obfuscation know your enemy
play

Obfuscation: know your enemy Ninon EYROLLES neyrolles@quarkslab.com - PowerPoint PPT Presentation

Jul 27, 2023 •453 likes •1.23k views

Obfuscation: know your enemy Ninon EYROLLES neyrolles@quarkslab.com Serge GUELTON sguelton@quarkslab.com Introduction Control flow obfuscation Data flow obfuscation Python obfuscation Prelude Introduction Control flow obfuscation Data

  1. Obfuscation: know your enemy Ninon EYROLLES neyrolles@quarkslab.com Serge GUELTON sguelton@quarkslab.com

  2. Introduction Control flow obfuscation Data flow obfuscation Python obfuscation Prelude

  3. Introduction Control flow obfuscation Data flow obfuscation Python obfuscation Prelude ⇒

  4. Introduction Control flow obfuscation Data flow obfuscation Python obfuscation Plan Introduction 1 What is obfuscation ? Control flow obfuscation 2 Data flow obfuscation 3 Python obfuscation 4

  5. Introduction Control flow obfuscation Data flow obfuscation Python obfuscation What is obfuscation ? Code obfuscation Definition Obfuscation is used to make code analysis as complex and expensive as possible, while keeping the original behaviour of the program (input/output equivalence). Malwares (try to avoid signature detection) Protection of sensitive algorithm (DRM, intellectual property...) Theoretically: transformation of symetric-key encryption in asymetric-key encryption, homomorphic encryption algorithm...

  6. Introduction Control flow obfuscation Data flow obfuscation Python obfuscation What is obfuscation ? Don’t shoot the messenger Why this talk ? → Obfuscation exists and is widely used. → You might be interested in breaking it (to rewrite some code as free software for example). ⇒ If you want to break it, you need to know how it works!

  7. Introduction Control flow obfuscation Data flow obfuscation Python obfuscation What is obfuscation ? Several obfuscation types Control flow obfuscation Data-flow obfuscation Symbols rewriting: variable names, function names... Code encryption, packing...

  8. Introduction Control flow obfuscation Data flow obfuscation Python obfuscation What is obfuscation ? Several obfuscation types Control flow obfuscation Data-flow obfuscation Symbols rewriting: variable names, function names... Code encryption, packing...

  9. Introduction Control flow obfuscation Data flow obfuscation Python obfuscation Plan Introduction 1 Control flow obfuscation 2 Definitions Control-flow obfuscation Control flow flattening Data flow obfuscation 3 Python obfuscation 4

  10. Introduction Control flow obfuscation Data flow obfuscation Python obfuscation Definitions Control flow Illustrates the execution flow of a program: the different paths that are possible during the execution Cycles ( for, while... ), conditions ( if ), calls to other functions... It’s represented with a Control Flow Graph (CFG): it’s formed of basic blocks and links between them

  11. Introduction Control flow obfuscation Data flow obfuscation Python obfuscation Definitions Control flow x = 10 y = 0 while( x ≥ 0) true false y = y + 2 return y x = x − 1 Figure : CFG of pseudo-code Figure : CFG of assembly code

  12. Introduction Control flow obfuscation Data flow obfuscation Python obfuscation Control-flow obfuscation Various techniques The goal is to transform the structure of the CFG:

  13. Introduction Control flow obfuscation Data flow obfuscation Python obfuscation Control-flow obfuscation Various techniques The goal is to transform the structure of the CFG: loop unrolling;

  14. Introduction Control flow obfuscation Data flow obfuscation Python obfuscation Control-flow obfuscation Various techniques The goal is to transform the structure of the CFG: loop unrolling; → search for patterns

  15. Introduction Control flow obfuscation Data flow obfuscation Python obfuscation Control-flow obfuscation Various techniques The goal is to transform the structure of the CFG: loop unrolling; → search for patterns inlining of function;

  16. Introduction Control flow obfuscation Data flow obfuscation Python obfuscation Control-flow obfuscation Various techniques The goal is to transform the structure of the CFG: loop unrolling; → search for patterns inlining of function; → comparison of code

