dynamic metamorphic and opensource virtual machines
play

Dynamic, Metamorphic (and opensource) Virtual Machines A. Desnos - PowerPoint PPT Presentation

Sep 13, 2022 •444 likes •1.21k views

Introduction Obfuscation Virtual Machines Android/Java appplications Conclusion Dynamic, Metamorphic (and opensource) Virtual Machines A. Desnos ESIEA - Operational Cryptology and Virology Laboratory (CVO) 38 rue des Dr Calmette et Gurin,

  1. Introduction Obfuscation Virtual Machines Android/Java appplications Conclusion Dynamic, Metamorphic (and opensource) Virtual Machines A. Desnos ESIEA - Operational Cryptology and Virology Laboratory (CVO) 38 rue des Dr Calmette et Guérin, 53 000 Laval, France desnos@esiea.fr Hack.lu 2010 A. Desnos Dynamic, Metamorphic (and opensource) Virtual Machines

  2. Introduction Obfuscation Virtual Machines Android/Java appplications Conclusion Current section Introduction 1 Obfuscation 2 Virtual Machines 3 Android/Java appplications 4 Conclusion 5 A. Desnos Dynamic, Metamorphic (and opensource) Virtual Machines

  3. Introduction Obfuscation Virtual Machines Android/Java appplications Conclusion Introduction New techniques to enable efficient software obfuscation and protection Innovative Reusable Opensource A. Desnos Dynamic, Metamorphic (and opensource) Virtual Machines

  4. Introduction Obfuscation Virtual Machines Android/Java appplications Conclusion Current section Introduction 1 Obfuscation 2 Virtual Machines 3 Android/Java appplications 4 Conclusion 5 A. Desnos Dynamic, Metamorphic (and opensource) Virtual Machines

  5. Introduction Obfuscation Virtual Machines Android/Java appplications Conclusion Obfuscation Impossible? On the (Im)possibility of Obfuscating Programs, CRYPTO 2001 (B. Barak, O. Goldreich R. Impagliazzo, S. Rudich, A. Sahai, S. Vadhan and K. Yang) Creating an obfuscator is impossible But you can play with the time and the result A. Desnos Dynamic, Metamorphic (and opensource) Virtual Machines

  6. Introduction Obfuscation Virtual Machines Android/Java appplications Conclusion Obfuscation T-Obfuscation On the possibility of practically obfuscating programs - Towards a unified perspective of code protection (Philippe Beaucamps, Eric Filiol) You have to estimate the time ( τ ) required to break your protection Window of time But this mainly relates to malwares or cyber attacks A. Desnos Dynamic, Metamorphic (and opensource) Virtual Machines

  7. Introduction Obfuscation Virtual Machines Android/Java appplications Conclusion Obfuscation Definition of Obfuscation in our context We are not in a context of cyber attacks, We must try to protect a software against evil guys to steal the apps (or part of them ) and to resell them into the market by basic decompilation, and (un)obfuscation, We must use multiple technics, and not only basic packing. A. Desnos Dynamic, Metamorphic (and opensource) Virtual Machines

  8. Introduction Obfuscation Virtual Machines Android/Java appplications Conclusion Obfuscation Using Virtual Machines? Actually it is one of the most difficult problems for malware analysts But it is not a full VM like Qemu, Bochs, Vmware VMProtect, Themida use VM Of course, it is just one step for the software protection A. Desnos Dynamic, Metamorphic (and opensource) Virtual Machines

  9. Introduction Obfuscation Virtual Machines Android/Java appplications Conclusion Current section Introduction 1 Obfuscation 2 Virtual Machines 3 Android/Java appplications 4 Conclusion 5 A. Desnos Dynamic, Metamorphic (and opensource) Virtual Machines

  10. Introduction Obfuscation Virtual Machines Android/Java appplications Conclusion Virtual Machines What’s ? Simple code which interprets another one Easy to use and modify Dynamic Metamorphic Fast Steps Take the original instruction code (ASM, Bytecodes ...) Transform it into the desired intermediate language (IL) Build the VM Run it! A. Desnos Dynamic, Metamorphic (and opensource) Virtual Machines

