Software Protection via Obfuscation Ciprian Lucaci InfoSec Meetup #1 1
About me Software Protection via Obfuscation - Ciprian LUCACI 2
About me 2008-2012 # Bachelor Computer Science @ Politehnica Univerity Timișoara Software Protection via Obfuscation - Ciprian LUCACI 2
About me 2008-2012 # Bachelor Computer Science @ Politehnica Univerity Timișoara 2012-2013 # Software Engineer @ Lasting Software Master Informatics @ Politehnica University, Timișoara Software Protection via Obfuscation - Ciprian LUCACI 2
About me 2008-2012 # Bachelor Computer Science @ Politehnica Univerity Timișoara 2012-2013 # Software Engineer @ Lasting Software Master Informatics @ Politehnica University, Timișoara 2013-2015 # Master Informatics @ Technische Universität München 2014 Research Assistant @ Software Engineering chair Software Protection via Obfuscation - Ciprian LUCACI 2
About me 2008-2012 # Bachelor Computer Science @ Politehnica Univerity Timișoara 2012-2013 # Software Engineer @ Lasting Software Master Informatics @ Politehnica University, Timișoara 2013-2015 # Master Informatics @ Technische Universität München 2014 Research Assistant @ Software Engineering chair 2015-today # Software Engineer @ Atigeo Software Protection via Obfuscation - Ciprian LUCACI 2
Outline Software Protection via Obfuscation - Ciprian LUCACI 3
Outline Context Software Protection Software Protection via Obfuscation - Ciprian LUCACI 3
Outline Context Software Protection Obfuscation Techniques and Tools Software Protection via Obfuscation - Ciprian LUCACI 3
Outline Context Software Protection Obfuscation Techniques and Tools Virtualization Obfuscation VOT4CS Tool Design Software Protection via Obfuscation - Ciprian LUCACI 3
Outline Context Software Protection Obfuscation Techniques and Tools Virtualization Obfuscation VOT4CS Tool Design Evaluation Selection Criteria Software Protection via Obfuscation - Ciprian LUCACI 3
Outline Context Software Protection Obfuscation Techniques and Tools Virtualization Obfuscation VOT4CS Tool Design Evaluation Selection Criteria Conclusion To Obfuscate Or Not To Obfuscate Software Protection via Obfuscation - Ciprian LUCACI 3
Context: Software protection Software Protection via Obfuscation - Ciprian LUCACI 4
Context: Software protection Threat Models [Ancakert2006] 1. Malicious Code Software security 2. Malicious Host Software protection Software Protection via Obfuscation - Ciprian LUCACI 4
Context: Software protection Threat Models [Ancakert2006] 1. Malicious Code Software security 2. Malicious Host Software protection Attack Scenario Man-At-The-End (MATE) Software Protection via Obfuscation - Ciprian LUCACI 4
Context: Software protection Threat Models [Ancakert2006] 1. Malicious Code Software security 2. Malicious Host Software protection Attack Scenario Man-At-The-End (MATE) Case Study Industry partner: Jungheinrich,.NET C# Master thesis @ Technische Universität München Software Protection via Obfuscation - Ciprian LUCACI 4
Context: Software protection Means [Collberg1998] Software Protection via Obfuscation - Ciprian LUCACI 5
Context: Software protection Means [Collberg1998] 1. Legal Software Protection via Obfuscation - Ciprian LUCACI 5
Context: Software protection Means [Collberg1998] 1. Legal 2. Remote Services Software Protection via Obfuscation - Ciprian LUCACI 5
Context: Software protection Means [Collberg1998] 1. Legal 2. Remote Services 3. Encryption Software Protection via Obfuscation - Ciprian LUCACI 5
Context: Software protection Means [Collberg1998] 1. Legal 2. Remote Services 3. Encryption 4. Machine / Native code Software Protection via Obfuscation - Ciprian LUCACI 5
Context: Software protection Means [Collberg1998] 1. Legal 2. Remote Services 3. Encryption 4. Machine / Native code 5. Obfuscation Software Protection via Obfuscation - Ciprian LUCACI 5
Context: Software protection Means [Collberg1998] 1. Legal 2. Remote Services 3. Encryption 4. Machine / Native code 5. Obfuscation There is NO perfect security! Software Protection via Obfuscation - Ciprian LUCACI 5
Context: Software protection Means [Collberg1998] 1. Legal 2. Remote Services 3. Encryption 4. Machine / Native code 5. Obfuscation There is NO perfect security! Obfuscation First layer of defense against intelligent tampering Prevent understanding and reuse of intellectual property Software Protection via Obfuscation - Ciprian LUCACI 5
Context: Protection via Obfuscation Techniques [Collberg1997] Software Protection via Obfuscation - Ciprian LUCACI 6
Context: Protection via Obfuscation Techniques [Collberg1997] Lexical transformations Renaming Software Protection via Obfuscation - Ciprian LUCACI 6
