Upload
others
View
9
Download
0
Embed Size (px)
Citation preview
Slide title
In CAPITALS
50 pt
Slide subtitle
32 pt
Muhammad Rizwan Asghar
September 1, 2020
OBFUSCATION &
REVERSE ENGINEERING
Lecture 16b
COMPSCI 316
Cyber Security
Top right
corner for
field
customer or
partner logotypes.
See Best practice
for example.
Slide title
40 pt
Slide subtitle
24 pt
Text
24 pt
5
20 pt
2
FOCUS OF THIS LECTURE
Understand code obfuscation
Know reverse engineering
Top right
corner for
field
customer or
partner logotypes.
See Best practice
for example.
Slide title
40 pt
Slide subtitle
24 pt
Text
24 pt
5
20 pt
3
CODE OBFUSCATION
Code obfuscation aims at hardening the process of
reverse engineering
A promising technique to protect sensitive information
in application code
– E.g., password match or licence check
Code obfuscation can be broadly classified into four
main categories [Balachandran TIFS13]
– Layout obfuscation
– Design obfuscation
– Data obfuscation
– Control obfuscation
Top right
corner for
field
customer or
partner logotypes.
See Best practice
for example.
Slide title
40 pt
Slide subtitle
24 pt
Text
24 pt
5
20 pt
4
LAYOUT OBFUSCATION
Layout obfuscation refers to obscuring the
layout of the program
Examples– Deleting comments
– Removing debugging information
– Renaming variables
– Changing formatting of source code
– …
Top right
corner for
field
customer or
partner logotypes.
See Best practice
for example.
Slide title
40 pt
Slide subtitle
24 pt
Text
24 pt
5
20 pt
5
DESIGN OBFUSCATION
Design obfuscation refers to obscuring the
design of the software system
Examples– Splitting classes
– Merging classes
– …
Top right
corner for
field
customer or
partner logotypes.
See Best practice
for example.
Slide title
40 pt
Slide subtitle
24 pt
Text
24 pt
5
20 pt
6
DATA OBFUSCATION
Data obfuscation aims at preventing the
adversary from extracting information from the
data used in the program
Examples– Data to procedure conversion
Encoding (or encryption)
E.g., input == “1234” vs H(input) == “78CD…”
– Variable splitting
– Changing lifetime of variables
– …
Top right
corner for
field
customer or
partner logotypes.
See Best practice
for example.
Slide title
40 pt
Slide subtitle
24 pt
Text
24 pt
5
20 pt
7
CONTROL OBFUSCATION
Control obfuscation obscures the control flow
information of the program
Examples– Opaque predicates
E.g., “if (1 > 0)”
– Control flow flattening
It breaks the structure of Control Flow Graphs
(CFGs)
– …
Top right
corner for
field
customer or
partner logotypes.
See Best practice
for example.
Slide title
40 pt
Slide subtitle
24 pt
Text
24 pt
5
20 pt
8
REVERSE ENGINEERING
Reverse engineering techniques aim at
analysing the code
A reverse engineer can understand the code
by using reverse engineering tools
Top right
corner for
field
customer or
partner logotypes.
See Best practice
for example.
Slide title
40 pt
Slide subtitle
24 pt
Text
24 pt
5
20 pt
9
SAMPLE QUESTION
Which one of the following is not protected by
Code Obfuscation?
a) Password matching
b) Licence check
c) Business logic
d) Output of a program
Top right
corner for
field
customer or
partner logotypes.
See Best practice
for example.
Slide title
40 pt
Slide subtitle
24 pt
Text
24 pt
5
20 pt
10
SAMPLE QUESTION: ANSWER
Which one of the following is not protected by
Code Obfuscation?
a) Password matching
b) Licence check
c) Business logic
d) Output of a program
Answer) d
Top right
corner for
field
customer or
partner logotypes.
See Best practice
for example.
Slide title
40 pt
Slide subtitle
24 pt
Text
24 pt
5
20 pt
11
SUMMARY
Code obfuscation is used in practice
Software developers use obfuscation
– To protect intellectual property
– To make app repackaging difficult
Malware developers also use obfuscation to
hide malicious code
There is an arms race between code
obfuscation and reverse engineering
Top right
corner for
field
customer or
partner logotypes.
See Best practice
for example.
Slide title
40 pt
Slide subtitle
24 pt
Text
24 pt
5
20 pt
12
RESOURCES
[Balachandran TIFS13] Balachandran, Vivek, and Sabu
Emmanuel, Potent and Stealthy Control Flow Obfuscation by
Stack Based Self-modifying Code, IEEE Transactions on
Information Forensics and Security (TIFS) 8, no. 4 (2013): 669-681
[Download link]
Asghar, Muhammad Rizwan, and Andrew Luxton-Reilly, Teaching
Cyber Security Using Competitive Software Obfuscation and
Reverse Engineering Activities, In Proceedings of the 49th ACM
Technical Symposium on Computer Science Education, pp. 179-
184. ACM, 2018 [Download link]
Obfuscation and reverse engineering tools:
https://mobilesecuritywiki.com
Top right
corner for
field
customer or
partner logotypes.
See Best practice
for example.
Slide title
40 pt
Slide subtitle
24 pt
Text
24 pt
5
20 pt
13
Questions?
Thanks for your attention!