  11. Introduction Obfuscation Virtual Machines Android/Java appplications Conclusion Virtual Machines What’s ? Simple code which interprets another one Easy to use and modify Dynamic Metamorphic Fast Steps Take the original instruction code (ASM, Bytecodes ...) Transform it into the desired intermediate language (IL) Build the VM Run it! A. Desnos Dynamic, Metamorphic (and opensource) Virtual Machines

  12. Introduction Obfuscation Virtual Machines Android/Java appplications Conclusion Virtual Machines Which IL? Plainty of IL ... But we can use anyone! REIL Zynamics REIL: A platform-independent intermediate language of disassembled code for static code analysis Thomas Dullien and Sebastian Porst http://www.zynamics.com/downloads/csw09.pdf A. Desnos Dynamic, Metamorphic (and opensource) Virtual Machines

  13. Introduction Obfuscation Virtual Machines Android/Java appplications Conclusion Virtual Machines Which IL? Plainty of IL ... But we can use anyone! REIL Zynamics REIL: A platform-independent intermediate language of disassembled code for static code analysis Thomas Dullien and Sebastian Porst http://www.zynamics.com/downloads/csw09.pdf A. Desnos Dynamic, Metamorphic (and opensource) Virtual Machines

  14. Introduction Obfuscation Virtual Machines Android/Java appplications Conclusion Virtual Machines REIL 17 instructions (ADD, AND, BISZ, BSH, DIV, JCC, LDM, MOD, MUL, NOP, OR, STM, STR, SUB, UNDEF, UNKN, XOR) 3 operands (but some instructions use 0 or 2 operands) Operand can be a: REIL REGISTER (no limit about the number of registers), REIL INTEGER, REIL OFFSET. Each operand has a specific size and the third operand is classicaly the output operand A. Desnos Dynamic, Metamorphic (and opensource) Virtual Machines

  15. Introduction Obfuscation Virtual Machines Android/Java appplications Conclusion Virtual Machines REIL Format INSTR (X, bX), (Y, bY), (Z, bZ) REIL example ADD (t0, b4), (0x90, b4), (t1, b4) A. Desnos Dynamic, Metamorphic (and opensource) Virtual Machines

  16. Introduction Obfuscation Virtual Machines Android/Java appplications Conclusion Virtual Machines REIL Format INSTR (X, bX), (Y, bY), (Z, bZ) REIL example ADD (t0, b4), (0x90, b4), (t1, b4) A. Desnos Dynamic, Metamorphic (and opensource) Virtual Machines

  17. Introduction Obfuscation Virtual Machines Android/Java appplications Conclusion Virtual Machines REIL example Assembly instruction : "push ebp" ⇒ SUB (esp, b4, 0, 0), (0x4, b4, 1, 0), (esp, b4, 0, 0) ⇒ STM (ebp, b4, 0, 0), , (esp, b4, 0, 0) A. Desnos Dynamic, Metamorphic (and opensource) Virtual Machines

  18. Introduction Obfuscation Virtual Machines Android/Java appplications Conclusion Virtual Machines Transformation Each operand : type size Types, Sizes, OP_CODE, O1, O2, O3 1320229, 262148, 233, 3049, 0, 49 A. Desnos Dynamic, Metamorphic (and opensource) Virtual Machines

  19. Introduction Obfuscation Virtual Machines Android/Java appplications Conclusion Virtual Machines Dynamic bytecodes At each generation of a VM the format is different the encoding is different opcodes (instructions + registers) are different A. Desnos Dynamic, Metamorphic (and opensource) Virtual Machines

  20. Introduction Obfuscation Virtual Machines Android/Java appplications Conclusion Virtual Machines Dynamic functions Implicit by the format and opcodes But it is possible to find "static" patterns ⇒ We must generate more dynamic code for the VM A. Desnos Dynamic, Metamorphic (and opensource) Virtual Machines

  21. Introduction Obfuscation Virtual Machines Android/Java appplications Conclusion Virtual Machines Dynamic functions Implicit by the format and opcodes But it is possible to find "static" patterns ⇒ We must generate more dynamic code for the VM A. Desnos Dynamic, Metamorphic (and opensource) Virtual Machines

