meaningful variable names for decompiled code a machine
play

Meaningful Variable Names for Decompiled Code: A Machine - PowerPoint PPT Presentation

Aug 30, 2023 •175 likes •736 views

Meaningful Variable Names for Decompiled Code: A Machine Translation Approach Alan Jaffe, Jeremy Lacomis , Edward J. Schwartz*, Claire Le Goues, and Bogdan Vasilescu * Problem: Obfuscated Variable Names in Code Minified JavaScript: function

  1. Meaningful Variable Names for Decompiled Code: A Machine Translation Approach Alan Jaffe, Jeremy Lacomis , Edward J. Schwartz*, Claire Le Goues, and Bogdan Vasilescu *

  2. Problem: Obfuscated Variable Names in Code Minified JavaScript: function callback(error, response, body) { function callback(o, s, a) { if (!error && response.statusCode == 200) { if (!o && s.statusCode == 200) { var info = JSON.parse(body); var c = JSON.parse(a); … … 2

  3. Problem: Obfuscated Variable Names in Code Minified JavaScript: function callback(error, response, body) { function callback(o, s, a) { if (!error && response.statusCode == 200) { if (!o && s.statusCode == 200) { var info = JSON.parse(body); var c = JSON.parse(a); … … 3

  4. Problem: Obfuscated Variable Names in Code Minified JavaScript: function callback(error, response, body) { function callback(o, s, a) { if (!error && response.statusCode == 200) { if (!o && s.statusCode == 200) { var info = JSON.parse(body); var c = JSON.parse(a); … … Decompiled C Code: cp = buf; (void)asxTab(level + 1); for (n = asnContents(asn, buf, 512); n > 0; n--) { printf(" %02X ", *(cp++)); } v14 = &v15; asxTab(a2 + 1); for (v13 = asnContents(a1, &v15, 512LL); v13 > 0; --v13) { v9 = (unsignedchar*)(v14++); printf(" %02X ", *v9); } 4

  5. Problem: Obfuscated Variable Names in Code Minified JavaScript: function callback(error, response, body) { function callback(o, s, a) { if (!error && response.statusCode == 200) { if (!o && s.statusCode == 200) { var info = JSON.parse(body); var c = JSON.parse(a); … … Decompiled C Code: cp = buf; (void)asxTab(level + 1); for (n = asnContents(asn, buf, 512); n > 0; n--) { printf(" %02X ", *(cp++)); } v14 = &v15; asxTab(a2 + 1); for (v13 = asnContents(a1, &v15, 512LL); v13 > 0; --v13) { v9 = (unsignedchar*)(v14++); printf(" %02X ", *v9); } 5

  6. Problem: Obfuscated Variable Names in Code Minified JavaScript: function callback(error, response, body) { function callback(o, s, a) { if (!error && response.statusCode == 200) { if (!o && s.statusCode == 200) { var info = JSON.parse(body); var c = JSON.parse(a); … … Software is “natural” [Hindle et al., 2011]. • 6

  7. Problem: Obfuscated Variable Names in Code Minified JavaScript: function callback(error, response, body) { function callback(o, s, a) { if (!error && response.statusCode == 200) { if (!o && s.statusCode == 200) { var info = JSON.parse(body); var c = JSON.parse(a); … … Software is “natural” [Hindle et al., 2011]. • Use large corpora + machine learning to predict better identifier names. • Corpora are easy to generate! • 7

  8. Problem: Obfuscated Variable Names in Code Minified JavaScript: function callback(error, response, body) { function callback(o, s, a) { if (!error && response.statusCode == 200) { if (!o && s.statusCode == 200) { var info = JSON.parse(body); var c = JSON.parse(a); … … Software is “natural” [Hindle et al., 2011]. • Use large corpora + machine learning to predict better identifier names. • Corpora are easy to generate! • Bavishi et al., Context2Name, 2017 • Vasilescu et al., JSNaughty, 2017 • Raychev et al., JSNice, 2015 • 8

  9. Problem: Obfuscated Variable Names in Code Can we use similar strategies for decompiled code? Decompiled C Code: cp = buf; (void)asxTab(level + 1); for (n = asnContents(asn, buf, 512); n > 0; n--) { printf(" %02X ", *(cp++)); } v14 = &v15; asxTab(a2 + 1); for (v13 = asnContents(a1, &v15, 512LL); v13 > 0; --v13) { v9 = (unsignedchar*)(v14++); printf(" %02X ", *v9); } 9

