obfuscation & reverse engineering - auckland...understand code obfuscation know reverse...

Slide title

In CAPITALS

50 pt

Slide subtitle

32 pt

Muhammad Rizwan Asghar

September 1, 2020

OBFUSCATION &

REVERSE ENGINEERING

Lecture 16b

COMPSCI 316

Cyber Security

Top right

corner for

field

customer or

partner logotypes.

See Best practice

for example.

Slide title

40 pt

Slide subtitle

24 pt

Text

24 pt

5

20 pt

2

FOCUS OF THIS LECTURE

Understand code obfuscation

Know reverse engineering

Top right

corner for

field

customer or

partner logotypes.

See Best practice

for example.

Slide title

40 pt

Slide subtitle

24 pt

Text

24 pt

5

20 pt

3

CODE OBFUSCATION

Code obfuscation aims at hardening the process of

reverse engineering

A promising technique to protect sensitive information

in application code

– E.g., password match or licence check

Code obfuscation can be broadly classified into four

main categories [Balachandran TIFS13]

– Layout obfuscation

– Design obfuscation

– Data obfuscation

– Control obfuscation

Top right

corner for

field

customer or

partner logotypes.

See Best practice

for example.

Slide title

40 pt

Slide subtitle

24 pt

Text

24 pt

5

20 pt

4

LAYOUT OBFUSCATION

Layout obfuscation refers to obscuring the

layout of the program

Examples– Deleting comments

– Removing debugging information

– Renaming variables

– Changing formatting of source code

– …

Top right

corner for

field

customer or

partner logotypes.

See Best practice

for example.

Slide title

40 pt

Slide subtitle

24 pt

Text

24 pt

5

20 pt

5

DESIGN OBFUSCATION

Design obfuscation refers to obscuring the

design of the software system

Examples– Splitting classes

– Merging classes

– …

Top right

corner for

field

customer or

partner logotypes.

See Best practice

for example.

Slide title

40 pt

Slide subtitle

24 pt

Text

24 pt

5

20 pt

6

DATA OBFUSCATION

Data obfuscation aims at preventing the

adversary from extracting information from the

data used in the program

Examples– Data to procedure conversion

Encoding (or encryption)

E.g., input == “1234” vs H(input) == “78CD…”

– Variable splitting

– Changing lifetime of variables

– …

Top right

corner for

field

customer or

partner logotypes.

See Best practice

for example.

Slide title

40 pt

Slide subtitle

24 pt

Text

24 pt

5

20 pt

7

CONTROL OBFUSCATION

Control obfuscation obscures the control flow

information of the program

Examples– Opaque predicates

E.g., “if (1 > 0)”

– Control flow flattening

It breaks the structure of Control Flow Graphs

(CFGs)

– …

Top right

corner for

field

customer or

partner logotypes.

See Best practice

for example.

Slide title

40 pt

Slide subtitle

24 pt

Text

24 pt

5

20 pt

8

REVERSE ENGINEERING

Reverse engineering techniques aim at

analysing the code

A reverse engineer can understand the code

by using reverse engineering tools

https://www.virusbulletin.com/virusbulletin/2012/05/mobile-banking-vulnerability-android-repackaging-threat

Top right

corner for

field

customer or

partner logotypes.

See Best practice

for example.

Slide title

40 pt

Slide subtitle

24 pt

Text

24 pt

5

20 pt

9

SAMPLE QUESTION

Which one of the following is not protected by

Code Obfuscation?

a) Password matching

b) Licence check

c) Business logic

d) Output of a program

https://pxhere.com/en/photo/1586349

Top right

corner for

field

customer or

partner logotypes.

See Best practice

for example.

Slide title

40 pt

Slide subtitle

24 pt

Text

24 pt

5

20 pt

10

SAMPLE QUESTION: ANSWER

Which one of the following is not protected by

Code Obfuscation?

a) Password matching

b) Licence check

c) Business logic

d) Output of a program

Answer) d

https://pxhere.com/en/photo/1586349

Top right

corner for

field

customer or

partner logotypes.

See Best practice

for example.

Slide title

40 pt

Slide subtitle

24 pt

Text

24 pt

5

20 pt

11

SUMMARY

Code obfuscation is used in practice

Software developers use obfuscation

– To protect intellectual property

– To make app repackaging difficult

Malware developers also use obfuscation to

hide malicious code

There is an arms race between code

obfuscation and reverse engineering

http://www.freeiconspng.com/img/1417

Top right

corner for

field

customer or

partner logotypes.

See Best practice

for example.

Slide title

40 pt

Slide subtitle

24 pt

Text

24 pt

5

20 pt

12

RESOURCES

[Balachandran TIFS13] Balachandran, Vivek, and Sabu

Emmanuel, Potent and Stealthy Control Flow Obfuscation by

Stack Based Self-modifying Code, IEEE Transactions on

Information Forensics and Security (TIFS) 8, no. 4 (2013): 669-681

[Download link]

Asghar, Muhammad Rizwan, and Andrew Luxton-Reilly, Teaching

Cyber Security Using Competitive Software Obfuscation and

Reverse Engineering Activities, In Proceedings of the 49th ACM

Technical Symposium on Computer Science Education, pp. 179-

184. ACM, 2018 [Download link]

Obfuscation and reverse engineering tools:

https://mobilesecuritywiki.com

https://www.researchgate.net/publication/260332677_Potent_and_Stealthy_Control_Flow_Obfuscation_by_Stack_Based_Self-Modifying_Code

https://dl-acm-org.ezproxy.auckland.ac.nz/citation.cfm?id=3159489

https://mobilesecuritywiki.com/

Top right

corner for

field

customer or

partner logotypes.

See Best practice

for example.

Slide title

40 pt

Slide subtitle

24 pt

Text

24 pt

5

20 pt

13

Questions?

Thanks for your attention!

obfuscation & reverse engineering - auckland...understand code obfuscation know reverse...

Documents