscator with relative ease without corrupting the function of the base code. In like manner, C and Perl also tend to work well with the use of obfuscation, making it relatively easy to add an element of protection to any programming written in these three languages.
While the purpose of an obfuscator is to intentionally make the code harder to unravel, there is also the need to make sure that people who are authorized to work with the programming can do so without being hindered by the process of obfuscation. To this end, it is possible to employ various techniques to work through the added complications and get to the base code. This process is known as reverse engineering, since it involves essentially undoing the complications in order to see the true picture. Program slicing is an example of a reverse engineering techniques used to de-obfuscate a set of code.
While the obfuscator does provide some degree of protection, it is important to realize that this process should not be the only means of security employed to protect the programming. Other security strategies should also be employed to ensure that malevolent insertions are not received by the network and allowed to work their way into existing codes.