Deobfuscation Improving Reverse Engineering of Obfuscated Code ∗ Srinivasan

In recent years, code obfuscation has attracted attention as a low cost approach to improving software security by making it difficult for attackers to understand the inner workings of proprietary software systems. This paper examines the extent to which current obfuscation techniques succeed in making programs harder to reverse engineer. Our results indicate that many obfuscations, designed to increase the difficulty of static analyses, are easily defeated using simple combinations of straightforward static and dynamic analyses. Our results have applications to both software engineering and software security. In the context of software engineering, we show how dynamic analyses can be used to enhance reverse engineering, even for code that has been designed to be difficult to reverse engineer. For software security, our results serve as an attack model for code obfuscators, and can help with the development of obfuscation techniques that are more resilient to straightforward reverse engineering.