  17. Introduction Control flow obfuscation Data flow obfuscation Python obfuscation Control-flow obfuscation Various techniques The goal is to transform the structure of the CFG: loop unrolling; → search for patterns inlining of function; → comparison of code junk code insertion;

  18. Introduction Control flow obfuscation Data flow obfuscation Python obfuscation Control-flow obfuscation Various techniques The goal is to transform the structure of the CFG: loop unrolling; → search for patterns inlining of function; → comparison of code junk code insertion; → liveness analysis

  19. Introduction Control flow obfuscation Data flow obfuscation Python obfuscation Control-flow obfuscation Various techniques The goal is to transform the structure of the CFG: loop unrolling; → search for patterns inlining of function; → comparison of code junk code insertion; → liveness analysis opaque predicates;

  20. Introduction Control flow obfuscation Data flow obfuscation Python obfuscation Control-flow obfuscation Various techniques The goal is to transform the structure of the CFG: loop unrolling; → search for patterns inlining of function; → comparison of code junk code insertion; → liveness analysis opaque predicates; → SMT solver

  21. Introduction Control flow obfuscation Data flow obfuscation Python obfuscation Control-flow obfuscation Various techniques The goal is to transform the structure of the CFG: loop unrolling; → search for patterns inlining of function; → comparison of code junk code insertion; → liveness analysis opaque predicates; → SMT solver control flow flattening.

  22. Introduction Control flow obfuscation Data flow obfuscation Python obfuscation Control flow flattening Definition Control flow flattening Transforms the structure of the program to make CFG reconstruction difficult Encodes the control flow information and hide the result in the data flow

  23. Introduction Control flow obfuscation Data flow obfuscation Python obfuscation Control flow flattening Principle INIT val = 1 Implementation Basic blocks are numbered DISPATCHER A dispatcher handles the switch(val) execution A variable contains the value of block 1 block 2 block 3 the next block to be executed some code some code some code val = 2 val = 3 return At the end of every block, this variable is updated, and the execution flow goes back to the dispatcher which then jumps to the next block Figure : Principle of control flow flattening

  24. Introduction Control flow obfuscation Data flow obfuscation Python obfuscation Control flow flattening Example Figure : CFG after the control flow flattening Figure : original CFG

  25. Introduction Control flow obfuscation Data flow obfuscation Python obfuscation Control flow flattening Weakness What is the weakness of the control INIT flow flattening ? val = 1 DISPATCHER switch(val) block 1 block 2 block 3 some code some code some code val = 2 val = 3 return

  26. Introduction Control flow obfuscation Data flow obfuscation Python obfuscation Control flow flattening Weakness What is the weakness of the control INIT flow flattening ? val = 1 ⇒ variable containing the execution flow DISPATCHER switch(val) block 1 block 2 block 3 some code some code some code val = 2 val = 3 return

  27. Introduction Control flow obfuscation Data flow obfuscation Python obfuscation Control flow flattening Weakness What is the weakness of the control INIT flow flattening ? val = 1 ⇒ variable containing the execution flow DISPATCHER switch(val) Obfuscation techniques: multiple (context) variables block 1 block 2 block 3 opaque predicates some code some code some code val = 2 val = 3 return hash

  28. Introduction Control flow obfuscation Data flow obfuscation Python obfuscation Control flow flattening Weakness What is the weakness of the control INIT flow flattening ? val = 1 ⇒ variable containing the execution flow DISPATCHER switch(val) Obfuscation techniques: multiple (context) variables block 1 block 2 block 3 opaque predicates some code some code some code val = 2 val = 3 return hash ⇒ dynamic analysis (tracing) can also be used

  29. Introduction Control flow obfuscation Data flow obfuscation Python obfuscation Plan Introduction 1 Control flow obfuscation 2 Data flow obfuscation 3 Definition A few techniques Python obfuscation 4

  30. Introduction Control flow obfuscation Data flow obfuscation Python obfuscation Definition Data Flow analysis Several ways to do it Information provided by the program’s data: strings, numbers, structures... Relations between the data or between the input and output (of a program, a function, a basic block) Interactions between the program and the data: reading, writing, location in memory... Formal notions: live variable, data flow equations, backward and forward analysis...

  31. Introduction Control flow obfuscation Data flow obfuscation Python obfuscation A few techniques Examples To make data analysis more complex:

  32. Introduction Control flow obfuscation Data flow obfuscation Python obfuscation A few techniques Examples To make data analysis more complex: encode constants (strings for example);

  33. Introduction Control flow obfuscation Data flow obfuscation Python obfuscation A few techniques Examples To make data analysis more complex: encode constants (strings for example); → look for decoding routine

Download Presentation
Download Policy: The content available on the website is offered to you 'AS IS' for your personal information and use only. It cannot be commercialized, licensed, or distributed on other websites without prior consent from the author. To download a presentation, simply click this link. If you encounter any difficulties during the download process, it's possible that the publisher has removed the file from their server.

Recommend

Obfuscation Lecture 26 Different Flavours VBB Obfuscation Note: Considers only corrupt

Obfuscation Lecture 26 Different Flavours VBB Obfuscation Note: Considers only corrupt

Obfuscation Lecture 26 Different Flavours VBB Obfuscation Note: Considers only corrupt receiver x 1 Virtual f O(f) F B f(x 1) Black-Box x 2 (VBB) f(x 2) Obfuscation : A Secure (and f Family f Family b b single

466 views • 18 slides
) UNION SELECT `This_Talk` AS ('New Optimization and Obfuscation Optimization and Obfuscation

) UNION SELECT `This_Talk` AS ('New Optimization and Obfuscation Optimization and Obfuscation

) UNION SELECT `This_Talk` AS ('New Optimization and Obfuscation Optimization and Obfuscation Techniques)%00 Techniques)%00 Roberto Salgado Co-founder of Websec Provide information security solutions Pen-testing, training

1.11k views • 93 slides
HOST Circuit Obfuscation I ECE 525 Hardware Obfuscation (Drawn from "Hardware Protection

HOST Circuit Obfuscation I ECE 525 Hardware Obfuscation (Drawn from "Hardware Protection

HOST Circuit Obfuscation I ECE 525 Hardware Obfuscation (Drawn from "Hardware Protection thr Obfuscation) Circuit modification techniques designed to conceal or lock the functionality and/or circuit structure The modifications are designed

157 views • 11 slides
Lattice-Based SNARGs and Their Application to More Efficient Obfuscation Dan Boneh, Yuval Ishai,

Lattice-Based SNARGs and Their Application to More Efficient Obfuscation Dan Boneh, Yuval Ishai,

Lattice-Based SNARGs and Their Application to More Efficient Obfuscation Dan Boneh, Yuval Ishai, Amit Sahai, and David J. Wu Program Obfuscation [BGIRSVY01, GGHRSW13] Indistinguishability obfuscation ( ) has emerged as a central hub

648 views • 36 slides
ENEMY PROPERTY 1 (Amendment and Validation) ACT, 2017 2 ENEMY PROPERTY (Amendment and

ENEMY PROPERTY 1 (Amendment and Validation) ACT, 2017 2 ENEMY PROPERTY (Amendment and

ENEMY PROPERTY 1 (Amendment and Validation) ACT, 2017 2 ENEMY PROPERTY (Amendment and Validation) ACT, 2017 3 18 th December, 2017 Rajnath reviews pensioners, enemy property issues Union Home Minister Rajnath Singh reviewed the issues

419 views • 24 slides
OBFUSCURO : : A Commodity Obfuscation Engine for Intel SGX Adil Ahmad *, Byunggill Joe*, Yuan

OBFUSCURO : : A Commodity Obfuscation Engine for Intel SGX Adil Ahmad *, Byunggill Joe*, Yuan

OBFUSCURO : : A Commodity Obfuscation Engine for Intel SGX Adil Ahmad *, Byunggill Joe*, Yuan Xiao Yinqian Zhang, Insik Shin, Byoungyoung Lee (* denotes equal contribution) Program Obfuscation Program Obfuscation Trusted Untrusted (except

1.34k views • 116 slides
Obfuscation from LWE? proofs, attacks, candidates Hoeteck Wee CNRS & ENS . . . . . .

Obfuscation from LWE? proofs, attacks, candidates Hoeteck Wee CNRS & ENS . . . . . .