  10. Statistical Machine Translation (SMT) • Noisy channel model 10

  11. Statistical Machine Translation (SMT) • Noisy channel model • English à French: 11

  12. Statistical Machine Translation (SMT) • Noisy channel model • English à French: Go do some research! Va faire de la recherche! 12

  13. Statistical Machine Translation (SMT) • Noisy channel model • English à French: Go do some research! Va faire de la recherche! !"#$!% & ( ) *) 13

  14. Statistical Machine Translation (SMT) • Noisy channel model • English à French: Go do some research! Va faire de la recherche! = "#$%"& ' ) * +) )(+) "#$%"& ' ) + *) )(*) = "#$%"& ' ) * +) )(+) 14

  15. Statistical Machine Translation (SMT) • Noisy channel model • English à French: Go do some research! Va faire de la recherche! = "#$%"& ' ) * +) )(+) "#$%"& ' ) + *) )(*) = "#$%"& ' ) * +) )(+) Translation Model: Probability that f is a translation of e 15

  16. Statistical Machine Translation (SMT) • Noisy channel model • English à French: Go do some research! Va faire de la recherche! = "#$%"& ' ) * +) )(+) "#$%"& ' ) + *) )(*) = "#$%"& ' ) * +) )(+) Language Model: “Fluency” of e 16

  17. Statistical Machine Translation (SMT) • Noisy channel model • English à French: Go do some research! Va faire de la recherche! = "#$%"& ' ) * +) )(+) "#$%"& ' ) + *) )(*) = "#$%"& ' ) * +) )(+) ) * +) : Translation Model MOSES SMT: )(+) : Language Model 17

  18. SMT Model for Natural Language Aligned French/English corpus English corpus 18

  19. SMT Model for Minified JavaScript Aligned original/minified source corpus Original source corpus 19

  20. Problem: Obfuscated Identifiers in Code Can we use SMT for decompiled code? Decompiled C Code: cp = buf; (void)asxTab(level + 1); for (n = asnContents(asn, buf, 512); n > 0; n--) { printf(" %02X ", *(cp++)); } v14 = &v15; asxTab(a2 + 1); for (v13 = asnContents(a1, &v15, 512LL); v13 > 0; --v13) { v9 = (unsignedchar*)(v14++); printf(" %02X ", *v9); } 21

  21. SMT Model for Decompiled Code? Aligned original/decompiled source corpus Original source corpus 22

  22. SMT Model for Decompiled Code? Nontrivial Aligned original/decompiled source corpus Original source corpus 23

  23. Difficulty: Decompilation Changes Structure Original Source Decompiled Code #include <stdio.h> #include <stdio.h> int main() { int main() { int cur = 0; int v1 = 0; while (cur <= 9) { int v2; printf("%d \n ", cur); for (v2 = 0; v2 < 10; ++v2) ++cur; printf("%d \n ", v2); } return v1; return 0; } } 24

  24. Difficulty: Decompilation Changes Structure 9 Lines Original Source 8 Lines Decompiled Code #include <stdio.h> #include <stdio.h> int main() { int main() { int cur = 0; int v1 = 0; while (cur <= 9) { int v2; printf("%d \n ", cur); for (v2 = 0; v2 < 10; ++v2) ++cur; printf("%d \n ", v2); } return v1; return 0; } } • Different line count. 25

  25. Difficulty: Decompilation Changes Structure Original Source Decompiled Code #include <stdio.h> #include <stdio.h> int main() { int main() { int cur = 0; int v1 = 0; while (cur <= 9) { int v2; printf("%d \n ", cur); for (v2 = 0; v2 < 10; ++v2) ++cur; printf("%d \n ", v2); } return v1; return 0; } } • Different line count. • Different numbers of variables. 26

  26. Difficulty: Decompilation Changes Structure Original Source Decompiled Code #include <stdio.h> #include <stdio.h> int main() { int main() { int cur = 0; int v1 = 0; while (cur <= 9) { int v2; printf("%d \n ", cur); for (v2 = 0; v2 < 10; ++v2) ++cur; printf("%d \n ", v2); } return v1; return 0; } } • Different line count. • Different numbers of variables. • Different types of loops. 27

