Monday, 7 January 2013

Obfuscation, virtue or vice?

Obfuscation is the art of hiding intended meaning in communication, making message confusing, intentional ambiguous, and harder to interpret. The term, in software development, is the deliberate act of creating complex language syntax, i.e. source or machine code that is difficult for humans to follow and puzzle out.

The emerging field of software studies shows a remarkable interest in code obfuscation, a fun practice for the creative and a bad characteristic for the evil. Imagine having a team of people implementing services for your organisation. Depending on their professionalism, expertise, matureness or habitual behaviour will potentially lead you to either heaven or hell.

<script type='text/javascript'>
var s="=q?Ifmmp-!Xpsme =0q?";
m=""; for (i=0; i<s.length; i++) { if(s.charCodeAt(i) == 28){  m+= '&';} else if (s.charCodeAt(i)== 23) {  m+= '!';} else {  m+=String.fromCharCode(s.charCodeAt(i)-1);

The above example is the <p>Hello, World!</p> in an html segment.

These two elements are functionally equivalent; however the latter is much shorter and, especially for the average developer, more easy to read and understand.

In addition, here's a similar version of hello world in C.

#include "stdio.h"
#define e 3
#define g (e/e)
#define h ((g+e)/2)
#define f (e-g-h)
#define j (e*e-g)
#define k (j-h)
#define l(x) tab2[x]/h
#define m(n,a) ((n&(a))==(a))

long tab1[]={ 989L,5L,26L,0L,88319L,123L,0L,9367L };
int tab2[]={ 4,6,10,14,22,26,34,38,46,58,62,74,82,86 };

main(m1,s) char *s; {
    int a,b,c,d,o[k],n=(int)s;
    if(m1==1){ char b[2*j+f-g]; main(l(h+e)+h+e,b); printf(b); }
    else switch(m1-=h){
        case f:
        case h:
        case g:
            if(m1-=e) main(m1-g+e+h,s+g); else *(s+g)=f;
            for(*s=a=f;a<e;) *s=(*s<<e)|main(h+a++,(char *)m1);

The subject of obfuscation can be discussed infinitely but the interesting thing is that the problem might point to the incursion of a social and economic context into the practice of programming. Questions like "Do I have to secure code?", "Will other people work with it?", "What seems to be the real value?", "Is it vanity driven only?", "Is this something I have to reuse?" should be answered well in advance.

Should you consider this field of some importance, get ready to deal with tons of available information and a very creative path. I'm confident you'll also appreciate the worldwide obfuscation contests in a wide variety of languages. Remember, readable code is not a requirement on the same level; but this is an interesting moment for those interesting in studying or making software, and of course, the potential for radical arts also remains radically open.

No comments: