Breaking state-of-the-art binary code obfuscation

Presented at REcon Brussels 2018, Feb. 2, 2018, 1 p.m. (60 minutes)

In modern businesses, code obfuscation has become a vital tool to protect, for example, intellectual property against competitors. In general, it attempts to impede program understanding by making the to-be-protected program more complex. In our talk, we will give an overview of contemporary (binary) code obfuscation techniques, including Mixed Boolean-Arithmetic and Virtual Machines. We further note a common theme in state-of-the-art deobfuscation techniques: They mostly use a mixed approach of symbolic execution and taint analysis; two techniques that require precise analysis of the underlying code. Also, these techniques require a non-trivial amount of domain knowledge. This limits the applicability of these techniques and hints at the necessity of finding alternative approaches to tackle the problem of code obfuscation. Consequently, we introduce program synthesis as a promising technique that is orthogonal to traditional deobfuscation techniques. As program synthesis can synthesize code of arbitrary code complexity, it is only limited by the complexity of the underlying code’s semantic and thus overcomes some of the limitations traditional approaches suffer from. We show how program synthesis-based techniques can be applied to modern, commercial protection systems such as Themida and VMProtect. Further, we discuss the role of program synthesis in the landscape of modern deobfuscation techniques.


Presenters:

Links:

Similar Presentations: