Hyla, TomaszByczyk, Sebastian2022-12-272022-12-272023-01-03978-0-9981331-6-4https://hdl.handle.net/10125/103470One problem for manufacturers of IoT devices is protecting intellectual rights to the software. Unprotected software can easily be copied or analysed and used on other devices. Proving another party that the source code has been illegally copied is difficult. One of the solutions is code obfuscation, i.e., modifying the code, so it works the same way, but its structure is complicated to understand and analyse. The paper presents a solution dedicated to IoT devices that combines code obfuscation techniques and uses the trusted platform module to decrypt part of the data during execution. A dedicated obfuscation method is described. Experiments show that the method increases the time needed to change the code at least several times, and some junior programmers cannot understand an obfuscated code. Test results show almost no similarity between the code in clear form and obfuscated form. The obfuscated code is more complicated but takes slightly longer to execute.9engAttribution-NonCommercial-NoDerivatives 4.0 InternationalSoftware Development for Mobile Devices, the Internet-of-Things, and Cyber-Physical Systemscode analysisiot deviceobfuscationreverse engineeringsource codetpmtext10.24251/HICSS.2023.836