Simple protection

A pack­er can be used to “opti­mize” / “com­press” a bina­ry which on the oth­er hand also makes it hard­er to debug. A pack­er removes une­ses­sary infor­ma­tion and the mini­fi­ca­tion can lead also to obfus­ca­tion to some extend.

A stan­dard tool is UPX. Min­i­mize a bina­ry with upx -9 bin.elf.

Advanced protection

Obfus­ca­tion tools usu­al­ly con­sist of two parts:

• Pro­tec­tion code: A pro­gram con­verts a source bina­ry into an obfus­cat­ed form and adds a deob­fus­ca­tion run­time into it.
• Deob­fus­ca­tion run­time: When the pro­gram starts, the inject­ed deob­fus­ca­tion run­time starts, loads the deob­fus­cat­ed bina­ry into the mem­o­ry and exe­cutes it.

Some obfus­ca­tors are:

• Grugq
• Bur­n­eye
• Shi­va
• Maya’s Veil
• Chimera