Obfuscation from LWE? proofs, attacks, candidates Hoeteck Wee CNRS & ENS . . . . . . . . C x C x C x C C c obfuscation [ BGIRSVY01, H00, GR07, GGHRSW13 ] . . . . . . . . C x C x C x C C c obfuscation [

1.03k views • 92 slides
Authorship Obfuscation Using Heuristic Search Masters Thesis Defence by Janek Bevendorff on 20

Authorship Obfuscation Using Heuristic Search Masters Thesis Defence by Janek Bevendorff on 20

Authorship Obfuscation Using Heuristic Search Masters Thesis Defence by Janek Bevendorff on 20 June 2018 Supervisors: Prof. Dr. Benno Stein, PD Dr. Andreas Jakoby Unmasking for short texts Obfuscation against unmasking Obfuscation

1.38k views • 95 slides
Engineering Code Obfuscation ISSISP 2017 - Obfuscation I Christian Collberg Department of

Engineering Code Obfuscation ISSISP 2017 - Obfuscation I Christian Collberg Department of

Engineering Code Obfuscation ISSISP 2017 - Obfuscation I Christian Collberg Department of Computer Science University of Arizona http://collberg.cs.arizona.edu collberg@gmail.com Supported by NSF grants 1525820 and 1318955 and by the

924 views • 69 slides
Characterizing the Strength of Software Obfuscation Against Automated Attacks Sebastian Banescu,

Characterizing the Strength of Software Obfuscation Against Automated Attacks Sebastian Banescu,

Fakultt fr Informatik T echnische Universitt Mnchen Dagstuhl Seminar 17281 Characterizing the Strength of Software Obfuscation Against Automated Attacks Sebastian Banescu, BMW Group Outline 1 Introduction 2 Obfuscation in Theory 3

815 views • 69 slides
Big corporations: Friend, enemy or partner of the vegan movement? Renato Pichler,

Big corporations: Friend, enemy or partner of the vegan movement? Renato Pichler,

The economy: Our enemy? Big corporations: Friend, enemy or partner of the vegan movement? Renato Pichler, Swissveg-President Kurt Schmidinger, Founder Future Food Talk on Nov. 2017 for CARE in Vienna 1 Who we are Renato Pichler

541 views • 15 slides
http://cs224w.stanford.edu Start with the intuition [Heider 46]: Friend of my friend is my

http://cs224w.stanford.edu Start with the intuition [Heider 46]: Friend of my friend is my

CS224W: Analysis of Networks Jure Leskovec, Stanford University http://cs224w.stanford.edu Start with the intuition [Heider 46]: Friend of my friend is my friend Enemy of enemy is my friend Enemy of friend is my enemy Look at

972 views • 64 slides
On The Complexity of Compressing Obfuscation Gilad Asharov, Naomi Ephraim, Ilan Komargodski, and

On The Complexity of Compressing Obfuscation Gilad Asharov, Naomi Ephraim, Ilan Komargodski, and

On The Complexity of Compressing Obfuscation Gilad Asharov, Naomi Ephraim, Ilan Komargodski, and Rafael Pass Cornell University and Cornell Tech CRYPTO 2018 Indistinguishability Obfuscation (iO) An obfuscator is a compiler which preserves

1.01k views • 86 slides
INDISTINGUISHABILITY OBFUSCATION Mark Zhandry Stanford University * Joint work with Dan Boneh

INDISTINGUISHABILITY OBFUSCATION Mark Zhandry Stanford University * Joint work with Dan Boneh

INDISTINGUISHABILITY OBFUSCATION Mark Zhandry Stanford University * Joint work with Dan Boneh Program Obfuscation Intuition: Mangle a program Same functionality as original Hides all implementation details Potential uses: IP

295 views • 28 slides
HOP: Hardware makes Obfuscation Practical Kartik Nayak With Chris Fletcher, Ling Ren, Nishanth

HOP: Hardware makes Obfuscation Practical Kartik Nayak With Chris Fletcher, Ling Ren, Nishanth

HOP: Hardware makes Obfuscation Practical Kartik Nayak With Chris Fletcher, Ling Ren, Nishanth Chandran, Satya Lokam, Elaine Shi and Vipul Goyal 1 Compression 1 KB 1 MB Used by everyone, perhaps license it - VBB Obfuscation No one should

