c 1 1 m e ta p r o g r a m m i n g a p p l i e d t o s o
play

C + + 1 1 M E TA P R O G R A M M I N G A P P L I E D T O S O F T - PowerPoint PPT Presentation

Oct 07, 2023 •472 likes •1.07k views

H A C K I N PA R I S 2 0 1 4 S E B A S T I E N A N D R I V E T C + + 1 1 M E TA P R O G R A M M I N G A P P L I E D T O S O F T WA R E O B F U S C AT I O N About me S i n c e J u n e 2 014 S e n i o r S e c u r i t y E n g i n e e

  1. H A C K I N PA R I S 2 0 1 4 S E B A S T I E N A N D R I V E T C + + 1 1 M E TA P R O G R A M M I N G A P P L I E D T O S O F T WA R E O B F U S C AT I O N

  2. About me S i n c e J u n e 2 014 S e n i o r S e c u r i t y E n g i n e e r a t S C RT ( S w i t z e r l a n d ) S e b a s t i e n A N D R I V E T � C y b e r fe m i n i s t & h a ck t i v i s t R e ve r s e e n g i n e e r I n t e l & A R M C + + , C , O b j - C , C # d e ve l o p e r T r a i n e r ( i O S & A n d r o i d a p p s e c )

  3. P R O B L E M

  4. Problem • Reverse engineering of an application if often like following the “white rabbit” • i.e. following string literals • Live demo • Reverse engineering of an application using IDA

  5. A S O L U T I O N O B F U S C AT I O N

  6. What is Obfuscation?

  7. Obfuscator O O ( ) =

  8. YES! It is also Katy Perry! • Same semantics • Obfuscated

  9. Obfuscation “Deliberate act of creating source or machine code difficult for humans to understand” – W I K I P E D I A , A P R I L 2 0 1 4

  10. Obfuscators classes • Transformation of source code • Manual transformation by programmers • Pre-processors • C++ template instantiation • Abstract Syntax Tree (AST) transformation • Transformation of binary code

  11. C++ templates O B J E C T 2 • Example: Stack of objects O B J E C T 1 • Push • Pop

  12. Simple stack • struct Stack 
 { 
 void push (void* object); 
 void* pop (); 
 }; • Stack stack; 
 Singer * britney_spears = new Singer (); 
 stack.push(britney_spears); 
 … • Singer * singer = stack.pop(); 
 singer->sing(); // singer = britney_spears

  13. Simple stack • Apple * apple = new Apple (); 
 stack.push(apple); 
 … • Singer * justin = stack.pop(); 
 justin->sing(); • Crash at runtime ! 
 We pop up an Apple , not a Singer !

  14. C++ template: type safety • template<typename T > 
 struct Stack 
 { 
 void push( T * object); 
 T * pop(); 
 }; • Stack < Singer > stack; 
 stack.push(new Apple ()); // compilation error

  15. Templates kinds • Functions templates • Class templates • (variables templates: C++14)

  16. Template parameters template<typename> class template pointer, reference template< > Type integral typename, class int, long, enum, …

  17. Integral parameters • Example: Fibonacci sequence F n = F n-1 + F n-1 F 0 = 0 F 1 = 1 
 0, 1, 1, 2, 3, 5, 8, … • template<int N> 
 struct Fibonacci { 
 static constexpr int value = 
 Fibonacci< N-1 >::value + Fibonacci< N-2 >::value; 
 }; • template<> struct Fibonacci< 1 > { static constexpr int value = 1; }; 
 template<> struct Fibonacci< 0 > { static constexpr int value = 0; }; • cout << Fibonacci<20>::value << endl;

  18. Usage • Not the same than: 
 int fibonacci(int n) { 
 return n <= 1 ? n : fibonacci(n-1) + fibonacci(n-2); } • fibonacci(5) is executed at runtime • Fibonacci<5> is evaluated at compile time • no opcode generated, no CPU cycle at runtime

  19. C++ metaprogramming • Programs that manipulate or produce programs • Subset of C++ • Turing-complete • Close to Functional programming • Part of C++ standards

  20. Application 1 - Strings literals obfuscation • original string is source code • original string in DEBUG builds • developer-friendly syntax • no trace of original string in compiled code in RELEASE builds

  21. 
 
