New ways to manage secret for software protection.

Presented at REcon 2013, June 23, 2013, 4:30 p.m. (60 minutes).

Every day, many malware or software are analyzed and reversed and the code of their routines is published on the web... When you spend hours creating a new malware and see parts its code leaking on the web site of an antivirus editor, it is just a nightmare. Reversing software has become nowadays a business like any other, mostly because of a lack of interesting challenge. Equipped with the suitable tools and after reading some good tutorials, any teenager hacker can discover all the hidden secrets in a program supposed "well protected". The number of crackme challenge where a solution is found within 24 hours constantly thrives... It's really too bad, because there are so many ways to definitely complicate the reverse engineering of software. This is precisely the aim of this talk to show how it is possible to make any analysis almost impossible. Studying deftly memory protection, using advanced mathematical principles, advanced cryptography primitives and going at a really low level in assembly language, we propose to raise the level and terribly complicate reversers’ life. Reinvented and operationally contextualized applications will be presented for the occasion. The goal is to make live some mathematical concepts in real software. While some works in the same kind have already been published about the use of encryption to protect executable, few have been really interested by managing securely the secret decryption key inside the binary code itself. The acquisition of the secret is made with new ways that benefits the authors of malicious code and seriously disadvantages the analysts. We are talking here about random secret management, error correction code, statistical analysis of the environment, probabilistic management, etc... Everything that we need to escape to the analysis of our codes. This talk should be pleasant for many software developers who want to keep their codes secret, malware developers and reversers that will found here a very interesting challenge. Note that all the codes presented can work both under Windows and UNIX under x86 and x64 architectures. The talk will be illustrated with several demonstrations.

Presenters:

  • DAVID Baptiste
    Baptiste David is an engineer student in Computer science, electronics and Robotics. His research interests are computer security, computer virology, programming and mathematics. His areas of expertise are mainly expressed on Windows and he likes kernel programming. He likes also good wine/food.

Links:

Similar Presentations: