Geek Answers Handbook

Using polymorphic code for legitimate purposes?

I recently came across the term "Polymorphic code" and wondered if anyone could suggest a legitimate (that is, legal and business-friendly software) reason to use it in a computer program? Links to real world samples will be appreciated!

Before someone answers, telling everyone about the benefits of polymorphism in object-oriented programming, read the following definition for polymorphic code (taken from Wikipedia ):

"A polymorphic code is a code that uses a polymorphic engine for mutations, preserving the original source algorithm, that is, each time you run the code, it changes itself, but the function of the code will not change completely."

Thanks, MagicAndi.

Update

Summary of responses:

  • Source code runtime optimization
  • Assigning a “DNA fingerprint” to each individual copy of the application
  • Obfuscation program to prevent reverse engineering

I also introduced the term metamorphic code .

+6
metaprogramming
source share
6 answers

Optimization of the runtime of the source code based on the actual performance statistics collected when the application was launched in its real environment and real inputs.

+5
source share

Digital watermarking , something is often done to determine who is responsible for a track leak, for example. This makes each copy of the music unique, so that copies can be traced back to the original owner, but do not affect the sound quality of the track.

Something like this could be done for compiled software by running each individual copy using a polymorphic engine before distributing it. Then, if the hacked version of this software is released on the Internet, the developer will be able to tell who hacked it by looking at the specific options developed by the polymorphic engine (a kind of DNA test). As far as I know, this method has never been used in practice.

This is not quite what you were looking for, I think, since the polymorphic engine does not spread with the code, but I think that it is closest to the legitimate business that you will find for such a method.

+4
source share

Polymorphic code is a good thing, but metamorphism is even nicer. For legitimate purposes: well, I can’t think of anything else but protection against hacking and copy protection. Look at vx.org.ua if you are not using the real world (not so legal)

+3
source share

As Sami notes , on-the-fly optimization is a great application for polymorphic code. A great example of this is the Fast Fourier Transform in the West . He has at his disposal a number of solvers, which he combines with self-profiling to configure code and solver parameters during subsequent launches. As a result, the program is optimized for your computing environment, faster with subsequent launches!

A related idea that might be interesting is computational control . It is the practice of changing the way of performing large simulations as you continue to focus on areas of interest to the researcher. The overall purpose of the simulation does not change, but the feedback loop acts to optimize the calculation. In this case, the executable code is not explicitly rewritten, but the effect is similar from the user's point of view.

+2
source share

Polymorphic code can be used to obfuscate weak or patented algorithms that can use eg encryption. There are many "legitimate" purposes for this. The term "legal" these days is limited when it comes to IT. IT core paradigms contain security. Do you use polymorphic shellcode in exploits or detect such code using an AV scanner. You should be aware of this.

+1
source share

Obfuscate the program, i.e. prevent reverse engineering: the goal is to protect IP (Intellectual Property).

0
source share

More articles:


All Articles