Announcement

Collapse
No announcement yet.

Obfuscated PowerBasic Console Compiler

Collapse
X
 
  • Filter
  • Time
  • Show
Clear All
new posts

  • Obfuscated PowerBasic Console Compiler

    This is just for fun. Have you heard of "Obfuscated Code" contests? People write source code in C or PERL that's obfuscated -- that is, intentionally convoluted and difficult to follow. It can contain red herrings (misleading devices) or take advantage of deliberately improper syntax that's still somehow valid. Besides being a waste of time, it does have one practical aspect in that it defeats reverse engineering (but there goes all of Bob Zale's work to make his code fast and clean). Anyway, here's something I wrote tonight. Anyone got anything better?
    Code:
    #COMPILER PBCC 4
    FUNCTION PBMAIN() AS LONG
    DIM s AS STRING:DIM n AS LONG:DIM x(1 TO 22) AS INTEGER:DIM r AS SINGLE
    RANDOMIZE TIMER:s="absolute woozy":r=RND:FOR n=1 TO 100:r=-.2/r-INT(-.2/r)
    NEXT n:x(21)=7*r:r=RND:FOR n=1 TO 100:r=-.2/r-INT(-.2/r):NEXT n:x(19)=3*r
    x(1)=INSTR(s,"l"):x(2)=GETATTR("c:\"+s)+TALLY(s,"o")+ERR MOD 3:ERRCLEAR
    x(3)=PARSECOUNT(s+s,"e")+3:x(4)=2-ERR:x(5)=SQR(LOWRD(ASC(LEFT$(s,1))))/2
    SWAP x(5),x(3):x(6)=-SIN(56*x(4))-SIN(33*x(4))-LOG(12*x(4))-LOG(22*x(4))
    x(7)=SQR(SQR(ASC(MID$(STRREVERSE$(s),4,3))))-x(1):x(8)=LEN(x(8))/(ERR+2)
    x(9)=x(6) AND x(5) AND x(4):x(22)=x(8)-x(9):x(10)=SQR(LEN(REPEAT$(4,s))_
    -LEN(REPEAT$(3,s)))-1:x(11)=TAN(SIN(SQR(x(9))))-SIN(2):x(12)=UBOUND(x)/_
    (0.8*LEN(s)):x(13)=INT(SQR(x(5)XOR x(8)*17)):x(14)=INT(1.65875845180E+18_
    /2.64744936631435E+17):x(15)=x(7):x(16)=x(8):x(20)=x(10)+x(13)
    x(18)=x(19)-x(16):FOR n=x(18) TO x(10) STEP x(9):x(n)=x(n)-2*x(n):NEXT n
    FOR n=x(5)+x(20) TO 8*x(4):IF n MOD x(10)<>0 THEN x(n)=-x(n)
    NEXT n:FOR n=1 TO 22:PRINT MID$(s,7+x(n),1);:NEXT n:WAITKEY$:END FUNCTION
    Christopher P. Becker
    signal engineer in the defense industry
    Abu Dhabi, United Arab Emirates

  • #2
    Besides being a waste of time, it does have one practical aspect in that it defeats reverse engineering
    Yes it is a waste of time, but no it doesn't defeat reverse engineering at all, nor does it really slow it down ...

    Here is a "lesser-obfuscated" version of your code, but it still compiles to exactly the same executable...
    Code:
    #COMPILER PBCC 4
    FUNCTION PBMAIN() AS LONG
    DIM s AS STRING
    DIM n AS LONG
    DIM x(1 TO 22) AS INTEGER
    DIM r AS SINGLE
    RANDOMIZE TIMER
    s="absolute woozy"
    r=RND
    FOR n=1 TO 100
     r=-.2/r-INT(-.2/r)
    NEXT n
    x(21)=7*r
    r=RND
     FOR n=1 TO 100
    r=-.2/r-INT(-.2/r)
    NEXT n
    x(19)=3*r
    x(1)=INSTR(s,"l")
    x(2)=GETATTR("c:\"+s)+TALLY(s,"o")+ERR MOD 3
    ERRCLEAR
    x(3)=PARSECOUNT(s+s,"e")+3
    x(4)=2-ERR
    x(5)=SQR(LOWRD(ASC(LEFT$(s,1))))/2
    SWAP x(5),x(3)
    x(6)=-SIN(56*x(4))-SIN(33*x(4))-LOG(12*x(4))-LOG(22*x(4))
    x(7)=SQR(SQR(ASC(MID$(STRREVERSE$(s),4,3))))-x(1)
    x(8)=LEN(x(8))/(ERR+2)
    x(9)=x(6) AND x(5) AND x(4)
    x(22)=x(8)-x(9)
    x(10)=SQR(LEN(REPEAT$(4,s)) - LEN(REPEAT$(3,s)))-1
    x(11)=TAN(SIN(SQR(x(9))))-SIN(2)
    x(12)=UBOUND(x)/_
    (0.8*LEN(s))
    x(13)=INT(SQR(x(5)XOR x(8)*17))
    x(14)=INT(1.65875845180E+18 /2.64744936631435E+17)
    x(15)=x(7)
    x(16)=x(8)
    x(20)=x(10)+x(13)
    x(18)=x(19)-x(16)
    FOR n=x(18) TO x(10) STEP x(9)
     x(n)=x(n)-2*x(n)
    NEXT n
    FOR n=x(5)+x(20) TO 8*x(4)
     IF n MOD x(10)<>0 THEN x(n)=-x(n)
    NEXT n
    FOR n=1 TO 22
     PRINT MID$(s,7+x(n),1);
    NEXT n
    WAITKEY$
    END FUNCTION
    All it really does is make the original source code harder to read for anybody else who has access to it, but that has very little to do with the resulting compiled executable, which is what anybody reversing your program would be attacking.

