Semi-automatic binary protection tampering
Tóm tắt
Both on malicious binaries and commercial software like video games, the complexity of software protections, which aim at slowing reverse-engineering, is constantly growing. Analyzing those protections and eventually circumventing them, require more and more elaborated tools. Through two examples, we illustrate some particularly interesting protection families and try to show their limits and how to remove them to recover a binary which is close to the original code. Each of our approaches is based on the use of the binary manipulation framework Metasm.
Từ khóa
Tài liệu tham khảo
Allamigeon X., Hymans C.: Static analysis by abstract interpretation: application to the detection of heap overflows. J. Comput. Virol. 4(1), 5–24 (2007)
Collberg, C., Thomborson, C., Low, D.: A taxonomy of obfuscating transformations, Technical Report 148, Department of Computer Science, University of Auckland, July 1997. http://www.cs.auckland.ac.nz/~collberg/Research/Publications/CollbergThomborsonLow97a; http://citeseer.nj.nec.com/collberg97taxonomy.html (1997)
Collberg, C., Thomborson, C., Low, D.: Manufacturing cheap, resilient, and stealthy opaque constructs. In: Principles of Programming Languages 1998, POPL’98, pp. 184–196. http://citeseer.ist.psu.edu/collberg98manufacturing.html (1998)
Guillot, Y.: Metasm. In: Proceedings of the 5ème Symposium sur la Sécurité Technologies de l’Information et des Communicatins (SSTIC’07). http://actes.sstic.org (2007)
Guillot, Y.: Metasm, a ruby (dis)assembler. In: Proceedins of the Hack.Lu 2007 Conference. http://www.hack.lu/archive/2007 (2007)
Metasm Website. http://metasm.cr0.org/
Ruby Programming Language Website. http://ruby-lang.org/
yEd Graph Editor Homepage. http://www.yworks.com/en/products_yed_about.html