Summary
In this chapter, we have understood what obfuscation is all about. As a means of hiding data, simple cryptography is one of the most commonly used techniques. Identifying simple decryption algorithms requires looking for the cipher key, the data to decrypt, and the size of the data. After identifying these decryption parameters, all we need to do is place a breakpoint at the exit point of the decryption code. We can also monitor the decrypted code using the memory dump of the debugging tool.
We cited a few methods used in obfuscation, such as control flow flattening, garbage code insertion, metamorphic code, dynamically importing API functions, and directly accessing the process information block. Identifying obfuscated codes and data helps us overcome the analysis of complicated code. Obfuscation was introduced as a way to conceal information.
In the next chapter, we'll continue introducing the same concept, but in particular, we'll look how they are implemented in an executable file...