Product Information
Product Sheets
MCFACT - Obfuscation vs. MCFACT
In the following section, the commonly used technique of program code obfuscation is compared to Syncrosoft’s MCFACT technology.
Program Code Obfuscation
Program code obfuscation methods transform program code in a way that it becomes less intelligible to a human, thus, making it more difficult to reverse-engineer and harder to tamper with. For instance, program structures and variables are hidden in complex ways, and the data flow is modified.
In general, program code obfuscation transformation methods are not based on a hard mathematical problem. In fact, the obfuscated program code remains debuggable and can therefore be reverse-engineered.
For software copy protection a security hardware, like a dongle or a smart-card, is essential. When using obfuscation techniques, security funcionality like the hardware link is just added to the program, and therefore can be removed without changing essential program funcionality.
MCFACT
The MCFACT technology transforms program operations into a set of interacting finite automata. In fact, each operation of the program code corresponds to a cooperation of composed finite automata. Composed finite automata are used to execute encrypted operations and to process encrypted data without decrypting them ever.
MCFACT security is based on the hard mathematical problem of large finite automata decomposition. An adversary can not reverse-engineer the automata, because a reverse transformation from finite automata to program code would involve decomposition of finite automata. It is not feasible to debug the program data at runtime because they are never decrypted.
When using MCFACT, the security functionality is not simply added to existing program code, but the program code itself is transformed. Therefore, it is not possible to remove the security funcionality without removing essential program functionality.
The finite automata may be enhanced using composition methods to operate properly only in conjunction with a security hardware, e.g. a smart-card.
Conclusion
Obfuscation methods provide limited security. They are useful for quick protection of low-value program code and data for a limited time. MCFACT, on the other hand, can provide long-term security for program code and data requiring highest level of protection.