CONFUSE: LLVM-based Code Obfuscation

نویسندگان

Chih-Fan Chen

Theofilos Petsios

Marios Pomonis

Adrian Tang

چکیده

In the past decade, code obfuscation techniques have become increasingly popular due to their wide applications on malware and the numerous violations of intellectual property caused by reverse engineering. In this work, we examine common techniques used for code obfuscation and provide an outline of the design principles of our tool Confuse. Confuse is an LLVM tool which modifies the standard compilation steps to produce an obfuscated binary from C source code.

برای دانلود رایگان متن کامل این مقاله و بیش از 32 میلیون مقاله دیگر ابتدا ثبت نام کنید

ثبت نام

اگر عضو سایت هستید لطفا وارد حساب کاربری خود شوید

منابع مشابه

LLVM-based overlapped executable code generator

Overlapped executable code is an attractive artifact of obfuscation technology not yet widely covered and researched. Overlapped code and opaque predicates technologies together allows creation of prominent software obfuscation technologies featuring both obscure executable code and code protected from patching due to hard-to-track relations with other code. The paper provides polynomial algori...

متن کامل

Generalized Dynamic Opaque Predicates: A New Control Flow Obfuscation Method

Opaque predicate obfuscation, a low-cost and stealthy control flow obfuscation method to introduce superfluous branches, has been demonstrated to be effective to impede reverse engineering efforts and broadly used in various areas of software security. Conventional opaque predicates typically rely on the invariant property of well-known number theoretic theorems, making them easy to be detected...

متن کامل

Thread-Based Obfuscation through Control-Flow Mangling

The increasing use of cloud computing and remote execution have made program security especially important. Code obfuscation has been proposed to make the understanding of programs more complicated to attackers. In this paper, we exploit multi-core processing to substantially increase the complexity of programs, making reverse engineering more complicated. We propose a novel method that automat...

متن کامل

A new approach to instruction-idioms detection in a retargetable decompiler

Retargetable executable-code decompilation is a one of the most complicated reverse-engineering tasks. Among others, it involves de-optimization of compiler-optimized code. One type of such an optimization is usage of so-called instruction idioms. These idioms are used to produce faster or even smaller executable files. On the other hand, decompilation of instruction idioms without any advanced...

متن کامل

Advanced Static Analysis for Decompilation Using Scattered Context Grammars

Reverse program compilation (i.e. decompilation) is a process heavily exploited in reverse engineering. The task of decompilation is to transform a platform-specific executable into a high-level language representation, which is usually the C language. Such a process can be used for source code reconstruction, compiler testing, malware analysis, etc. In present, there are several existing decom...

متن کامل

ذخیره در منابع من

ذخیره در منابع من قبلا به منابع من ذحیره شده

{@ msg_add @}

با ذخیره ی این منبع در منابع من، دسترسی به آن را برای استفاده های بعدی آسان تر کنید

عنوان ژورنال:

دوره شماره

صفحات -

تاریخ انتشار 2013

CONFUSE: LLVM-based Code Obfuscation

نویسندگان

چکیده

منابع مشابه

LLVM-based overlapped executable code generator

Generalized Dynamic Opaque Predicates: A New Control Flow Obfuscation Method

Thread-Based Obfuscation through Control-Flow Mangling

A new approach to instruction-idioms detection in a retargetable decompiler

Advanced Static Analysis for Decompilation Using Scattered Context Grammars

عنوان ژورنال:

اشتراک گذاری