  27. Decompiled Code Corpus Generation Decompiled Code #include <stdio.h> int main() { int v1 = 0; int v2; for (v2 = 0; v2 < 10; ++v2) printf("%d \n ", v2); return v1; } 28

  28. Decompiled Code Corpus Generation Decompiled Code #include <stdio.h> int main() { int v1 = 0; int v2; ❌ for (v2 = 0; v2 < 10; ++v2) printf("%d \n ", v2); return v1; } #include <stdio.h> int main() { int cur = 0; while (cur <= 9) { printf("%d \n ", cur); ++cur; } return 0; } Original Code 29

  29. Decompiled Code Corpus Generation Decompiled Code #include <stdio.h> int main() { int v1 = 0; int v2; ❌ for (v2 = 0; v2 < 10; ++v2) printf("%d \n ", v2); return v1; } #include <stdio.h> #include <stdio.h> int main() { int main() { int cur = 0; int v1 = 0; while (cur <= 9) { int v2; printf("%d \n ", cur); for (v2 = 0; v2 < 10; ++v2) ++cur; printf("%d \n ", v2); } return v1; return 0; } } Original Code 30

  30. Decompiled Code Corpus Generation Decompiled Code #include <stdio.h> int main() { int v1 = 0; int v2; ❌ for (v2 = 0; v2 < 10; ++v2) printf("%d \n ", v2); return v1; } #include <stdio.h> #include <stdio.h> int main() { int main() { int cur = 0; int v1 = 0; while (cur <= 9) { int v2; printf("%d \n ", cur); for (v2 = 0; v2 < 10; ++v2) ++cur; printf("%d \n ", v2); } return v1; return 0; } } Original Code 31

Download Presentation
Download Policy: The content available on the website is offered to you 'AS IS' for your personal information and use only. It cannot be commercialized, licensed, or distributed on other websites without prior consent from the author. To download a presentation, simply click this link. If you encounter any difficulties during the download process, it's possible that the publisher has removed the file from their server.

Recommend

CS 240 Programming in C Variable Names, Elementary Types, Bit Operations September 25, 2019

CS 240 Programming in C Variable Names, Elementary Types, Bit Operations September 25, 2019

CS 240 Programming in C Variable Names, Elementary Types, Bit Operations September 25, 2019 Haoyu Wang UMass Boston CS 240 September 25, 2019 1 / 28 Variable Names Made up of letters and digits Underscore (_) counts as a letter This is

758 views • 28 slides
Code Generation Machine code generation cs4713 1 Machine code generation machine Intermediate

Code Generation Machine code generation cs4713 1 Machine code generation machine Intermediate

Code Generation Machine code generation cs4713 1 Machine code generation machine Intermediate Code optimizer Code generator Code generator Input: intermediate code + symbol tables In our case, three-address code All variables

717 views • 38 slides
Welcome! Org. Names Org. Names Org. Names Org. Names Technical Set-up Denver Art

Welcome! Org. Names Org. Names Org. Names Org. Names Technical Set-up Denver Art

Digital Tools to Support Contact Tracing (DT4CT) Meeting Welcome! Org. Names Org. Names Org. Names Org. Names Technical Set-up Denver Art Davidson APHL Scott Becker HHS Sharon Sartin CDC Mark Stenger Interactive polling Iowa

581 views • 39 slides
Instruction Selection and Scheduling Machine code generation cs5363 1 Machine code generation

Instruction Selection and Scheduling Machine code generation cs5363 1 Machine code generation

Instruction Selection and Scheduling Machine code generation cs5363 1 Machine code generation machine Intermediate Code optimizer Code generator Code generator Input: intermediate code + symbol tables All variables have values that

579 views • 15 slides
Today, Lecture 3: Writing a program systematic problem solving Branching

Today, Lecture 3: Writing a program systematic problem solving Branching

Previous Lecture (and lab): Variables &amp; assignment Built-in functions, input &amp; output Good programming style (meaningful variable names; use comments) Today, Lecture 3: Writing a program systematic problem

