Post Category Programming

Executable code protection and obfuscation in MacOS

If you, like me, want to distribute a binary executable program for macOS and introduce at least a minimal level of protection—such as hiding text and literals in the binary or obfuscating the code—you may notice that, as of now (end of 2024), few tools are available for this purpose. Unlike Windows, which has numerous EXE protection software options, macOS developers often find themselves at a disadvantage due to the lack of such tools.

This information may be helpful if you are developing in C or C++ and compiling your program using GCC or Clang.

I found “Hikari”, a custom Clang toolchain: https://github.com/HikariObfuscator/Hikari

Although its page says that it is already deprecated as of 2024, it is still usable and has at least a few actively maintained forks.

Hikari is a modified version of LLVM that incorporates several advanced obfuscation techniques to protect software from reverse engineering. Obfuscation in Hikari essentially transforms the code so that it is functionally the same but is much harder for a reverse engineer to analyze and understand. Here’s an overview of the main concepts and techniques involved in Hikari obfuscation:

1. Purpose of Obfuscation

Obfuscation aims to protect intellectual property, software algorithms, and proprietary logic from being extracted or understood through reverse engineering. By making the code harder to read or follow, obfuscation raises the difficulty of tasks like decompiling, debugging, or reconstructing code logic. It can increase the time, resources, and expertise needed to analyze a binary, deterring attackers or making reverse engineering impractical.

2. Techniques Used in Hikari Obfuscation

Hikari employs a variety of techniques, which can be enabled individually or as a package. Here are some of the core methods:

A. Control Flow Flattening

  • Concept: Control flow flattening reorders and reorganizes the control flow in a way that hides the logical structure of the code.
  • Implementation: Hikari uses a “dispatcher loop” that handles all branching within a function. Instead of straightforward conditional branches, a central dispatcher routes the program flow based on values, making it challenging to reconstruct the original branching structure.
  • Effect: This approach confuses tools that attempt to follow the program’s execution path, making it much harder to understand the logic and purpose of functions.

B. Bogus Control Flow Insertion

  • Concept: Bogus control flow adds fake or meaningless code paths that appear as potential execution paths but are never used.
  • Implementation: Hikari inserts fake branches and conditions that look valid but do not affect the actual program outcome. These branches are interwoven with the real ones.
  • Effect: By adding these paths, Hikari increases the complexity of the program’s control flow, making static analysis and decompilation much harder. The extraneous paths mislead reverse engineers, wasting their time on non-functional code paths.

C. Function Call Obfuscation

  • Concept: Function call obfuscation hides or complicates direct calls to functions, making it harder to trace function calls and understand inter-function relationships.
  • Implementation: Hikari can replace direct function calls with indirect calls or use lookup tables, where a function is called by referencing its address through an intermediary step.
  • Effect: This obfuscation disrupts typical static analysis methods that rely on direct calls, making it harder to
>>> Click to read the full post...

Signing your executable using a Code Signing certificate

If you, like me, ever need to sign your executable tool or document using a code signing certificate, this guide may be helpful. In this post, I will tell you how to sign your executable using Certum’s SimplySign.

When searching for code signing certificate providers, one of the options is Certum. They offer some of the most affordable certificates (although still expensive). I needed to sign my freeware tool, AFT SonicDecloner, to distribute it to users and prevent it from triggering Windows notifications like “unverified program” or being flagged by antivirus software.

Certum provides a way to sign applications without any hardware tokens or readers. Instead, they offer a desktop tool called SimplySign, which you can install on Windows. It acts like a hardware reader, making your certificate available in Windows.

Here is the procedure:

1. Purchase a Code Signing Certificate

First, you need to register with Certum and purchase one of their Cloud Code Signing certificates—either regular or EV (Extended Validation). EV implies extended verification and is the most expensive option. The EV certificate cost me €379 for one year (as of the end of 2024).

2. Complete Identity Verification

Once purchased, you will need to go through an identity verification process, during which you will be requested to present various documents proving your identity. You will also need to pass a live presence test—an automated procedure using a webcam. The entire process takes about one week.