    However I believe the goal of these 'obfuscation contests' is simply to do just that and nothing more - obfuscate the source code to make it harder to read, as opposed to making the compiled executable harder to analyse, so if that's all you're trying to do - obfuscate the source, not the compiled exe, then yes you've done a good job ... even though, like you said, it's somewhat pointless lol

    btw, due to the structured nature of programming syntax (of any language) it's trivial to write a program to format source code to remove such obfuscation

    Sorry for being a party pooper on the weekend.
    Last edited by Wayne Diamond; 10 Aug 2008, 06:35 AM.
    -

    Comment


    • #3
      Heard of? Heck, I WON one:
      ---------- Forwarded Message ----------

      From: INTERNET:[email protected], INTERNET:[email protected]
      TO: Michael Mattias, mcmattias
      DATE: 5/16/98 9:06 PM

      RE: Re: Entry

      Sender: [email protected]
      Received: from mail.ptd.net (srv1.ptd.net [204.186.0.131])
      by arl-img-4.compuserve.com (8.8.6/8.8.6/2.10) with SMTP id VAA20314
      for <[email protected]>; Sat, 16 May 1998 21:06:27 -0400 (EDT)
      Received: (qmail 21451 invoked from network); 17 May 1998 01:05:37 -0000
      Received: from du17.scr.ptd.net (204.186.26.17)
      by postoffice.ptd.net with SMTP; 17 May 1998 01:05:37 -0000
      From: [email protected] (International Obfuscated Basic Code Contest)
      To: Michael Mattias <[email protected]>
      Subject: Re: Entry
      Date: Sun, 17 May 1998 03:05:47 GMT
      Organization: IOBCC
      Reply-To: [email protected]
      Message-ID: <[email protected]>
      References: <[email protected]>
      In-Reply-To: <[email protected]>
      X-Mailer: Forte Agent 1.5/16.451
      MIME-Version: 1.0
      Content-Type: text/plain; charset=us-ascii
      Content-Transfer-Encoding: quoted-printable

      On Sat, 2 May 1998 16:04:00 -0400, you wrote:

      >5/2/98
      >
      >Gentlemen: Below please find my entry for the International Obfuscated
      >Basic contest.
      >
      >Origin: This is my original work; I posted a variation of this on Compuserve
      >(PowerBASIC forum) in 1996. It is hereby released to the public domain.
      >
      >Michael C. Mattias
      >Sturtevant WI

      Hello Michael,

      Thankyou for entering the IOBCC. Believe it or not, you were the
      _only_ person to submit an entry. I guess you win. Congratulations.
      The IOBCC website will be removed from its server before the end of
      the day.

      C'ya,
      John G.

      ** Copy of E-mail message with my entry **

      5/2/98

      Gentlemen: Below please find my entry for the International Obfuscated Basic contest.

      Origin: This is my original work; I posted a variation of this on Compuserve (PowerBASIC forum) in 1996. It is hereby released to the public domain.