 
 1 st implementation template<int... Indexes> 
 struct MetaString1 { 
 constexpr MetaString1(const char* str) 
 : buffer_ {encrypt(str[Indexes])...} { } 
 const char* decrypt(); 
 private: 
 constexpr char encrypt(char c) const { return c ^ 0x55; } 
 constexpr char decrypt(char c) const { return encrypt(c); } 
 private: 
 char buffer_[sizeof...(Indexes) + 1]; 
 };

  22. 
 
 
 1 st implementation template<int... Indexes> 
 struct MetaString1 { 
 constexpr MetaString1(const char* str) 
 : buffer_ {encrypt(str[Indexes])...} { } 
 const char* decrypt(); 
 private: 
 constexpr char encrypt(char c) const { return c ^ 0x55; } 
 constexpr char decrypt(char c) const { return encrypt(c); } 
 private: 
 char buffer_[sizeof...(Indexes) + 1]; 
 };

  23. 
 
 
 1 st implementation template<int... Indexes> 
 struct MetaString1 { 
 constexpr MetaString1(const char* str) 
 : buffer_ {encrypt(str[Indexes])...} { } 
 const char* decrypt(); 
 private: 
 constexpr char encrypt(char c) const { return c ^ 0x55; } 
 constexpr char decrypt(char c) const { return encrypt(c); } 
 private: 
 char buffer_[sizeof...(Indexes) + 1]; 
 };

  24. 
 
 
 1 st implementation template<int... Indexes> 
 struct MetaString1 { 
 constexpr MetaString1(const char* str) 
 : buffer_ {encrypt(str[Indexes])...} { } 
 const char* decrypt(); 
 private: 
 constexpr char encrypt(char c) const { return c ^ 0x55; } 
 constexpr char decrypt(char c) const { return encrypt(c); } 
 private: 
 char buffer_[ sizeof...(Indexes) + 1 ]; 
 };

  25. 
 
 
 1 st implementation template<int... Indexes> 
 struct MetaString1 { 
 constexpr MetaString1(const char* str) 
 : buffer_ {encrypt(str[ Indexes ]) ... } { } 
 const char* decrypt(); 
 private: 
 constexpr char encrypt(char c) const { return c ^ 0x55; } 
 constexpr char decrypt(char c) const { return encrypt(c); } 
 private: 
 char buffer_[ sizeof...(Indexes) + 1 ]; 
 };

  26. 
 
 
 1 st implementation template<int... Indexes> 
 struct MetaString1 { 
 constexpr MetaString1(const char* str) 
 : buffer_ {encrypt(str[Indexes])...} { } 
 buffer_{encrypt(str[0]), encrypt(str[1]), encrypt(str[2])} const char* decrypt(); 
 private: 
 constexpr char encrypt(char c) const { return c ^ 0x55; } 
 constexpr char decrypt(char c) const { return encrypt(c); } 
 private: 
 char buffer_[sizeof...(Indexes) + 1]; 
 };

  27. 
 
 
 1 st implementation template<int... Indexes> 
 struct MetaString1 { 
 constexpr MetaString1(const char* str) 
 : buffer_ {encrypt(str[Indexes])...} { } 
 const char* decrypt(); 
 private: 
 constexpr char encrypt(char c) const { return c ^ 0x55; } 
 constexpr char decrypt(char c) const { return encrypt(c); } 
 private: 
 char buffer_[sizeof...(Indexes) + 1]; 
 };

  28. 
 
 
 1 st implementation template<int... Indexes> 
 struct MetaString1 { 
 constexpr MetaString1(const char* str) 
 : buffer_ {encrypt(str[Indexes])...} { } 
 const char* decrypt(); 
 private: 
 constexpr char encrypt(char c) const { return c ^ 0x55; } 
 constexpr char decrypt(char c) const { return encrypt(c); } 
 private: 
 char buffer_[sizeof...(Indexes) + 1]; 
 };

  29. 
 
 
 1 st implementation template<int... Indexes> 
 struct MetaString1 { 
 constexpr MetaString1(const char* str) 
 : buffer_ {encrypt(str[Indexes])...} { } 
 const char* decrypt(); 
 R U N T I M E private: 
 constexpr char encrypt(char c) const { return c ^ 0x55; } 
 constexpr char decrypt(char c) const { return encrypt(c); } 
 private: 
 char buffer_[sizeof...(Indexes) + 1]; 
 };

  30. 
 
 
 1 st implementation - Usage #define OBFUSCATED1(str) (MetaString1<0, 1, 2, 3, 4, 5>(str).decrypt()) 
 cout << OBFUSCATED1(“Britney Spears”) << endl;

  31. 1st implementation - Problem • List of indexes is hard-coded • 0, 1, 2, 3, 4, 5 • As a consequence, strings are truncated!

