By ReasonLabs Research Team
May 27, 2020
So how does it work?
Obfuscations and why attackers are using them?
The continued race between attackers and security researchers inspired a solution for attackers called obfuscation. Obfuscation is the deliberate act of obscuring the intended meaning of a communication by making the message difficult to understand.
1. Format Obfuscation
Obfuscating the format of a code can be extremely scary for a researcher since the code looks very hard to read. There is no spacing between lines or indentation, which makes it pretty hard to understand and review.
Let’s take a look an example of format obfuscation:
This is an example of how code should look:
This is an example of format obfuscation:
Here we can see the code is less comfortable to read, The code is still for executing a loop and an experienced eye could easily break, but if we have longer code that is written in this way, it would give us a headache.
Most researchers, when it comes to dealing with this kind of situation, will feel like pulling their hair out and become pretty frustrated knowing that somehow they need to figure out what is happening there. The truth is that the code is easier to break than you’d think. All we need to understand is that there is no real obfuscation here; just a piece of code that is not organized. So what do we do?
As you can see, beautification of obfuscated code can help us a lot because it lets us read it more clearly. This is most often the first layer in obfuscation, so just make sure you can view the code properly.
In the second part of this article, we will go over to the next layer of obfuscation and will learn more about how it can be deobfuscated. Stay tuned.
ReasonLabs is a leading cybersecurity company providing enterprise-grade protection for all users around the globe. Led by a team of cyber experts and visionaries, including former Microsoft Lead Security Program Manager, Andrew Newman, ReasonLabs has developed unique, cutting-edge technology to combat all emerging cyber threats at the earliest possible stage. ReasonLabs’ innovative engine scans over 1 billion files in 180 countries a day, delivering fast, comprehensive data, and providing 24/7 real-time threat detection. To learn more about ReasonLabs, please visit https://reasonlabs.com