Nowadays, hackers are using all sorts of advanced tools and technologies to access and analyze your source code. They can extract sensitive information and add malicious code to your IDE Software. Furthermore, if your application is compromised and hosts malicious code, then at best your reputation with your users is severely diminished and at worst you might even find yourself at the end of a legal suit for reparation or damages. So, it’s very important to find an effective way to protect your program. By using the code obfuscator, you can make your Delphi codes very hard to read. As a result, attackers cannot abuse your application easily. In this post, you will find all the details of securing your source code with the Delphi code obfuscator.
Table of Contents
Protecting your code through obfuscation. What is code obfuscation?
Code Obfuscation refers to the process of modifying source code to make it harder to read. So, hackers cannot comprehend the code and abuse your application. Code Obfuscation enables you to transform the existing code into another version, which is semantically the same but syntactically different. As a result, you still get the same output. However, the implementation is quite different from the original one.
Why should you obfuscate your Delphi or C++ code?
- Protect intellectual property or trade secrets
- Prevent hackers or competitors from reverse engineering your program
- Conceal the logic or implicit values used in the program
- Making best efforts to protect your investment which can be a requirement of insurance cover
What is the best code obfuscator?
Right now, in my opinion, the CodeMorph Delphi Code Obfuscator seems to be the best option. It generates and inserts random code into your Delphi source code with predefined customization options. It helps you to protect your application from reverse engineering and modifications.
How the CodeMorph Code Obfuscator Protects Your Source Code
CodeMorph Delphi Code Obfuscator adds extra obfuscation code to your program. As a result, it becomes difficult to read. The theory is that, with sufficient added complexity. the hackers will face a very tough time modifying your source code. It’s not impossible but it does make the task onerous and error-prone which might be enough to deter all but the most dedicated and skilled reverse engineering mavens.
Let’s take a look at an example of code before code obfuscation.
|
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 |
function QuickPos(const Substr, S: WideString; MatchesIndex: Integer = 1): Integer; var LenOfS, LenOfSubstr: Integer; begin Result := Pos(Substr, S); if (MatchesIndex = 1) or (Result = 0) then Exit; LenOfS := Length(S); LenOfSubstr := Length(Substr); while (MatchesIndex > 1) and (Result > 0) do begin Result := _PosForward(Substr, S, Result + 1, LenOfSubstr, LenOfS); if Result = 0 then Exit; Dec(MatchesIndex); end; end; |
The code is easy to comprehend. There are several if-else statements, along with a simple while loop. This kind of simple code can be reverse-engineered easily. But once you use the CodeMorph Delphi Code Obfuscator, the code becomes quite difficult to comprehend. Take a look at it:
Here is an example of the same code after obfuscation
|
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 102 103 104 105 106 107 108 109 110 111 112 113 114 115 116 117 118 119 120 121 122 123 124 125 126 127 128 129 130 131 132 133 134 135 136 137 138 139 140 141 142 143 144 145 146 147 148 149 150 151 152 |
