stackoom
  简体   繁体   中英

Does SPIR-V bytecode provide obfuscation?

 原文  2016-09-01 19:32:56       opengl/ glsl/ obfuscation/ vulkan/ spir-v

Question

It is straightforward for a reverse engineer to attach a graphics debugger to an OpenGL application to extract the shader source code. It is my understanding that Vulkan, on the other hand, uses SPIR-V bytecode, rather than passing plaintext shaders to the graphics API.

Does SPIR-V bytecode obfuscate the shader source, or is it fairly easy to decompile?

3 answers

solution1
 4 ACCPTED  2016-09-01 20:37:58

There is an entire specification explaining, in explicit detail, the behavior of each and every SPIR-V opcode. That's kinda the opposite of obfuscation. But there's more to it than that.

SPIR-V, despite being "assembly", retains a rich amount of information about the source program. It contains structure definitions, function definitions with parameter and return types, looping and conditional constructs, etc. Writing a decompiler for SPIR-V is not at all difficult.

SPIR-V also can optionally contain fragments of text that annotate various SPIR-V definitions. This is more of a function of the environment that compiled to SPIR-V, but the output SPIR-V can contain variable names, structure names, and etc. These OpName decorations can all be easily culled if you wish.

But even without names, all of the important structural information is there. So the security gains from SPIR-V compared to raw GLSL is rather minimal.

solution2
 3  2016-09-01 20:04:42

It doesn't do any real obfuscation. The only thing it could really do is strip the variable names.

If the application is not willing to complicate the actual calculation then that's about it.

It cannot do much with control flow because vulkan requires structured control flow. Where each conditional branch must have a merge block and every loop has a strict structure.

solution3
 1  2016-09-02 15:13:51

SPIR opcodes behaves like bytecodes in Java:

  • it creates a neutral meta-operators, the opcodes, closer of machine raw codes, to easy Spir driver translation to raw GPU code.
  • as advantage, the opcodes avoids the distribution of plain source codes, and the compiled spir opcodes should have compile issues, as typo or syntax errors - it is already compiled;
  • a disadvantage is the reversibility of binary representation to plain source code again.

There is no easy workaround to the reversibility of opcodes to plain code. Some solutions used in Java field are:

  • obfuscation - like ProGuard does for Java's bytecode - not sure if this is possible with SPIR;
  • code encryption with symmetric key - the key is hardcoded in your C code.
  • code encryption with asymmetric keys - private key comes from web, after login to server.

暂无
暂无

The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.

Related Question Why do we need SPIR-V? Is it possible to use bindless textures in SPIR-V shaders on OpenGL 4.5? How could I simply compile GLSL to SPIR-V? How would I set sampler2D uniforms in OpenGL in a SPIR-V Shader? Does any graphics API implement shader obfuscation? Does OpenGL allow you to provide array attributes when using glMultiDrawArrays? What does the OpenGL command suffix 'v' represent? “Bytecode” instead of hardcoded shader performance Why does the number of vt and v elements in a blender .obj file differ? How to provide computed number of workgroups to glDispatchComputeIndirect?
Related Tags
 
粤ICP备18138465号  © 2020-2024 STACKOOM.COM