  22. Introduction Obfuscation Virtual Machines Android/Java appplications Conclusion Virtual Machines Metamorphism Classical metamorphism transformation On our bytecodes On the original assembly code? Polymorphism ? It is impossible with classical VM ⇒ But we can provide such features with our bytecodes A. Desnos Dynamic, Metamorphic (and opensource) Virtual Machines

  23. Introduction Obfuscation Virtual Machines Android/Java appplications Conclusion Virtual Machines Metamorphism Classical metamorphism transformation On our bytecodes On the original assembly code? Polymorphism ? It is impossible with classical VM ⇒ But we can provide such features with our bytecodes A. Desnos Dynamic, Metamorphic (and opensource) Virtual Machines

  24. Introduction Obfuscation Virtual Machines Android/Java appplications Conclusion Virtual Machines Metamorphism Classical metamorphism transformation On our bytecodes On the original assembly code? Polymorphism ? It is impossible with classical VM ⇒ But we can provide such features with our bytecodes A. Desnos Dynamic, Metamorphic (and opensource) Virtual Machines

  25. Introduction Obfuscation Virtual Machines Android/Java appplications Conclusion Virtual Machines Metamorphism Classical metamorphism transformation On our bytecodes On the original assembly code? Polymorphism ? It is impossible with classical VM ⇒ But we can provide such features with our bytecodes A. Desnos Dynamic, Metamorphic (and opensource) Virtual Machines

  26. Introduction Obfuscation Virtual Machines Android/Java appplications Conclusion Current section Introduction 1 Obfuscation 2 Virtual Machines 3 Android/Java appplications 4 Conclusion 5 A. Desnos Dynamic, Metamorphic (and opensource) Virtual Machines

Download Presentation
Download Policy: The content available on the website is offered to you 'AS IS' for your personal information and use only. It cannot be commercialized, licensed, or distributed on other websites without prior consent from the author. To download a presentation, simply click this link. If you encounter any difficulties during the download process, it's possible that the publisher has removed the file from their server.

Recommend

Virtual Machines Uses for Virtual Machines There are several uses for virtual machines:

Virtual Machines Uses for Virtual Machines There are several uses for virtual machines:

Virtual Machines Uses for Virtual Machines There are several uses for virtual machines: Virtual machine technology, often just called virtualization , makes one computer behave as several Running several operating systems simultaneously on

254 views • 10 slides
Virtual machines COMP 520 Fall 2012 Virtual machines (2) Compilation and execution modes of

Virtual machines COMP 520 Fall 2012 Virtual machines (2) Compilation and execution modes of

COMP 520 Fall 2012 Virtual machines (1) Virtual machines COMP 520 Fall 2012 Virtual machines (2) Compilation and execution modes of Virtual machines: Abstract syntax trees AOT-compile Interpreter Virtual machine code

662 views • 40 slides
CloudNet : Dynamic Pooling of Cloud Resources by Live WAN Migration of Virtual Machines Timothy

CloudNet : Dynamic Pooling of Cloud Resources by Live WAN Migration of Virtual Machines Timothy

CloudNet : Dynamic Pooling of Cloud Resources by Live WAN Migration of Virtual Machines Timothy Wood , Prashant Shenoy University of Massachusetts Amherst K.K. Ramakrishnan, and Jacobus Van der Merwe AT&T Labs - Research VEE 2011

1.17k views • 24 slides
Virtual Machines Tom Goff & David Dufresne We have created virtual machines for both

Virtual Machines Tom Goff & David Dufresne We have created virtual machines for both

Motivation for using Virtual Machines Tom Goff & David Dufresne We have created virtual machines for both VirtualBox and Vmware Player. Both options are supported across several platforms, but experience says that some hardware plays

178 views • 5 slides
Virtual Machines Virtual Machines What is a virtual machine? Examples? Benefits?

Virtual Machines Virtual Machines What is a virtual machine? Examples? Benefits?