942 views • 34 slides
Obfuscation and Diversity: Probabilistic System Security Kyle Croman CS6410: Advanced Systems

Obfuscation and Diversity: Probabilistic System Security Kyle Croman CS6410: Advanced Systems

Obfuscation and Diversity: Probabilistic System Security Kyle Croman CS6410: Advanced Systems Definitions Obfuscation: T o be evasive, unclear, or confusing* In context, this means making a system difficult to understand and

665 views • 38 slides
Grants 101 Becky Kinkead, PhD Director of Grants Development, OPE Associate Professor,

Grants 101 Becky Kinkead, PhD Director of Grants Development, OPE Associate Professor,

Grants 101 Becky Kinkead, PhD Director of Grants Development, OPE Associate Professor, Department of Psychiatry and Behavioral Sciences bkinkea@emory.edu OPE GRANTS Education, Resources, Support Presented 13Jan2020 Special thank you to Janet

1.64k views • 96 slides
A Reference-Set Approach to Information Extraction from Unstructured, Ungrammatical Data Sources

A Reference-Set Approach to Information Extraction from Unstructured, Ungrammatical Data Sources

A Reference-Set Approach to Information Extraction from Unstructured, Ungrammatical Data Sources Matthew Michelson Ph.D. Defense Nov. 3 rd , 2008 Introduction Unsupervised IE Building Reference Sets Supervised IE Conclusion

758 views • 56 slides
Some Examples using Gallery Tom Junk DUNE Computing Tutorial November 14, 2017 Marc's Gallery

Some Examples using Gallery Tom Junk DUNE Computing Tutorial November 14, 2017 Marc's Gallery

Some Examples using Gallery Tom Junk DUNE Computing Tutorial November 14, 2017 Marc's Gallery Tutorial from August I started from the examples there: https://indico.fnal.gov/event/14943/other-view?view=standard His example code is

434 views • 16 slides
Coordinating Policy Instruments that influence Soil, Water and Biodiversity in Scotland ESCom

Coordinating Policy Instruments that influence Soil, Water and Biodiversity in Scotland ESCom

Coordinating Policy Instruments that influence Soil, Water and Biodiversity in Scotland ESCom Seminar Series 23 rd May 2017 Kirsty Blackstock, Paula Novo, Kerry Waylen, Alba Juarez Bourke, Anja Byg, Jessica Maxwell Purpose of the Workshop

244 views • 12 slides
I Surrender All All to Jesus I surrender; all to

I Surrender All All to Jesus I surrender; all to

First Love The Corinthian Letters Give ALL of Yourself to God 2 Corinthians 8:1-9:15 Lamplighters Womens Bible Study March 19, 2014 I Surrender All All

380 views • 25 slides
Extremes and dependence in the context of Solvency II for insurance companies Arthur Charpentier

Extremes and dependence in the context of Solvency II for insurance companies Arthur Charpentier

Arthur CHARPENTIER - Extremes and correlation in risk management Extremes and dependence in the context of Solvency II for insurance companies Arthur Charpentier e de Rennes 1 & Universit Ecole Polytechnique http

996 views • 99 slides
Handsome proof nets for MLL+Mix with forbidden transitions Nguyn L Thnh Dng cole

Handsome proof nets for MLL+Mix with forbidden transitions Nguyn L Thnh Dng cole

. . . . . . . . . . . . . . Handsome proof nets for MLL+Mix with forbidden transitions Nguyn L Thnh Dng cole normale suprieure de Paris nltd@nguyentito.eu Trends in Linear Logic and Applications September 3, 2017

459 views • 33 slides
CSCI 5582 Artificial Intelligence Lecture 24 Jim Martin CSCI 5582 Fall 2006 Today 12/5

CSCI 5582 Artificial Intelligence Lecture 24 Jim Martin CSCI 5582 Fall 2006 Today 12/5

CSCI 5582 Artificial Intelligence Lecture 24 Jim Martin CSCI 5582 Fall 2006 Today 12/5 Machine Translation Background Why MT is hard Basic Statistical MT Models Training Decoding CSCI 5582 Fall 2006 1

830 views • 28 slides

More recommend