1. Technical Field
The present disclosure relates to dynamic code obfuscation and more specifically to detecting changes in a source of entropy used by a dynamic obfuscation technique.
2. Introduction
Software developers invest considerable resources in the development and maintenance of computer software. This investment often results in the development of proprietary algorithms that are advantageous over those used by the competition and which the developer would like to keep secret so as to leverage the superiority of the algorithm. In addition to proprietary algorithms, software may also contain other embedded secretes such as cryptographic keys. Because of the plethora of important information, software is often the target of various reverse engineering efforts to dissect, analyze, and discover how it works.
One approach to thwart reverse engineering is code obfuscation. Code obfuscation is a semantics-preserving transformation that makes the program more difficult to understand while preserving the original functionality of the program. Most of the commonly used obfuscation techniques rely solely on statically available information in the transformation. These static obfuscation techniques help deter against certain forms of reverse engineering, however, because they only rely on statically available information, the execution of the program will be the same every time the program executes. To complicate the reverse engineering process, a software developer can apply a dynamic code obfuscation technique that will cause the program's execution to vary from one computer to the next and from one execution to the next, while still preserving the original functionality of the program. An important aspect of a dynamic code obfuscation technique is a source of entropy that can be used to cause variation in the program's execution. Unfortunately, the source of entropy can also be a major weakness because an attacker can simply modify the entropy pool in order to control the variation.