function QuickPos(const Substr, S: WideString; MatchesIndex: Integer = 1): Integer; var LenOfS, LenOfSubstr: Integer; begin // junk instruction begin asm jz @1 jnz @1 db $e9 @1: end; // junk instruction end Result := Pos(Substr, S); // junk instruction begin asm pushf push $0A @1: jnb @3 jmp @2 @2: call @4 @3: jnb @2 @4: add esp,4 jmp @5 @5: dec dword ptr [esp] jno @6 @6: jns @1 jp @7 @7: add esp,4 popf jmp @8 @8: end; // junk instruction end if (MatchesIndex = 1) or (Result = 0) then begin // junk instruction begin asm pushf jb @3 @1: jmp @2 @2: call @4 @3: jb @1 @4: add esp,4 popf jmp @5 @5: end; // junk instruction end Exit; end; LenOfS := Length(S); // junk instruction begin asm jz @1 jnz @1 db $e8 @1: end; // junk instruction end LenOfSubstr := Length(Substr); // junk instruction begin asm db 0E9h,0A2h,001h,000h,000h,049h,00Fh,0F6h,03Ch,0CFh,075h,0EEh,0C0h,00Fh,031h,08Bh db 0C8h,00Fh,031h,02Bh,0C8h,0F7h,0D1h,081h,0F9h,000h,050h,000h,000h,07Fh,0FEh,00Fh db 031h,08Bh,0C8h,00Fh,031h,02Bh,0C8h,0F7h,0D1h,081h,0F9h,000h,050h,000h,000h,07Fh db 0FEh,0D6h,00Fh,088h,0DDh,001h,000h,000h,00Fh,089h,0D7h,001h,000h,000h,03Eh,0C1h db 0C3h,005h,0C1h,0CBh,005h,036h,00Fh,08Ah,001h,002h,000h,000h,00Fh,08Bh,0FBh,001h db 000h,000h,05Bh,0E8h,00Bh,000h,000h,000h,072h,065h,067h,069h,073h,074h,065h,072h db 065h,064h,000h,058h,0EBh,002h,012h,028h,0E8h,03Eh,000h,000h,000h,099h,04Fh,0F6h db 03Ch,0FFh,090h,05Fh,050h,00Fh,031h,08Bh,0C8h,00Fh,031h,02Bh,0C8h,0F7h,0D1h,081h db 0F9h,000h,050h,000h,000h,07Ch,005h,0E9h,0D7h,06Ch,030h,0F0h,0E8h,00Bh,000h,000h db 000h,072h,065h,067h,069h,073h,074h,065h,072h,065h,064h,000h,058h,0F8h,00Fh,084h db 0A1h,000h,000h,000h,00Fh,085h,09Bh,000h,000h,000h,03Bh,068h,01Dh,024h,000h,000h db 083h,0C4h,004h,083h,0C4h,004h,00Fh,084h,007h,000h,000h,000h,00Fh,085h,001h,000h db 000h,000h,048h,0E8h,00Bh,000h,000h,000h,072h,065h,067h,069h,073h,074h,065h,072h db 065h,064h,000h,058h,0EBh,00Bh,072h,065h,067h,069h,073h,074h,065h,072h,065h,064h db 000h,065h,0F8h,00Fh,083h,056h,0FFh,0FFh,0FFh,000h,0A4h,0BCh,0E6h,0D6h,0B7h,0E8h db 00Bh,000h,000h,000h,072h,065h,067h,069h,073h,074h,065h,072h,065h,064h,000h,058h db 0F9h,00Fh,031h,08Bh,0C8h,00Fh,031h,02Bh,0C8h,0F7h,0D1h,081h,0F9h,000h,050h,000h db 000h,07Fh,0FEh,068h,019h,054h,000h,000h,083h,0C4h,004h,0D6h,00Fh,08Ah,0CFh,000h db 000h,000h,00Fh,08Bh,0C9h,000h,000h,000h,058h,0EBh,00Dh,077h,072h,06Fh,06Eh,067h db 020h,073h,065h,072h,069h,061h,06Ch,000h,0E9h,038h,0FFh,0FFh,0FFh,043h,03Eh,0F6h db 03Ch,0C5h,094h,053h,011h,0E8h,001h,000h,000h,000h,086h,0E8h,001h,000h,000h,000h db 0B8h,083h,044h,024h,004h,012h,083h,004h,024h,00Ah,0C3h,0F8h,050h,052h,00Fh,031h db 033h,0C8h,05Ah,033h,0C8h,058h,051h,059h,0F9h,00Fh,082h,006h,000h,000h,000h,000h db 06Bh,05Dh,082h,06Bh,0EBh,00Fh,0CFh,00Fh,0CFh,036h,00Fh,080h,0D3h,0FEh,0FFh,0FFh db 00Fh,081h,0CDh,0FEh,0FFh,0FFh,0DCh,050h,052h,00Fh,031h,033h,0C8h,05Ah,033h,0C8h db 058h,068h,0EFh,04Ch,000h,000h,083h,0C4h,004h,036h,00Fh,084h,06Dh,0FEh,0FFh,0FFh db 00Fh,085h,067h,0FEh,0FFh,0FFh,00Ah,00Fh,031h,08Bh,0C8h,00Fh,031h,02Bh,0C8h,0F7h db 0D1h,081h,0F9h,000h,050h,000h,000h,07Fh,0FEh,0EBh,00Bh,072h,065h,067h,069h,073h db 074h,065h,072h,065h,064h,000h,068h,027h,0ACh,000h,000h,083h,0C4h,004h,00Fh,08Ch db 0B3h,0FFh,0FFh,0FFh,00Fh,08Dh,0ADh,0FFh,0FFh,0FFh,094h,068h,075h,004h,000h,000h db 083h,0C4h,004h,0F3h,0F8h,00Fh,083h,004h,0FFh,0FFh,0FFh,000h,0BBh,08Dh,090h,07Ch db 