3. Activate Your Certificate

After your certificate is issued, the technical work begins.

You will receive two emails from Certum:

  • One email will include a special secret code — a sequence of letters.
  • Another email will provide a link to activate the certificate and information about the SimplySign mobile app, which is available on Google Play and the App Store.

Here’s what you need to do:

  1. Install the SimplySign app on your mobile device, but do not proceed further yet.
  2. On your computer, use the activation link from the Certum email to open a login page. The page will ask for the secret code, which you will enter. You will then be presented with a QR code on the screen.
  3. In the SimplySign app on your mobile device, enter your email address and select the option to authenticate using a QR code. Scan the QR code displayed on your computer screen with your phone’s camera.
  4. Once authenticated, choose the option indicating that your primary use of the app will be to generate tokens. A token is a numerical code that is valid for a limited time.

4. Install SimplySign Desktop

  • Go to the Certum website and find the SimplySign Desktop installation. Install it on your computer. I used Windows, but other platforms are available.
  • After installation, run the application and enter your email address.
  • Open the SimplySign app on your mobile device and generate a token. Use this token on your computer to authenticate with SimplySign Desktop.
  • The SimplySign Desktop program will log you in if everything is done correctly. It will reside in the system tray near the clock. You can open it and see your available certificates. Voilà! You are authenticated and should now
>>> Click to read the full post...

AFT SonicDeCloner FREE — The Ultimate Acoustic De-Duplication Solution

I am thrilled to introduce AFT SonicDeCloner, a free tool by AudioWatermarking.com for acoustic audio de-duplication. AFT SonicDeCloner is built to recognize acoustically similar audio files, or “clones,” across various formats by using advanced, patented acoustic fingerprinting technology. Unlike traditional file comparison methods, this tool listens to audio files just like the human ear, identifying duplicates originating from the same performance or recording, regardless of file compression or format.

Key Features:

  • Human-like Acoustic Detection: Matches audio based on sound content, not just byte data, id3 tags or meta information.
  • Format-Agnostic: Compatible with all major audio formats.
  • Robust Performance: Detects duplicates even in altered versions, including pitch shifts or distortions.
  • ABSOLUTELY FREE for Non-Commercial Use: Ideal for personal audio management.
  • Cross-Platform Compatibility: Works on Windows, Mac OS, and Linux.
  • Standalone and Offline: Does not require installation and performs without internet connectivity.

Who It’s For: Designed for audiophiles, DJs, sound engineers, and music enthusiasts, AFT SonicDeCloner helps manage audio collections, removing unnecessary duplicates for a more organized, streamlined library. If you value the quality and organization of your audio collection, AFT SonicDeCloner is the ultimate solution to help you achieve a clean, efficient, and enjoyable music library.

Download AFT SonicDeCloner today at www.AudioWatermarking.com/sonicdecloner and experience acoustic de-duplication that brings clarity to your collection.

AWT technology secures new US Patent

I’m pleased to share some news from my small audio DSP software house at www.AudioWatermarking.com. I have just been granted US Patent 11,978,461 — a key addition to the growing collection of innovations, marking another significant personal and professional milestone in my journey at www.AudioWatermarking.com.

This is the third major patent in the line of patents protecting my core DSP technologies focused on audio watermarking and acoustic fingerprinting. Our suite of tools, including Audio Watermarking Tools (AWT) and Audio Fingerprinting Tools (AFT), is at the forefront of forensic audio watermarking, steganography, and acoustic fingerprinting software solutions. This patent is another small personal achievement in my humble engineering career. It is also a step forward for AWT technology and the trust and confidence it provides its users. It’s moments like these that reflect the cumulative effort of countless hours of work and the unwavering support from family and customers.

We look forward to continuing to innovate and provide our clients with state-of-the-art solutions that meet their evolving needs. Your support fuels our continued passion and commitment to enhancing the security and reliability of audio DSP technologies.

Please visit www.audiowatermarking.com to explore how AWT technologies might help meet your needs.
Permanent link to the patent at USPTO website.