Post

Replies

Boosts

Views

Activity

Obfuscation needed
Hi All; What is the status of obfuscation? The company I work for has a bunch of apps that have had their license code bypassed. The bypass method would a simple level 1 ctf at any hacking conference. I've gone through some posts related to this and in one an Apple employee stated that obfuscation is just "security through obscurity". Having been doing cybersecurity work for a long time that is a very simplistic view. In our case it took me 5 minutes to duplicate with a hexeditor. String search for "Checking License" Move up to the start of that function, and change the function to return 1. Thats 4 bytes for x86, and 8 byte for the m1 ( 20 00 80 D2 C0 03 5F D6 ). That code simply does mov x0 #1 and then a ret. This is going to be an even bigger issue now that a commercial grade decompiler is available to download for free (ghidra). Wha are others doing to prevent this? Thanks Pat
0
1
885
Mar ’23