reverse engineering
play

Reverse engineering Reverse engineer Did anyone analyze f1 - PowerPoint PPT Presentation

Jan 07, 2023 •377 likes •625 views

Asm2Vec : Boosting Static Representation Robustness for Binary Clone Search against Code Obfuscation and Compiler Optimization Steven H. H. Ding Benjamin C. M. Fung Philippe Charland Data Mining and Security Lab Mission Critical Cyber Security

  1. Asm2Vec : Boosting Static Representation Robustness for Binary Clone Search against Code Obfuscation and Compiler Optimization Steven H. H. Ding Benjamin C. M. Fung Philippe Charland Data Mining and Security Lab Mission Critical Cyber Security Section Data Mining and Security Lab School of Information Studies Defence R&D Canada – Valcartier School of Information Studies McGill University, Quebec, Canada McGill University Montreal, Canada Montreal, Canada

  2. Reverse engineering Reverse engineer Did anyone analyze f1 something similar A binary file f2 before? f3 Disassemble Is it a library function? Manual analysis LDR R3, [R11,#sct] LDR R2, [R3,#0xC] LDR R3, [R11,#applet_no] CMP R2, R3 BEQ loc_DFD0 LDR R3, [R11,#sct] LDR R3, [R3] STR R3, [R11,#sct] loc_DFC0 LDR R3, [R11,#sct] CMP R3, #0 BNE loc_DFA0 2

  3. With Kam1n0 Commented assembly function LDR R3, [R11,#sct] LDR R2, [R3,#0xC] Labeled library function LDR R3, [R11,#applet_no] CMP R2, R3 BEQ loc_DFD0 LDR R3, [R11,#sct] LDR R3, [R11,#sct] LDR R2, [R3,#0xC] LDR R3, [R3] LDR R3, [R11,#applet_no] STR R3, [R11,#sct] CMP R2, R3 loc_DFC0 BEQ loc_DFD0 LDR R3, [R11,#sct] LDR R3, [R11,#sct] CMP R3, #0 LDR R3, [R3] BNE loc_DFA0 STR R3, [R11,#sct] loc_DFC0 LDR R3, [R11,#sct] CMP R3, #0 BNE loc_DFA0 3

  4. Type I: Exact clone 0x1FE69C0+ PUSH ebp 0x1FE69C0+ PUSH ebp 0x1FE69C1+ MOV ebp, esp 0x1FE69C1+ MOV ebp, esp 0x1FE69C3+ MOV ecx, [ebp+arg_0] 0x1FE69C3+ MOV ecx, [ebp+arg_0] 0x1FE69C6+ PUSH ebx 0x1FE69C6+ PUSH ebx 0x1FE69C7+ MOV ebx, [ebp+arg_8] 0x1FE69C7+ MOV ebx, [ebp+arg_8] 0x1FE69CA+ PUSH esi 0x1FE69CA+ PUSH esi 0x1FE69CB+ MOV esi, ecx 0x1FE69CB+ MOV esi, ecx 0x1FE69CD+ AND ecx, 0FFFFh 0x1FE69CD+ AND ecx, 0FFFFh 0x1FE69D3+ SHR esi, 10h 0x1FE69D3+ SHR esi, 10h 0x1FE69D6+ CMP ebx, 1 0x1FE69D6+ CMP ebx, 1 0x1FE69D9+ +JNZ loc_1FE6A0C 0x1FE69D9+ +JNZ loc_1FE6A0C 4

