Secure Programming Cookbook for C and C++: Recipes for Cryptography, Authentication, Input Validation & More

12.5.1 Problem

Variables used frequently such as in loops or counters are difficult to obfuscate without impacting the performance of the program.

12.5.2 Solution

Change variables by a constant value.

12.5.3 Discussion

Changing variables by a constant value is a trivial form of obfuscation; however, it is fast and easy to implement, and it can be combined with other obfuscation methods. Here is an example of the obfuscation:

#define SET_VAR(var) (((var) * 3) + 0x01040200) #define GET_VAR(var) (((var) - 0x01040200) / 3)

The macros can be applied to any usage of an integer:

for (i = SET_VAR(0); GET_VAR(i) < 10; i = SET_VAR(j + 1)) { j = GET_VAR(i); printf("2 + %d = %d\n", i, 2 + GET_VAR(i)); }

Constant transforms are useful only if the SET_VAR and GET_VAR macros are used far apart; otherwise, the transform is immediately obvious. Transformations that are more robust can be created that use different mathematical operations in each of the SET_VAR and GET_VAR macros so that different constants are used in the expansion of each macro. Note that the SET_VAR macro can be used in the initialization of a variable, which will obfuscate the value of the variable at compile time.