Obfuscation – CompTIA Security+ SY0-501 – 6.2

One way to slow down an attacker is to make things unclear. In this video, you’ll learn about some common implementations of obfuscation.

<< Previous Video: Key Stretching Algorithms Next: Wireless Cryptographic Protocols >>

What if you didn’t want to encrypt information but you still wanted to make it a little bit more difficult to understand? This is the process of obfuscation. Obfuscation means that we take something and make it much more difficult to understand. It’s not impossible. If you had enough time and enough patience, you could probably put it back together in a way that would make sense to you.

For example, a lot of developers will take source code that’s very easy to read, and they’ll send it through an obfuscation engine that now makes it very difficult to understand what the application is doing. This doesn’t change how the application works, it changes how the source code looks to the human eye.

One very common form of obfuscation is to take information and hide it inside of a picture. We call this steganography. One way to make data less readable is to put it through a particular cipher like Exclusive OR or XOR. With XOR, we’re comparing two different types of input to be able to create a single output. If both of those inputs are different, then we mark them as true. If both of those inputs are the same, then we mark them as false.

In our particular example, true would be a 1, and false would be 0. So if we have a 0 and a 1, those inputs differ so we mark them as true with a 1. If we have two inputs that are identical, for instance, 1 and a 1, we mark those as false, or with a 0.

This means that you can take a bit of plaintext, and then take a predefined key and perform an XOR to create what effectively is a ciphertext. To be able to get back to the original plaintext, we simply reverse the process. We take our ciphertext, we perform an XOR using exactly the same key, and we’re returned with exactly the same plaintext that we started with at the beginning.

As we’ve already seen with things like our blocked cipher modes, we use XORs extensively in cryptography. And if your key is truly random, this is creating a theoretically unbreakable method of obfuscating data. Another form of obfuscation is using a substitution cipher. Normally, we would have A through Z, but instead we scramble these up into something that substitutes one letter for another.

For example, A would be substituted with Z, B would be substituted with E, and we have the entire cipher listed here. This means if we have a phrase such as “We are discovered,” we could replace each of those letters with the ciphertext alphabet to have our obfuscated phrase.

Another form of substitution cipher is the Caesar cipher, where every letter is substituted with another at a fixed position. For example, you may have the entire alphabet shifted over a number of letters, so that instead of an E, we’re substituting the E with a B.

These ciphers are obviously easy to brute force. If you know the system, it’s very easy to decrypt it. But in its encrypted form, it does obfuscate the original message. There’s a standard form of the Caesar cipher called ROT13, which stands for rotate by 13 places, and substitute that letter with the other. For example, URYYB substituted 13 places is the same as hello.

You commonly see ROT13 used in online forums or online messages, where someone might want to provide a spoiler or something that they don’t want other people to immediately see, but they want to provide people with a way to decrypt or unobfuscate the message so that they can read it later.