Software (De)-Obfuscation

What do games developer, financial institutions and malware authors have in common? They want to make their software more difficult to analyze; they want it to be more resilient to reverse engineering.

Code obfuscation describes a set of techniques which aim to impede reverse engineering. Contrary, code deobfuscation techniques transform the obfuscated code into a simpler representation which is easier to understand.

In this training, we will get to know state-of-the-art code obfuscation techniques and have a look at how these complicate reverse engineering. Afterwards, we will gradually become familiar with different deobfuscation techniques and use them to break the obfuscation schemes in hands-on sessions. Thereby, participants will deepen their knowledge in program analysis and learn when and how (not) to use different techniques.

Trainer und Dozenten

Tim Blazytko is a reverse engineer and final-year PhD student at the Ruhr-Universität Bochum. His research focus is on novel methods for program analysis in the context of binary application security. Alongside his research, Tim gives trainings and performs security audits as a freelancer.

Voraussetzungen

Inhalt

Code (De)obfuscation

  • motivation
  • application scenarios
  • program analysis techniques

Code Obfuscation Techniques

  • opaque predicates
  • control-flow flattening
  • mixed Boolean-Arithmetic
  • virtual machines

Code Deobfuscation Techniques

  • compiler optimizations
  • reconstructing control flow
  • taint analysis
  • symbolic execution

Compiler Optimizations

  • dead code elimination
  • constant propagation/folding
  • static single assignment (SSA)
  • applications to deobfuscation

Symbolic Execution

  • intermediate languages for reverse engineering
  • symbolic and semantic simplification of obfuscated code
  • automation in reverse engineering
  • deobfuscating VM-based obfuscation schemes
  • breaking opaque predicates