  5. Type II: Syntactically equivalent 0x1FE05B0+ PUSH ebp 0x1FE69C0+ PUSH ebp 0x1FE05B1+ MOV ebp, esp 0x1FE69C1+ MOV ebp, esp 0x1FE05B3+ MOV ecx, [ebp+arg_0] 0x1FE69C3+ MOV eax, [ebp+msg_0] 0x1FE05B6+ PUSH ebx 0x1FE69C6+ PUSH edx 0x1FE05B7+ MOV ebx, [ebp+arg_8] 0x1FE69C7+ MOV edx, [ebp+msg_1] 0x1FE05BA+ PUSH esi 0x1FE69CA+ PUSH esi 0x1FE05BB+ MOV esi, ecx 0x1FE69CB+ MOV esi, eax 0x1FE05BD+ AND ecx, 0FFFFh 0x1FE69CD+ AND eax, 0FFFFh 0x1FE05B3+ SHR esi, 10h 0x1FE69D3+ SHR esi, 10h 0x1FE05B6+ CMP ebx, 1 0x1FE69D6+ CMP edx, 1 0x1FE05B9+ +JNZ loc_1FE05BC 0x1FE69D9+ +JNZ loc_1FE6A0C 5

  6. Type III: Minor modification 0x1FE05B0+ PUSH ebp 0x1FE69C0+ PUSH ebp 0x1FE05B1+ MOV ebp, esp 0x1FE69C1+ MOV ebp, esp + 0x1FE69C3+ MOV eax, [ebp+msg_0] + 0x1FE69C6+ PUSH edx 0x1FE05B7+ MOV ebx, [ebp+arg_8] 0x1FE69C7+ MOV edx, [ebp+msg_1] 0x1FE05BA+ PUSH esi 0x1FE69CA+ PUSH esi 0x1FE05BB+ MOV esi, ecx 0x1FE69CB+ MOV esi, eax 0x1FE05BD+ AND ecx, 0FFFFh 0x1FE69CD+ AND eax, 0FFFFh 0x1FE05B3+ MOV eax, ecx 0x1FE05B6+ SHR esi, 10h 0x1FE69D3+ SHR esi, 10h 0x1FE05B9+ CMP ebx, 1 0x1FE69D6+ CMP edx, 1 0x1FE05C1+ +JNZ loc_1FE05BC 0x1FE69D9+ +JNZ loc_1FE6A0C 6

  7. clone original 7

  8. Obfuscation and Optimization - Challenges 8

  9. Obfuscation and Optimization - Problems • P1: The relationships among assembly tokens • xmm0 (SSE) register vs. SSE operations such as movaps • fclose vs. fopen . • strcpy vs. memcpy . • P2: Token combination weights • Reverse engineers look for ‘interesting pattern’. (higher weight) • Regular, random, or repeated pattern is not interesting. (lower weight) • Sound so familiar in NLP! 9

  10. Learning English 1) The cat ____ on the mat. A: food B: sat C: sitting D: is speaking 10

  11. Paragraph Vector (p2vec): king – man + woman = queen bad - good = maniacal_killer * 11 * Example collected from Andreas Mueller@amuellerml

  12. Asm2Vec: 12

  13. T-SNE Visualization 13

  14. T-SNE Visualization 14

  15. Evaluation (Quantitative) 15

  16. Evaluation (Quantitative) 16

  17. Evaluation (Case Studies) Vulnerability retrieval 17

  18. Evaluation (Case Studies) 18

  19. Asm2Vec (IEEE S&P19) + Against obfuscation and optimization. + Even better than the most recent dynamic approach. + Static approach: efficient and scalable. - Binary differing (interpretability?) - Static approach: cannot recognize jump table, etc. - Assembly code come from the same processor family . 19

  20. The Kam1n0 2.x Binary Analysis Platform 20

  21. Subgraph clone 21

  22. Sym1n0 22

  23. Thank you. Questions?

Download Presentation
Download Policy: The content available on the website is offered to you 'AS IS' for your personal information and use only. It cannot be commercialized, licensed, or distributed on other websites without prior consent from the author. To download a presentation, simply click this link. If you encounter any difficulties during the download process, it's possible that the publisher has removed the file from their server.

Recommend

Reverse Engineering CS 166 Armen Boursalian 30 Apr 2018 Reverse Engineering Take a

Reverse Engineering CS 166 Armen Boursalian 30 Apr 2018 Reverse Engineering Take a

Reverse Engineering CS 166 Armen Boursalian 30 Apr 2018 Reverse Engineering Take a product, understand how it works Usually limited to certain aspects, not full systems Need to know a little bit about a lot of topics to gain

636 views • 11 slides
Reverse Engineering TCP/ IP Reverse Engineering TCP/ IP Steven Low EAS, Caltech Joint work

Reverse Engineering TCP/ IP Reverse Engineering TCP/ IP Steven Low EAS, Caltech Joint work

Reverse Engineering TCP/ IP Reverse Engineering TCP/ IP Steven Low EAS, Caltech Joint work with: Li J W Li, J. Wang, Pongsajapan, Tan, Tang, M. Wang P j T T M W Outline Background Layering as optimization decomposition L

932 views • 47 slides
Next-Generation Debuggers For Reverse Engineering For Reverse Engineering The ERESI team

Next-Generation Debuggers For Reverse Engineering For Reverse Engineering The ERESI team

Next-Generation Debuggers For Reverse Engineering For Reverse Engineering The ERESI team eresi@asgardlabs.org This presentation is about .. The Embedded ERESI debugger : e2dbg The Embedded ERESI tracer : etrace The ERESI reverse

849 views • 47 slides
CS 166: Information Security Reverse Engineering & Digital Rights Management Prof. Tom

CS 166: Information Security Reverse Engineering & Digital Rights Management Prof. Tom

CS 166: Information Security Reverse Engineering & Digital Rights Management Prof. Tom Austin San Jos State University SRE Software Reverse Engineering Also known as Reverse Code Engineering (RCE) Or simply reversing

1.04k views • 80 slides
Reverse Engineering MAC: A Non-Cooperative Game Model Jianwei Huang Information Engineering The

Reverse Engineering MAC: A Non-Cooperative Game Model Jianwei Huang Information Engineering The

Reverse Engineering MAC: A Non-Cooperative Game Model Jianwei Huang Information Engineering The Chinese University of Hong Kong Joint work with J.-W. Lee, A. Tang, M. Chiang and A. R. Canderbank J. Huang (CUHK) Reverse Engineering MAC Nov.

605 views • 38 slides
Reverse Engineering Closed, heterogeneous platforms and the defenders dilemma Looking back at

Reverse Engineering Closed, heterogeneous platforms and the defenders dilemma Looking back at

Reverse Engineering Closed, heterogeneous platforms and the defenders dilemma Looking back at the last 20 years of RE and looking ahead at the next few SSTIC 2018 -- Thomas Dullien (Halvar Flake) Progress in Reverse Engineering 2010

941 views • 64 slides
Cryptanalysis, Reverse-Engineering and Design of Symmetric Cryptographic Algorithms Lo Perrin

Cryptanalysis, Reverse-Engineering and Design of Symmetric Cryptographic Algorithms Lo Perrin

Cryptanalysis, Reverse-Engineering and Design of Symmetric Cryptographic Algorithms Lo Perrin SnT, University of Luxembourg April 25, 2017 PhD Defence Introduction On S-Box Reverse-Engineering On Lightweight Cryptography Conclusion

1.76k views • 137 slides
Reverse engineering basics @KirilsSolovjovs on twitter Mg.sc.comp. Kirils Solovjovs

Reverse engineering basics @KirilsSolovjovs on twitter Mg.sc.comp. Kirils Solovjovs

Reverse engineering basics @KirilsSolovjovs on twitter Mg.sc.comp. Kirils Solovjovs http://kirils.org for more Possible Security Reverse engineering? www.indiamart.com Contents Hardware architecture Processors and machine language

536 views • 25 slides
Understanding human speech recognition: Reverse-engineering the engineering solution using

Understanding human speech recognition: Reverse-engineering the engineering solution using

Cai Wingfield CSLB, Department of Psychology Workshop on Neurocomputation: From Brains to Machines University of Cambridge 25 November 2015 Understanding human speech recognition: Reverse-engineering the engineering solution using EMEG

196 views • 18 slides
Reverse Engineering CAPTCHAs Abram Hindle, Micheal W. Godfrey, Richard C. Holt Software

Reverse Engineering CAPTCHAs Abram Hindle, Micheal W. Godfrey, Richard C. Holt Software

Reverse Engineering CAPTCHAs WCRE 2008 Reverse Engineering CAPTCHAs Abram Hindle, Micheal W. Godfrey, Richard C. Holt Software Architecture Group David R. Cheriton School of Computer Science University of Waterloo Canada

726 views • 57 slides
Reverse engineering AT32UC3As JTAG Introduction Overview LSE Summer Week 2014 TAP

Reverse engineering AT32UC3As JTAG Introduction Overview LSE Summer Week 2014 TAP

Reverse engineering AT32UC3As JTAG Pierre Surply Reverse engineering AT32UC3As JTAG Introduction Overview LSE Summer Week 2014 TAP Controller Scan Chain Pierre Surply Boundary Scan UC3 JTAG EPITA 2016 Reverse engineering Jul

968 views • 72 slides
Reverse Engineering Dr. Vadim Zaytsev aka @grammarware UvA, MSc SE, 9 November 2015 Roadmap

Reverse Engineering Dr. Vadim Zaytsev aka @grammarware UvA, MSc SE, 9 November 2015 Roadmap

Reverse Engineering Dr. Vadim Zaytsev aka @grammarware UvA, MSc SE, 9 November 2015 Roadmap W44 Introduction V.Zaytsev W45 Metaprogramming J.Vinju W46 Reverse Engineering V.Zaytsev W47 Software Analytics M.Bruntink W48 Clone

751 views • 31 slides
Reverse Engineering DSP Code GameCube DSP Analyzing GCN DSP code Pierre Bourdon Conclusion

Reverse Engineering DSP Code GameCube DSP Analyzing GCN DSP code Pierre Bourdon Conclusion

Reverse Engineering DSP Code Pierre Bourdon Introduction DSP Reverse Engineering DSP Code GameCube DSP Analyzing GCN DSP code Pierre Bourdon Conclusion delroth@lse.epita.fr http://lse.epita.fr February 12, 2013 Context Reverse

856 views • 18 slides
Introduction .NET Reverse Engineering Eric DePree Introduction to .NET Programs written for

Introduction .NET Reverse Engineering Eric DePree Introduction to .NET Programs written for

Introduction .NET Reverse Engineering Eric DePree Introduction to .NET Programs written for .NET are easy to reverse engineer. This is not in any way a fault in the design of .NET; it is simply a reality of modern, intermediate-compiled

132 views • 10 slides
Explaining the Boom-Bust Cycle in the U.S. Housing Market: A Reverse-Engineering Approach

Explaining the Boom-Bust Cycle in the U.S. Housing Market: A Reverse-Engineering Approach

Overview Evidence Model Calibration Quantitative Results Reverse Engineered Shocks Conclusion Extras Explaining the Boom-Bust Cycle in the U.S. Housing Market: A Reverse-Engineering Approach Paolo Gelain Kevin J. Lansing Gisle J.

717 views • 50 slides
Reverse engineering using computational algebra Elena Dimitrova School of Mathematical and

Reverse engineering using computational algebra Elena Dimitrova School of Mathematical and

Reverse engineering using computational algebra Elena Dimitrova School of Mathematical and Statistical Sciences Clemson University http://edimit.people.clemson.edu/ Algebraic Biology E. Dimitrova (Clemson) Reverse engineering using

864 views • 57 slides
Scalable Detection of Semantic Clones Mark Gabel Lingxiao Jiang Zhendong Su Motivation

Scalable Detection of Semantic Clones Mark Gabel Lingxiao Jiang Zhendong Su Motivation

