Thursday, January 25, 2007

Obfuscating by overloading method and field names

Some time ago, while testing reJ I came across an interesting form of obfuscation that I hadn't realized was possible.

This obfuscated classfile had several fields with the exact same name, but a different type. And also, several methods with identical names and parameters, but different return types.

For example:

public class Example {
private int a;
private String a;
private double[] a;

public void method() {
}

public String method() {
return null;
}
}

Obviously, this is an illegal situation in a java source file. But in the compiled code this is not a problem, as in the java bytecode all the instructions that refer to fields or methods always define the entire signature of the field or method in question. That is, including the (return) type.

Apparently ProGuard's agressive overloading produces this kind of an obfuscation.

(http://proguard.sourceforge.net/manual/usage.html#overloadaggressively):
Specifies to apply aggressive overloading while obfuscating. Multiple fields and methods can then get the same names, as long as their arguments and return types are different (not just their arguments). This option can make the output jar even smaller (and less comprehensible). Only applicable when obfuscating.

No comments: