Lets break modern binary code obfuscation A semantics based approach

Tim Blazytko and Moritz Contag

60 min

60 min 2017-12-27

2017-12-27 2017-12-28

2017-12-28 2342

2342 Fahrplan

Playlists: '34c3' videos starting here

Do you want to learn how modern binary code obfuscation and deobfuscation works? Did you ever encounter road-blocks where well-known deobfuscation techniques do not work? Do you want to see a novel deobfuscation method that learns the code's behavior without analyzing the code itself? Then come to our talk and we give you a step-by-step guide.

This talk might be interesting for you if you love reverse engineering or binary security analysis. We present you modern code obfuscation techniques, such as opaque predicates, arithmetic encoding and virtualization-based obfuscation. Further, we explain state-of-the-art methods in (automated) deobfuscation [1] as well as how to break these [2]. Finally, we introduce a novel approach [3] that learns the code's semantics and demonstrate how this can be used to deobfuscate real-world obfuscated code.

[1] https://www.ieee-security.org/TC/SP2015/papers-archived/6949a674.pdf

[2] https://mediatum.ub.tum.de/doc/1343173/1343173.pdf

[3] https://www.usenix.org/system/files/conference/usenixsecurity17/sec17-blazytko.pdf

Download

Related

Embed Share:







Tags