Virtual Machines Virtual Machines What is a virtual machine? Examples? Benefits? Virtualization Creation of an isomorphism that maps a virtual guest system to a real host: Maps guest state S to host state V(S) For any

271 views • 26 slides
Dynamic Virtual Clusters in a Grid Dynamic Virtual Clusters in a Grid Site Manager Site Manager

Dynamic Virtual Clusters in a Grid Dynamic Virtual Clusters in a Grid Site Manager Site Manager

Dynamic Virtual Clusters in a Grid Dynamic Virtual Clusters in a Grid Site Manager Site Manager Jeff Chase, David Irwin, Laura Grit, Justin Moore, Sara Sprenkle Department of Computer Science Duke University Dynamic Virtual Clusters Dynamic

590 views • 21 slides
Introduction to Virtual Machines Introduction Abstraction and interfaces Virtualization

Introduction to Virtual Machines Introduction Abstraction and interfaces Virtualization

Introduction to Virtual Machines Introduction Abstraction and interfaces Virtualization Computer system architecture Process virtual machines System virtual machines 1 EECS 768 Virtual Machines Abstraction Mechanism to

704 views • 31 slides
Virtual machines should be invisible (and might be augmented) Stephen Kell

Virtual machines should be invisible (and might be augmented) Stephen Kell

Virtual machines should be invisible (and might be augmented) Stephen Kell stephen.kell@cs.ox.ac.uk some joint work with Conrad Irwin (University of Cambridge) Virtual machines should be. . . p.1/37 Spot the virtual machine (1) Virtual

963 views • 40 slides
Virtual Machines Disclaimer: some slides are adopted from book authors slides with permission 1

Virtual Machines Disclaimer: some slides are adopted from book authors slides with permission 1

Virtual Machines Disclaimer: some slides are adopted from book authors slides with permission 1 Recap: Virtual Machines Enabling technology of cloud computing Basic idea: Provide machine abstractions 2 Recap: Virtual Machines

465 views • 23 slides
Virtual Machines Should Be Invisible Stephen Kell stephen.kell@cs.ox.ac.uk joint work with

Virtual Machines Should Be Invisible Stephen Kell stephen.kell@cs.ox.ac.uk joint work with

Virtual Machines Should Be Invisible Stephen Kell stephen.kell@cs.ox.ac.uk joint work with Conrad Irwin (University of Cambridge) Virtual machines should be. . . p.1/20 Spot the virtual machine (1) Virtual machines should be. . .

897 views • 20 slides
Affinity-aw are Dynam ic Pinning Scheduling for Virtual Machines Zhi Li lizhi@cse.buaa.edu.cn

Affinity-aw are Dynam ic Pinning Scheduling for Virtual Machines Zhi Li lizhi@cse.buaa.edu.cn

Affinity-aw are Dynam ic Pinning Scheduling for Virtual Machines Zhi Li lizhi@cse.buaa.edu.cn School of Computer Science, BeiHang University, Beijing, China Outline Motivation CPU Affinity-aware Method Dynamic Pinning Scheduling

291 views • 14 slides
System Virtual Machines Introduction Key concepts Resource virtualization

System Virtual Machines Introduction Key concepts Resource virtualization

System Virtual Machines Introduction Key concepts Resource virtualization processors memory I/O devices Performance issues Applications EECS 768 Virtual Machines 1 Introduction System virtual machine

621 views • 38 slides
1 2 The first set of slides will introduce the basics of virtualization and virtual machines.

1 2 The first set of slides will introduce the basics of virtualization and virtual machines.

So we will start the course with an introduction on virtual machines. 1 2 The first set of slides will introduce the basics of virtualization and virtual machines. Many of these concepts should be familiar to students from other classes,

487 views • 47 slides
Dawn Song dawnsong@cs.berkeley.edu 1 Virtual Machines VM: Execution environment that gives

Dawn Song dawnsong@cs.berkeley.edu 1 Virtual Machines VM: Execution environment that gives

Virtual Machines & Security Dawn Song dawnsong@cs.berkeley.edu 1 Virtual Machines VM: Execution environment that gives the illusion of a real machine VMM/Hypervisor: host software which provides this capability Pioneered by IBM

75 views • 5 slides
CHAPTER 3: Virtual Machines and Virtualization of Clusters and Data Centers Presented by Faramarz

CHAPTER 3: Virtual Machines and Virtualization of Clusters and Data Centers Presented by Faramarz

CHAPTER 3: Virtual Machines and Virtualization of Clusters and Data Centers Presented by Faramarz Safi (Ph.D.) Islamic Azad University, Najafabad Branch 1 SUMMARY The reincarnation of virtual machines (VMs) presents a great opportunity for