  32. 2 nd implementation • Generate a list of indexes with metaprogramming • C++14 introduces std:index_sequence • With C++11, we have to implement our own version • Very simplified • MakeIndex<N>::type generates: • Indexes<0, 1, 2, 3, …, N>

  33. 2 nd implementation • Instead of: MetaString1<0, 1, 2, 3, 4, 5>(str) • we have: MetaString2< Make_Indexes<sizeof(str)-1>::type >(str)

  34. 2 nd implementation - Usage cout << OBFUSCATED2(“Katy Perry”) << endl; • No more truncation • But not possible to use custom suffixes • Problem with sizeof

  35. 3 rd implementation • In previous implementations, key is hard-coded constexpr char encrypt(char c) const { return c ^ 0x55; } • New template parameter for Key template<int... I, int K > 
 struct MetaString3<Indexes<I...>, K >

  36. Generating (pseudo-) random numbers • C++11 includes <random>, but for runtime, not compile time • MetaRandom<N, M> 
 N : Nth generated number 
 M : Maximum value (excluded) • Linear congruential engine • Park-Miller (1988), “minimal standard” • Not exactly a uniform distribution (modulo operation) • Recursive

  37. Seed • template<> 
 struct MetaRandomGenerator<0> { 
 static const int value = seed; 
 }; • How to choose an acceptable compile-time seed? • Macros (C & C++): • __TIME__ : compilation time (standard) • __COUNTER__ : incremented each time it is used 
 (non-standard but well supported by compilers)

  38. 3 rd implementation • Different keys for each compilation • thanks to __TIME__ • Different key for each string • thanks to __COUNTER__

  39. 4 th implementation • Different and random keys, great! • Why not go even further? • Choose a different encryption algorithm, randomly!

Download Presentation
Download Policy: The content available on the website is offered to you 'AS IS' for your personal information and use only. It cannot be commercialized, licensed, or distributed on other websites without prior consent from the author. To download a presentation, simply click this link. If you encounter any difficulties during the download process, it's possible that the publisher has removed the file from their server.

Recommend

Welcome to CSE 5/7338 Economics of Information Security Tyler Moore Computer Science &amp;

Welcome to CSE 5/7338 Economics of Information Security Tyler Moore Computer Science &amp;

Notes Welcome to CSE 5/7338 Economics of Information Security Tyler Moore Computer Science &amp; Engineering Department, SMU, Dallas, TX Lecture 1 Logistics Syllabus Motivation Calendar Notes Course website Most info:

229 views • 8 slides
Computer graphics 2: Graduate seminar in computational aesthetics Angus Forbes

Computer graphics 2: Graduate seminar in computational aesthetics Angus Forbes

Computer graphics 2: Graduate seminar in computational aesthetics Angus Forbes evl.uic.edu/creativecoding/cs526 Computer Graphics 2 instructor angus graeme forbes course syllabus http://evl.uic.edu/creativecoding/cs526 lab page

571 views • 45 slides
UCyber Meeting 4 Last Week... Discussed Dates of Siemens CDC visit Dominick gave a web

UCyber Meeting 4 Last Week... Discussed Dates of Siemens CDC visit Dominick gave a web

UCyber Meeting 4 Last Week... Discussed Dates of Siemens CDC visit Dominick gave a web development presentation Discussed future topics for meetings Talked about getting involved on our GH github.com/ucyber Moved

330 views • 8 slides
ELC 2013 Security: Best Practices for Embedded Systems John Mehaffey Senior System Architect

ELC 2013 Security: Best Practices for Embedded Systems John Mehaffey Senior System Architect

ELC 2013 Security: Best Practices for Embedded Systems John Mehaffey Senior System Architect Embedded Systems Division mentor.com/embedded Android is a trademark of Google Inc. Use of this trademark is subject to Google Permissions. Linux

544 views • 17 slides
CSCI 21 215 Soc ocial &amp; Eth thical Iss Issues In In Com omputing Class 8 Hackers,

CSCI 21 215 Soc ocial &amp; Eth thical Iss Issues In In Com omputing Class 8 Hackers,

CSCI 21 215 Soc ocial &amp; Eth thical Iss Issues In In Com omputing Class 8 Hackers, Hacktivists, Personal Responsibility Not otes Homework 2 is Due Tonight Homework 3 will be posted sometime Tomorrow (?) Homework 3s

