Obfuscation is a technique for transforming program code into a different form that is more difficult to understand. Several obfuscation methods are used to obfuscate source code, including dead code insertion, code transposition, and string encryption. In this research, the development of an obfuscator that can work on C language source code uses the code transposition method, namely randomizing the arrangement of lines of code with a hash function and then using the DES encryption algorithm to hide the parameters of the hash function so that it is increasingly difficult to find the original format. This obfuscator is specifically used to maintain the security of source code in C language from plagiarism and piracy. In order to evaluate this obfuscator, nine respondents who understand the C programming language were asked to deobfuscate the obfuscated source code manually. Then the percentage of correctness and the average time needed to perform the manual deobfuscation are observed. The evaluation results show that the obfuscator effectively maintains security and complicates the source code analysis.

[1]

S. Lipner, "Security and Source Code Access: Issues and Realities," in IEEE Xplore, 2014.

[2]

A. Ivanovski and T. Stojanovski, "Software protection using obfuscation," 2010.

[3]

C. Beheraa and L. Bhaskari, "Different Obfuscation Techniques for Code Protection," 2015.

[4]

J. Schneider and T. Locher, "Obfuscation using Encryption," 2016.

[5]

P. Faruki, H. Fereidooni, V. Laxmi, M. Conti and M. Gaur, "Android Code Protection via Obfuscation Techniques: Past, Present and Future Directions," 2016.

[6]

L. Durfina and D. Kolar, "C Source Code Obfuscator," 2012.

[7]

R. C. E. Frank and P. P. A. Koay, "Embedding Java Classes with code2vec: Improvements from," in International Conference on Mining Software Repositories (MSR), Hamilton, New Zealand, 2020.

[8]

X. Wang and H. Yu, "How to Break MD5 and Other Hash Functions," in Advances in Cryptology – EUROCRYPT , 2005.

[9]

W. Stallings, Cryptography and Network Security, Pearson, 2017.

[10]

A. W. Appel, "Verification of a Cryptographic Primitive: SHA-256," in ACM Transactions on Programming Languages and Systems, 2015.

[11]

Nable, "Security - SHA-256 Algorithm Overview," 12 September 2019. [Online]. Available: https://www.n-able.com/blog/sha-256-encryption#:~:text=SHA%2D256%20is%20a%20patented,as%20long%20as%20when%20unencrypted..

[12]

J.-P. Aumasson, S. Neves, Z. O’Hearn and C. Winnerlein, "BLAKE2: Simpler, Smaller, Fast as MD5," in International Conference on Applied Cryptography and Network Security, Canada, 2013.