849 views • 81 slides
Introduction to Virtual Machines Michael Jantz Acknowledgements Slides adapted from Chapter 1

Introduction to Virtual Machines Michael Jantz Acknowledgements Slides adapted from Chapter 1

Introduction to Virtual Machines Michael Jantz Acknowledgements Slides adapted from Chapter 1 in Virtual Machines: Versatile Platforms for Systems and Processes by James E. Smith and Ravi Nair Credit to Prasad A. Kulkarni some slides

698 views • 33 slides
Whoops! Where did my architecture go? Approaches to architecture management for Java and Spring

Whoops! Where did my architecture go? Approaches to architecture management for Java and Spring

Whoops! Where did my architecture go? Approaches to architecture management for Java and Spring applications Oliver Gierke Oliver Gierke SpringSource Engineer Spring Data ogierke@vmware.com olivergierke www.olivergierke.de Background 5

1.05k views • 67 slides
Java Programming Manuel Oriol, March 22nd, 2007 Goal Teach Java to proficient programmers 2

Java Programming Manuel Oriol, March 22nd, 2007 Goal Teach Java to proficient programmers 2

Java Programming Manuel Oriol, March 22nd, 2007 Goal Teach Java to proficient programmers 2 Roadmap Java Basics Eclipse Java GUI Threads and synchronization Class loading and reflection Java Virtual

745 views • 46 slides
Libraries In C++ its possible to create static libraries and shared libraries Static

Libraries In C++ its possible to create static libraries and shared libraries Static

Libraries In C++ its possible to create static libraries and shared libraries Static libraries (end in .a) are combined/linked into an executable Executables are large. If library is updated in a binary compatible way, programs

297 views • 8 slides
2003 EARNINGS GROUP BOUYGUES Paris - 25 February 2004 This presentation contains statements that

2003 EARNINGS GROUP BOUYGUES Paris - 25 February 2004 This presentation contains statements that

2003 EARNINGS GROUP BOUYGUES Paris - 25 February 2004 This presentation contains statements that constitute forward-looking statements. These statements reflect objectives that are based on managements current expectations or estimates and

939 views • 81 slides
Lecture 15.3 Hadoop! Toolchain EN 600.320/420 Instructor: Randal Burns 4 April 2018 Department

Lecture 15.3 Hadoop! Toolchain EN 600.320/420 Instructor: Randal Burns 4 April 2018 Department

Lecture 15.3 Hadoop! Toolchain EN 600.320/420 Instructor: Randal Burns 4 April 2018 Department of Computer Science, Johns Hopkins University The Hadoop Tool Chain The command line tool chain Build files into directory Construct java

303 views • 7 slides
Projections A Performance Tool for Charm++ Applications Chee Wai Lee PPL, UIUC Projections

Projections A Performance Tool for Charm++ Applications Chee Wai Lee PPL, UIUC Projections

Projections A Performance Tool for Charm++ Applications Chee Wai Lee PPL, UIUC Projections Tutorial 1 Visit us at http://charm.cs.uiuc.edu Tutorial Outline General Introduction Instrumentation Trace Generation Performance

981 views • 40 slides
2 - Java 2 Micro Edition F. Ricci 2008/ 2009 Content Mobile applications Why Java on

2 - Java 2 Micro Edition F. Ricci 2008/ 2009 Content Mobile applications Why Java on

Mobile Services 2 - Java 2 Micro Edition F. Ricci 2008/ 2009 Content Mobile applications Why Java on mobile devices Three main Java environments Java 2 Micro Edition Configurations and profiles Optional packages

1.06k views • 67 slides
Compressed RDF: Practical Uses & Hands-on Antonio Faria, Javier D. Fernndez and Miguel

Compressed RDF: Practical Uses & Hands-on Antonio Faria, Javier D. Fernndez and Miguel

Compressed RDF: Practical Uses & Hands-on Antonio Faria, Javier D. Fernndez and Miguel A. Martinez-Prieto 3rd KEYSTONE Training School Keyword search in Big Linked Data 23 TH AUGUST 2017 General agenda Session I (09:00 - 10:30) "

935 views • 60 slides

More recommend