Scalable Detection of Semantic Clones Mark Gabel Lingxiao Jiang Zhendong Su Motivation Maintenance problem Refactoring Automated procedure extraction Aspect mining Program understanding Copy/paste bugs 2 Clone

421 views • 27 slides
Rcpp classes and vectors Romain Franois Consulting Datactive, ThinkR DataCamp Optimizing R

Rcpp classes and vectors Romain Franois Consulting Datactive, ThinkR DataCamp Optimizing R

DataCamp Optimizing R Code with Rcpp OPTIMIZING R CODE WITH RCPP Rcpp classes and vectors Romain Franois Consulting Datactive, ThinkR DataCamp Optimizing R Code with Rcpp Previously on this course Create C++ functions Write loops

572 views • 35 slides
Coarse Classification of Binary Minimal Clones Zarathustra Brady Minimal clones A clone C is

Coarse Classification of Binary Minimal Clones Zarathustra Brady Minimal clones A clone C is

Coarse Classification of Binary Minimal Clones Zarathustra Brady Minimal clones A clone C is minimal if f C nontrivial implies C = Clo( f ). Minimal clones A clone C is minimal if f C nontrivial implies C = Clo( f ). If Clo( f

1.52k views • 96 slides
Improving Imitation Learning with Reinforcement Learning Niklas Fiedler University of Hamburg

Improving Imitation Learning with Reinforcement Learning Niklas Fiedler University of Hamburg

MIN Faculty Department of Informatics Improving Imitation Learning with Reinforcement Learning Niklas Fiedler University of Hamburg Faculty of Mathematics, Informatics and Natural Sciences Department of Informatics Technical Aspects of

905 views • 33 slides
Refresh Your Knowledge. Imitation Learning and DRL Behavior cloning (select all) Involves using

Refresh Your Knowledge. Imitation Learning and DRL Behavior cloning (select all) Involves using

Lecture 8: Policy Gradient I 1 Emma Brunskill CS234 Reinforcement Learning. Winter 2020 Additional reading: Sutton and Barto 2018 Chp. 13 1 With many slides from or derived from David Silver and John Schulman and Pieter Abbeel Lecture 8: Policy

973 views • 58 slides
Table of Contents Behavioral Cloning 1 Inverse Reinforcement Learning 2 Apprenticeship

Table of Contents Behavioral Cloning 1 Inverse Reinforcement Learning 2 Apprenticeship

Lecture 7: Imitation Learning 2 Emma Brunskill CS234 Reinforcement Learning. Winter 2018 2 With slides from Katerina Fragkiadaki and Pieter Abbeel Lecture 7: Imitation Learning 3 Emma Brunskill (CS234 Reinforcement Learning. ) Winter 2018 1 /

1.27k views • 45 slides
G RADIENT D OMAIN I MAGE P ROCESSING CS 89.15/189.5, Fall 2015 Wojciech Jarosz

G RADIENT D OMAIN I MAGE P ROCESSING CS 89.15/189.5, Fall 2015 Wojciech Jarosz

G RADIENT D OMAIN I MAGE P ROCESSING CS 89.15/189.5, Fall 2015 Wojciech Jarosz wojciech.k.jarosz@dartmouth.edu Problems with direct copy/paste http://www.irisa.fr/vista/Papers/2003_siggraph_perez.pdf CS 89/189: Computational Photography,

680 views • 50 slides
Universal algebra for CSP Lecture 1 Ross Willard University of Waterloo Fields Institute Summer

Universal algebra for CSP Lecture 1 Ross Willard University of Waterloo Fields Institute Summer

Universal algebra for CSP Lecture 1 Ross Willard University of Waterloo Fields Institute Summer School June 2630, 2011 Toronto, Canada R. Willard (Waterloo) Universal algebra Fields Institute 2011 1 / 22 Outline Lecture 1 Basic

585 views • 22 slides

More recommend