457 views • 30 slides
1 Prof. S. Ben-Yaakov , Dc-DC Converters [7- 4] Full Bridge FB L V x V C V o S 1 S 3 C R T

1 Prof. S. Ben-Yaakov , Dc-DC Converters [7- 4] Full Bridge FB L V x V C V o S 1 S 3 C R T

Prof. S. Ben-Yaakov , Dc-DC Converters [7- 1] Half Bridge, Full Bridge, Push-Pull, Cuk, SEPIC Prof. S. Ben-Yaakov , Dc-DC Converters [7- 2] Buck topology L V X V x V o S V in R C D t t on T S Buck derived topologies Forward - one

513 views • 7 slides
Overview of AC-DC &amp; DC-AC Converters Pavol Bauer Learning objectives What are the

Overview of AC-DC &amp; DC-AC Converters Pavol Bauer Learning objectives What are the

Overview of AC-DC &amp; DC-AC Converters Pavol Bauer Learning objectives What are the possible topologies for AC- DC &amp; DC-AC converters for both single and three phase AC systems? How are these power converters operating?

352 views • 13 slides
Direct current motor BDC Commutator Current direction = is changed! F B I l The

Direct current motor BDC Commutator Current direction = is changed! F B I l The

Direct current motor BDC Commutator Current direction = is changed! F B I l The current I turns the loop, when it has turned half a lap the current direction is changed so it continnues to turn all the way around and so on.

348 views • 31 slides
rr r rt

rr r rt

rr r rt rstrtr t r rs rt r

633 views • 46 slides
Bridging Bridging Jean-Yves Le Boudec Fall 2009 1 1 Algorhyme I think that I shall never see

Bridging Bridging Jean-Yves Le Boudec Fall 2009 1 1 Algorhyme I think that I shall never see

COLE POLYTECHNIQUE FDRALE DE LAUSANNE Bridging Bridging Jean-Yves Le Boudec Fall 2009 1 1 Algorhyme I think that I shall never see a graph more lovely than a tree. h l l th t A tree whose crucial property is loop-free

564 views • 45 slides
DC MOTORS 101 Servos, DC motors, Stepper motors, motor drivers Agenda Start with PWM (Pulse

DC MOTORS 101 Servos, DC motors, Stepper motors, motor drivers Agenda Start with PWM (Pulse

1/20/14 DC MOTORS 101 Servos, DC motors, Stepper motors, motor drivers Agenda Start with PWM (Pulse Width Modulation) analog output feature of Arduinos equivalent to varying output voltage Use for dimming LEDs or

926 views • 59 slides
IMGD 3xxx - HCI for Real, Virtual, and Teleoperated Environments: Physical Feedback by Robert

IMGD 3xxx - HCI for Real, Virtual, and Teleoperated Environments: Physical Feedback by Robert

IMGD 3xxx - HCI for Real, Virtual, and Teleoperated Environments: Physical Feedback by Robert W. Lindeman gogo@wpi.edu Motivation We've looked at how to get (some) physical input from the user Now we look at providing physical

368 views • 14 slides
Disk complexes, arc complexes, and knots Darryl McCullough University of Oklahoma William Rowan

Disk complexes, arc complexes, and knots Darryl McCullough University of Oklahoma William Rowan

Disk complexes, arc complexes, and knots Darryl McCullough University of Oklahoma William Rowan Hamilton Geometry and Topology Workshop Trinity College August 28, 2008 1 Topics: I. The tree of knot tunnels: a classification of all tunnels

465 views • 34 slides
1.011 Project Evaluation Carl D. Martland Case Studies MIT Center for Transportation

1.011 Project Evaluation Carl D. Martland Case Studies MIT Center for Transportation

1.011 Project Evaluation Carl D. Martland Case Studies MIT Center for Transportation Studies The Rule of a Half In transportation improvement schemes, the benefits to the new users are approximately a half of the benefits to

270 views • 3 slides
Introduction to Computer Science CSCI 109 Readings St. Amant, 1-4, 8 China Tianhe-2 Andrew

Introduction to Computer Science CSCI 109 Readings St. Amant, 1-4, 8 China Tianhe-2 Andrew

Introduction to Computer Science CSCI 109 Readings St. Amant, 1-4, 8 China Tianhe-2 Andrew Goodney Fall 2019 Lecture 6: First Half Review October 6th, 2019 Where are we? 1 Review u Last time we got a little ahead u So well review