507 views • 33 slides
Exercise 1 Descriptive statistics INPUT Variable: Names are mahcig01 MeHGsx1 DePicSTS

Exercise 1 Descriptive statistics INPUT Variable: Names are mahcig01 MeHGsx1 DePicSTS

1 Exercise 1 Descriptive statistics INPUT Variable: Names are mahcig01 MeHGsx1 DePicSTS ZDePicSAS DeNamVTS ZDeNamVAS mdhgsx1 sw4emo sw4con sw4hyp sw4peer sw4pros sw5emo sw5con sw5hyp sw5peer sw5pros male pregsmok missingd; USEVAR are sw4emo

753 views • 44 slides
Presentation Last Names A-E Ms. Kennair Last Names F-L Ms. Fornera Last Names M-R Ms. Tippins

Presentation Last Names A-E Ms. Kennair Last Names F-L Ms. Fornera Last Names M-R Ms. Tippins

Senior Fall 2017 Guidance Presentation Last Names A-E Ms. Kennair Last Names F-L Ms. Fornera Last Names M-R Ms. Tippins Last Names S-Z Ms. Heidenreich Graduation Requirements FL SUS College Admissions Minimum General Diploma

193 views • 16 slides
Trustworthy decompilation: Extracting models of machine code inside an ITP Magnus O. Myreen

Trustworthy decompilation: Extracting models of machine code inside an ITP Magnus O. Myreen

Trustworthy decompilation: Extracting models of machine code inside an ITP Magnus O. Myreen University of Cambridge TEITP 2010 The GCD program in ARM machine code: E1510002 B0422001 C0411002 01AFFFFFB Problems with machine code Formal

660 views • 46 slides
Code Generation Chapter 9 1 Compiler Construction Code Generation Issues in Code Generation

Code Generation Chapter 9 1 Compiler Construction Code Generation Issues in Code Generation

Code Generation Chapter 9 1 Compiler Construction Code Generation Issues in Code Generation Target language Relocatable machine code Commercial compilers produce this Absolute machine code OS code must start at a particular memory

503 views • 19 slides
machine and also for the operator. Instruction are executed in time order. NC code must have a

machine and also for the operator. Instruction are executed in time order. NC code must have a

Machining on CNC machines is controled by a NC code. NC code is a list of instructions for the machine and also for the operator. Instruction are executed in time order. NC code must have a specific format so that the control system of machine

653 views • 32 slides
Pyt ython basic ics Comments ; Variable names int, float, str type

Pyt ython basic ics Comments ; Variable names int, float, str type

Pyt ython basic ics Comments ; Variable names int, float, str type conversion assignment (=) print(), help(), type() Pyt ython comments A # indicates the beginning of a comment. From # until of end

504 views • 18 slides
Welcome! Org. Names Org. Names Org. Names Org. Names TFGH Dave Ross GHC3 Robert Aaron

Welcome! Org. Names Org. Names Org. Names Org. Names TFGH Dave Ross GHC3 Robert Aaron

Design Team Meeting Welcome! Org. Names Org. Names Org. Names Org. Names TFGH Dave Ross GHC3 Robert Aaron APHL Scott Becker CDC Anita Patel TFGH Patrick OCarroll HHS James Daniel CDC Jason Bonander CDCF Judy Monroe TFGH

436 views • 15 slides
Improving Machine Outliner for ThinLTO (Global Machine Outliner + Frame Code Outliner) Facebook

Improving Machine Outliner for ThinLTO (Global Machine Outliner + Frame Code Outliner) Facebook

Improving Machine Outliner for ThinLTO (Global Machine Outliner + Frame Code Outliner) Facebook Kyungwoo Lee, Nikolai Tillmann 1 The Machine Outliner Today Machine outliner in LLVM significantly reduces code size Works quite well with

698 views • 32 slides
Mokken Scale Analysis Alternative names: Unidimensional Latent Variable Model (e.g., Holland &amp;

Mokken Scale Analysis Alternative names: Unidimensional Latent Variable Model (e.g., Holland &amp;

Monotone Homogeneity Model (MHM) Notation: X 1 , ..., X j , ..., X J : item scores; : latent trait MHM (Mokken, 1971) : General IRT model for P( X j = x |) Mokken Scale Analysis Alternative names: Unidimensional Latent Variable Model