097h,0E8h,001h,000h,000h,000h,0EAh,0E8h,001h,000h,000h,000h,008h,083h,044h,024h db 004h,012h,083h,004h,024h,00Ah,0C3h,010h,0F9h,00Fh,082h,01Ah,0FFh,0FFh,0FFh,000h db 02Bh,09Dh,0CDh,020h,0DBh,00Fh,031h,08Bh,0C8h,00Fh,031h,02Bh,0C8h,0F7h,0D1h,081h db 0F9h,000h,050h,000h,000h,07Fh,0FEh,0E8h,00Bh,000h,000h,000h,072h,065h,067h,069h db 073h,074h,065h,072h,065h,064h,000h,058h,068h,09Fh,00Ch,000h,000h,083h,0C4h,004h db 00Fh,088h,095h,0FFh,0FFh,0FFh,00Fh,089h,08Fh,0FFh,0FFh,0FFh,073h,0EBh,00Bh,072h db 065h,067h,069h,073h,074h,065h,072h,065h,064h,000h,00Fh,088h,007h,000h,000h,000h db 00Fh,089h,001h,000h,000h,000h,0A1h end; // junk instruction end while (MatchesIndex > 1) and (Result > 0) do begin Result := _PosForward(Substr, S, Result + 1, LenOfSubstr, LenOfS); // junk instruction begin asm jz @1 jnz @1 db $9a db $e8 @1: end; // junk instruction end if Result = 0 then Exit; // junk instruction begin asm db 0EBh, 1, 0Fh, 31h db 0F0h, 0EBh, 0Ch, 33h db 0C8h, 0EBh, 3, 0EBh db 9, 0Fh, 59h, 74h db 5, 75h, 0F8h, 51h db 0EBh, 0F1h end; // junk instruction end Dec(MatchesIndex); // junk instruction begin asm jz @1 jnz @1 db $e8 @1: end; // junk instruction end end; end; |
As you can see, the whole structure has been changed. It looks quite different from the original one. CodeMorph Delhi Code Obsfucator has inserted junk instructions into the source code. It has hidden the execution logic of the program. So, it will be quite difficult for hackers to understand and alter the code. In this way, the obfuscator enables you to protect your source code from attackers effectively.
Should I consider using CodeMorph Code Obfuscator?
CodeMorph Delphi Code Obfuscator generates and inserts junk code into your program randomly. As a result, it becomes very difficult for the attackers to reverse-engineer the code that you have produced. You can keep your Delphi application safe from security threats. If you’re looking to make it harder for illicit outfits to reverse engineer and examine how your code works then I think you might want to seriously consider taking a look at CodeMorph Delphi Code Obfuscator.
Next, find out how you can convert Int to String C++ in this article about Modern C++ Software.
RAD Studio is an all-round development environment full to the brim with great features designed to get you developing powerful apps for Windows, macOS, iOS and Android rapidly and efficiently, Why not download a trial copy today?
Design. Code. Compile. Deploy.
Start Free Trial Upgrade Today
Free Delphi Community Edition Free C++Builder Community Edition
Excellent👍
oops! there’s just no way to download the trail version of the tool from the website,that’s sad
Incorrect. Go to this page and you can download the trial version (I just tried it). http://www.sourceformat.com/download-codemorph.html
Download does not work.
Yes it seems like something is wrong with their website. I’ve sent them a note letting them know.
Are there other software similar to these that do things like creating spaghetti code, encrypting strings, adding junk code, etc., to make the task of reverse engineering more difficult?
What you are describing is called obfuscation.
It’s not normally necessary with Delphi code – it’s much less resistant to decompilation than languages based on the .Net platform and especially better than Python. However, there is a discussion here on Stack Overflow which has some tips about it: https://stackoverflow.com/questions/6225081/when-and-how-should-i-obfuscate-my-delphi-code