1.53k views • 101 slides
Modernizing NetBSD Networking Facilities and Interrupt Handling Ryota Ozaki

Modernizing NetBSD Networking Facilities and Interrupt Handling Ryota Ozaki

Modernizing NetBSD Networking Facilities and Interrupt Handling Ryota Ozaki &lt;ozaki-r@iij.ad.jp&gt; Kengo Nakahara &lt;k-nakahara@iij.ad.jp&gt; Overview of Our Work 1. MP-ify NetBSD networking facilities Goals 2. Scale up NetBSD

821 views • 66 slides
2013/14 Andrew Williams Chief Executive Kevin Thompson Finance Director Halma Half Year

2013/14 Andrew Williams Chief Executive Kevin Thompson Finance Director Halma Half Year

Half Year results 2013/14 Andrew Williams Chief Executive Kevin Thompson Finance Director Halma Half Year results November 2013 Summary Half Year 2013/14 Revenue Profit ROS Growth &amp; +12% +9% 19.5% High returns 333m

1.04k views • 38 slides
Building a Drone from scratch Igor Stoppa Embedded Linux Conference October 2016 V 0.1.0

Building a Drone from scratch Igor Stoppa Embedded Linux Conference October 2016 V 0.1.0

Building a Drone from scratch Igor Stoppa Embedded Linux Conference October 2016 V 0.1.0 Disclaimers Opinions expressed in these foils represent exclusively to the authors view. All Logos and Trademarks represented belong to their

579 views • 38 slides
FLYING FERRIES AND MOVING PAVEMENTS? Pedestrian routing on rare modes of transport Guillaume

FLYING FERRIES AND MOVING PAVEMENTS? Pedestrian routing on rare modes of transport Guillaume

FLYING FERRIES AND MOVING PAVEMENTS? Pedestrian routing on rare modes of transport Guillaume Rischard @grischard user/Stereo Some of humanitys most beautiful cities are built next big geographical obstacles, next to cli ff s, valleys

636 views • 10 slides
Handling Handles: Non-Planar AdS/CFT Integrability Part 2 (Part 1 by J. Caetano) Till Bargheer

Handling Handles: Non-Planar AdS/CFT Integrability Part 2 (Part 1 by J. Caetano) Till Bargheer

Handling Handles: Non-Planar AdS/CFT Integrability Part 2 (Part 1 by J. Caetano) Till Bargheer Leibniz University Hannover 1711.05326 : TB, J. Caetano, T. Fleury, S. Komatsu, P. Vieira 18xx.xxxxx : TB, J. Caetano, T. Fleury, S. Komatsu, P.

660 views • 21 slides
Raytracing in hyperbolic 3-manifolds and link complements Matthias Goerner November 13th, 2019

Raytracing in hyperbolic 3-manifolds and link complements Matthias Goerner November 13th, 2019

Outline Triangulating a link complement Inside view of a hyperbolic 3-manifold Raytracing in hyperbolic 3-manifolds and link complements Matthias Goerner November 13th, 2019 Matthias Goerner Raytracing in hyperbolic 3-manifolds and link

458 views • 32 slides
ECE 3574: Applied Software Design InterProcess Communication with Pipes and Sockets Today we are

ECE 3574: Applied Software Design InterProcess Communication with Pipes and Sockets Today we are

ECE 3574: Applied Software Design InterProcess Communication with Pipes and Sockets Today we are going to look at concurrent programming using multiple OS processes. communicating processes Unix and Windows pipes Unix fork + pipes

271 views • 13 slides
1.5. I/O 135 Serial Communication Simplex Duplex Half-Duplex 136 Serial Communication

1.5. I/O 135 Serial Communication Simplex Duplex Half-Duplex 136 Serial Communication

1.5. I/O 135 Serial Communication Simplex Duplex Half-Duplex 136 Serial Communication Master-Slave (Multi-)Master Multi-Slave Master Slave Master Master-Multi-Slave Slave Master Slave Slave Slave Slave 137 Serial Communication

457 views • 27 slides
k-set agreement in communication networks with omission faults Emmanuel Godard Eloi Perdereau

k-set agreement in communication networks with omission faults Emmanuel Godard Eloi Perdereau

k-set agreement in communication networks with omission faults Emmanuel Godard Eloi Perdereau Laboratoire dInformatique Fondamentale 02/10/2017 DESCARTES 2-4 octobre 2017 - Chasseneuil-du-Poitou Model and problem Distributed model The

669 views • 55 slides

More recommend