PCode obfuscation cracked - alternatives?

조회 수: 167 (최근 30일)
gius
gius 2013년 5월 8일
답변: David Leffingwell 2023년 6월 12일
Hello, I'm asking this question since a quick google search revealed software able to de-obfuscate p files to m files almost perfectly.
is there any way safer (wrt reverse engineering) than pcode to protect matlab code to be used by matlab (i.e. no stand alone executable)? In particular, the code to be protected calls and is called by functions/m files that cannot be obfuscated/protected (they are part of another library that cannot be modified).
we are currently using R2012b on production systems,
Thank you,
------------EDIT--------------
Just to be clear... I'm not talking about information leaking from running code, debugging or anything requiring programming skills.
I'm talking about decompilation of a p file to a human readable and (very likely) executable m file, by a simple command line statement. A search in google brought up software that seems able to do just that.
Assuming that works (and it sure looks that way), is there a second line of defense to prevent proprietary algorithms being disassembled by a simple one-click operation, while mantaining compatibility/executability in the matlaab environment?
e.g.:Once upon a time, i recall m files could be compiled to mex, but it seems this is not the case anymore (or at least it seems requiring multiple steps and lots of headaches).
  댓글 수: 4
이전 댓글 2개 표시
Walter Roberson
Walter Roberson 2013년 5월 14일
Philip works for Mathworks. You could email him the information.
(Note: I do not work for Mathworks. However, if Mathworks would like me to investigate or give opinions on matters, I am good at keeping to NDAs.)
Jan
Jan 2013년 5월 14일
편집: Jan 2013년 5월 14일
@Walter: NDAs are funny, when you find the code freely downloadable in the net. Obviously others did not care about surely existing NDAs already. If the encryption is such weak, an NDA is not the limiting factor for telling my opinions, but the fact, that rudeness is not accepted in this forum.
@guis: Thanks for mentioning this interesting detail. Understanding Matlab's parsing methods is useful for some legal applications.

댓글을 달려면 로그인하십시오.

이 질문에 답변하려면 로그인하십시오.

답변 (4개)

Philip Borghesani
Philip Borghesani 2013년 5월 8일
What leads you to the conclusion that pcoded files can easily be de-obfuscated? I am aware of the numerous ways that information can leak from a pcoded file and there are some defenses that have been posted in other answers and downloads on this site. I believe that it is simple to defend p-code from the only credible software I found to inspect pcoded files. I believe this software is capitalizing on an already posted weakness of pcoded files.
I expect this software can be defeated by any function that checks the datatypes of inputs and errors on unexpected types.
  댓글 수: 3
이전 댓글 1개 표시
Philip Borghesani
Philip Borghesani 2013년 5월 8일
Yes that is what I found and I drew the same conclusions.
gius
gius 2013년 5월 9일
As i wrote in the question, I'm affirming pfiles can be deobfuscated because i found software that seems to do just that.
I edited the question to make it clear.
the software was found by a simple google search: I saw pfiles being recommended as a relatively safe ip protection strategy, and checked on google just to be sure.

댓글을 달려면 로그인하십시오.

Jan
Jan 2013년 5월 13일
편집: Jan 2014년 5월 3일
P-coding removes all comments and the help section securely. When the names of the internally used variables are obfustcated also, e.g. 'a', 'b', 'Omega13', understanding the code might be more expensive than paying you sufficiently for the source code. I've seen such obfuscated M-file in the FileExchange. Inspite of an excellent demonstration of advanced obfuscation techniques, the comments and rating have not been positive.
You can apply AES encryption to strings, which are EVAL'ed. Unfortunately the US laws forbid to post the 2 lines of Java code or the corresponding M-code for a strong AES encryption. I'm convinced that this law is counter-productive, so it is up to the US citizens to influence the politics to remove it.
But even then the standard problem remains: How can an encryption key stored securely? You could start a C-mex thread, which pokes into the memory of a Matlab variable with a specified timing. Then the debugger is not able to determine the key reliably. But I remember, that there has not been any 100% secure method in the history of modern computing. If you invent one, M- and P-files will not be your profession anymore.
  댓글 수: 4
이전 댓글 2개 표시
Jan
Jan 2013년 5월 13일
편집: Jan 2013년 5월 13일
A new quote: "If a man has earned enough money, it is time to sit down and take a nap."
Matlab code and and a secure obfuscation are a contradiction by design. It is the purpose of M-code to be compatible with different Matlab versions and environments and therefore dynamic overloading is a fundamental brick of the design. This is a great benefit for interpreted languages.
Hiding details in compiled stand-alone applications is not secure, or if it is, it is not flexible anymore.
I'm going to make some experiments in the evening.
Peng Xu
Peng Xu 2014년 4월 29일
Pretty sure name that used internally is not obfuscated, because there is something called workspace in MATLAB, and the p-code generator has nothing to predict what is going to be in your workspace in runtime.

댓글을 달려면 로그인하십시오.

Peng Xu
Peng Xu 2014년 4월 25일
It is never secure to ship the code or even resulting binary to end-user and hope some kind of key is able to protect it. My suggestion is to put a crucial part of code away from end-user, e.g. on a company server. And in MATLAB, communicate to this server to do that crucial part. This may be the only way you can achieve a level of security that you can control.
  댓글 수: 1
Jan
Jan 2014년 5월 3일
편집: Jan 2014년 5월 3일
And this has the disadvantage that the customers will hate it, when the software they have payed for does not work, when the internet connection is down temporarily. We all know the annoying troubles with online activations and such stuff.
And as we know from e.g. the heart bleed problem, even data on a company server are not under a perfect control.

댓글을 달려면 로그인하십시오.

David Leffingwell
David Leffingwell 2023년 6월 12일

카테고리

Help CenterFile Exchange에서 MATLAB Compiler에 대해 자세히 알아보기

태그

Community Treasure Hunt

Find the treasures in MATLAB Central and discover how the community can help you!

Start Hunting!

Translated by