      Michael C. Mattias
      Sturtevant WI
      Code:
      $IF 0
        Obfuscation Contest Entry
        Email to: [email protected]
        Author: Michael Mattias, Sturtevant WI USA ( [email protected])
        Date: 5.02.98
        Requires: PowerBASIC/DOS version 3.2 or 3.5
        Rated: PG-13 (D)
      $ENDIF
      $LIB ALL OFF
      DEFINT A-Z
      DIM V AS BYTE PTR
      READ N: REDIM Z(N-1) AS DWORD: DIM ABSOLUTE B(N*4-1) AS BYTE AT VARSEG (Z(0))
      COLOR 7,1:CLS:V=pbvScrnBuff+1800
      FOR I=0 TO N-1: READ Z(I):FOR J=0 TO 3:@V=B(I*4+J): INCR V:DELAY .05:INCR V:NEXT,
      END
      DATA 9,1936943435,544820512,544437057,1293971017,662266721
      DATA 1917198451,544501359,1684957527,538998639
      
      REM ** END OF PROGRAM ***=
      Michael Mattias
      Tal Systems Inc. (retired)
      Racine WI USA
      [email protected]
      http://www.talsystems.com

      Comment


      • #4
        All it really does is make the original source code harder to read for anybody else who has access to it, but that has very little to do with the resulting compiled executable, which is what anybody reversing your program would be attacking.
        Maybe you should try running the code first.

        The source code is but one part of the obfuscation. Sure I can tell what the program does (a square root here, some rounding there, etc.). But what is the final result? Even if you reverse engineered the resulting EXE it still would not be easy to figure out what exactly this code is up to.

        Needless to say I got a good laugh when I ran the program. Not the output I expeced.

        Thanks,
        Flick
        www.globalheavyindustries.com
        Last edited by Bryan Flick; 10 Aug 2008, 04:43 PM.

        Comment


        • #5
          Originally posted by Bryan Flick View Post
          Maybe you should try running the code first.
          ... I did before I first posted ... I guess you and I just have different ideas about what's easy/hard when it comes to reversing ... :shhh:
          -

          Comment


          • #6
            We see lots of obfuscated, hard-to-figure-out, strange-algorithm code here.

            You just don't recognize it but here's a tip: it's usually disguised as "ordinary requests for help."

            MCM
            Michael Mattias
            Tal Systems Inc. (retired)
            Racine WI USA
            [email protected]
            http://www.talsystems.com

            Comment


            • #7
              I guess you and I just have different ideas about what's easy/hard when it comes to reversing ...
              Yeah, I guess we do.

              Thanks,
              Flick
              www.globalheavyindustries.com

              Comment


              • #8
                Michael: I don't have a PBDOS compiler handy. What does your code do?

                Wayne: I'm not sure we're talking about the same thing. I agree that simply making the source code "ugly" makes no difference to a compiler or reverse-compiler (I did it just for visual effect). The obfuscation comes from the loops, random numbers and dead-end logic. I could increase the loop count to millions or billions to slow it down (but it would have the same output). If you search for obfuscation, you can find products for sale that specifically "make it very difficult to ... reverse-engineer" (taken from one such product).
                Christopher P. Becker
                signal engineer in the defense industry
                Abu Dhabi, United Arab Emirates

                Comment


                • #9
                  > I don't have a PBDOS compiler handy. What does your code do?

                  That you have to ask simply proves the winner was deserving.
                  Michael Mattias
                  Tal Systems Inc. (retired)
                  Racine WI USA
                  [email protected]
                  http://www.talsystems.com

                  Comment


                  • #10
                    Michael you left out a final next in your code. Without it you would not be in Macy's Front Window.
                    KS

                    Comment


                    • #11
                      >Michael you left out a final next in your code



                      Trailing comma is implied NEXT in PB/DOS.
                      Michael Mattias
                      Tal Systems Inc. (retired)
                      Racine WI USA
                      [email protected]
                      http://www.talsystems.com

                      Comment


                      • #12
                        I have read the manual and never noticed that, learn something new everyday.
                        KS

                        Comment


                        • #13
                          Ok, let's be fair.

                          "Trailing comma is implied NEXT" is not in the help file nor in the printed "Reference Guide" for PB/DOS 3.5

                          However, it is buried on page 124 of the PB/DOS "User's Guide"
                          If you want to be really vague, you can even combine combine these two into
                          Code:
                            NEXT,
                          which implies
                          Code:
                            NEXT index, count
                          MCM
                          (I don't think I will bother reporting this serious omission from the PB/DOS 3.5 help file).
                          Michael Mattias
                          Tal Systems Inc. (retired)
                          Racine WI USA
                          [email protected]
                          http://www.talsystems.com

                          Comment


                          • #14
                            Page 128 in my User's Guide.

                            Where the next line states:
                            "Of course, this decreases the readability and increases the chance for error on the part of the programmer."
                            A nice little tip on obfuscation. And you proved them right.
                            Rod
                            I want not 'not', not Knot, not Knott, not Nott, not knot, not naught, not nought, but aught.

                            Comment

                            Working...
                            X