485 views • 4 slides
Code Shape More on Three-address Code Generation cs5363 1 Machine Code Translation A

Code Shape More on Three-address Code Generation cs5363 1 Machine Code Translation A

Code Shape More on Three-address Code Generation cs5363 1 Machine Code Translation A single language construct can have many implementations many-to-many mappings from high-level source language to low-level target machine language

560 views • 16 slides
Translation Models Machine-dependent Generate Machine Code Directly Through

Translation Models Machine-dependent Generate Machine Code Directly Through

Translation Models Machine-dependent Generate Machine Code Directly Through Intermediate Code Machine-independent Interpret the source code Generate intermediate code and then interpret the intermediate code Single

263 views • 5 slides
INOC-DBA Inter NOC Dial by ASN INOC-DBA INOC-DBA ( I nter- N etwork O perations C enter D ial

INOC-DBA Inter NOC Dial by ASN INOC-DBA INOC-DBA ( I nter- N etwork O perations C enter D ial

INOC-DBA Inter NOC Dial by ASN INOC-DBA INOC-DBA ( I nter- N etwork O perations C enter D ial B y A SN) is a hotline phone system created and operated by Packet Clearing House in 2002. Inter NOC Dial by ASN INOC-DBA The INOC-DBA provides

831 views • 32 slides
Grandma has a problem An email or web banner offered her a free demo of the game Bejeweled 3D

Grandma has a problem An email or web banner offered her a free demo of the game Bejeweled 3D

Internet Special Ops Stalking Badness Through Data Mining Paul Vixie Andrew Fried Dr. Chris Lee Grandma has a problem An email or web banner offered her a free demo of the game Bejeweled 3D She clicked yes to download a

937 views • 72 slides
Internet Resource Cer)fica)on and Origin Valida)on An approach

Internet Resource Cer)fica)on and Origin Valida)on An approach

Internet Resource Cer)fica)on and Origin Valida)on An approach to more secure rou/ng on the Internet Carlos Mar)nez Cagnazzo carlos @ lacnic.net

261 views • 25 slides
Measuring IPv6 with adver3sements for fun and profit George

Measuring IPv6 with adver3sements for fun and profit George

Measuring IPv6 with adver3sements for fun and profit George Michaelson, APNIC how to measure the Internet What do we mean when we say

596 views • 59 slides
On Inferring and Characterizing On Inferring and Characterizing Internet Routing Policies

On Inferring and Characterizing On Inferring and Characterizing Internet Routing Policies

On Inferring and Characterizing On Inferring and Characterizing Internet Routing Policies Internet Routing Policies Feng Wang Lixin Gao Department of Electrical and Computer Engineering University of Massachusetts, Amherst MA 01002, USA 1

450 views • 18 slides
Its Not the Cost, Its the Quality! Ion Stoica Conviva Networks and UC Berkeley 1 A Brief

Its Not the Cost, Its the Quality! Ion Stoica Conviva Networks and UC Berkeley 1 A Brief

Its Not the Cost, Its the Quality! Ion Stoica Conviva Networks and UC Berkeley 1 A Brief History Fall, 2006: Started Conviva with Hui Zhang (CMU) Initial goal: use p2p technologies to reduce distribution costs and improve the

1.37k views • 45 slides
COMP364: Biopython part II Jrme Waldisphl, McGill University

COMP364: Biopython part II Jrme Waldisphl, McGill University

COMP364: Biopython part II Jrme Waldisphl, McGill University Protein Data Bank (PDB) hHp://www.rcsb.org Why Structures? Facts about the PDB What

318 views • 17 slides
NFC-enabled Attack on Cyber Physical Systems: A Practical Case Study Fan Dang 1 , Pengfei Zhou 1,

NFC-enabled Attack on Cyber Physical Systems: A Practical Case Study Fan Dang 1 , Pengfei Zhou 1,

1 NFC-enabled Attack on Cyber Physical Systems: A Practical Case Study Fan Dang 1 , Pengfei Zhou 1, 2 , Zhenhua Li 1 , Yunhao Liu 1 1 School of Software, Tsinghua University, China 2 Beijing Feifanshi Technology Co., Ltd., China 2 Outline

1.01k views • 21 slides

More recommend