Context: Protection via Obfuscation Techniques [Collberg1997] Lexical transformations Renaming Data transformations String encoding Software Protection via Obfuscation - Ciprian LUCACI 6
Context: Protection via Obfuscation Techniques [Collberg1997] Lexical transformations Renaming Data transformations String encoding Preventive transformations Code encryption Software Protection via Obfuscation - Ciprian LUCACI 6
Context: Protection via Obfuscation Techniques [Collberg1997] Lexical transformations Renaming Data transformations String encoding Preventive transformations Code encryption Control flow transformations Control flow flattening Software Protection via Obfuscation - Ciprian LUCACI 6
Context: Protection via Obfuscation Techniques [Collberg1997] Lexical transformations Renaming Data transformations String encoding Preventive transformations Code encryption Control flow transformations Control flow flattening Equivalence observable behavior Software Protection via Obfuscation - Ciprian LUCACI 6
State of the Art Obfuscation tools C# obfuscators Price Code Virtualization 1. Agile.NET $795 Yes 2. Crypto Obfuscator $149 $4469 Yes 3. Eazfuscator.NET $399 Yes 4. ConfuserEx Free (opensource) No 5. Dotfuscator ~ $1600 No Software Protection via Obfuscation - Ciprian LUCACI 7
State of the Art Obfuscation tools C# obfuscators Price Code Virtualization 1. Agile.NET $795 Yes 2. Crypto Obfuscator $149 $4469 Yes 3. Eazfuscator.NET $399 Yes 4. ConfuserEx Free (opensource) No 5. Dotfuscator ~ $1600 No C# decompilers Price 1. dotpeek 2. ILSpy Free 3. JustDecompile 4. ILDasm Software Protection via Obfuscation - Ciprian LUCACI 7
State of the Art Obfuscation tools C# obfuscators Price Code Virtualization 1. Agile.NET $795 Yes 2. Crypto Obfuscator $149 $4469 Yes 3. Eazfuscator.NET $399 Yes 4. ConfuserEx Free (opensource) No 5. Dotfuscator ~ $1600 No C# decompilers Price 1. dotpeek 2. ILSpy Free 3. JustDecompile 4. ILDasm C# tracers Price 1. dottrace ~$300 2. Intel Pin (binary) Free Software Protection via Obfuscation - Ciprian LUCACI 7
Thesis: Virtualization Obfuscation Goals design and implement virtualization obfuscator for C# programs an open source alternative to commercial obfuscators no free obfuscation tool with virtualization as a feature Software Protection via Obfuscation - Ciprian LUCACI 8
Thesis: Virtualization Obfuscation Goals design and implement virtualization obfuscator for C# programs an open source alternative to commercial obfuscators no free obfuscation tool with virtualization as a feature perform a case-study on a real-world software solution performance evaluation security evaluation Software Protection via Obfuscation - Ciprian LUCACI 8
Background: Virtualization Obfuscation Input: Program P Generate a random new language Translate P to the new language as P` Synthetize an interpreter to translate the new instructions Program P Software Protection via Obfuscation - Ciprian LUCACI 9
Background: Virtualization Obfuscation Input: Program P Generate a random new language Translate P to the new language as P` Synthetize an interpreter to translate the new instructions Program P Virtualization Tool Program P` Obfuscated program Interpreter Software Protection via Obfuscation - Ciprian LUCACI 9
Background: Virtualization Obfuscation Input: Program P Generate a random new language Translate P to the new language as P` Synthetize an interpreter to translate the new instructions Program P Virtualization Tool Usage Software Diversification Mitigate MATE attacks Mitigate Static and Dynamic analysis Program P` Obfuscated program Interpreter Software Protection via Obfuscation - Ciprian LUCACI 9
Background: Virtualization Obfuscation Master Thesis: Virtualization Obfuscation - Ciprian Lucaci 10
Background: Virtualization Obfuscation... Operations assignment addition subtraction method invocation return... Master Thesis: Virtualization Obfuscation - Ciprian Lucaci 10
Background: Virtualization Obfuscation... Operations assignment addition subtraction method invocation return... Master Thesis: Virtualization Obfuscation - Ciprian Lucaci 10
Background: Virtualization Obfuscation... Operations assignment addition subtraction method invocation return... Master Thesis: Virtualization Obfuscation - Ciprian Lucaci 10
Background: Virtualization Obfuscation... Operations assignment addition subtraction method invocation return... Master Thesis: Virtualization Obfuscation - Ciprian Lucaci 10
Background: Virtualization Obfuscation... Operations assignment addition subtraction method invocation return Master Thesis: Virtualization Obfuscation - Ciprian Lucaci 10
Design and Implementation Virtualization Obfuscation Algorithm Refactoring Transformations Virtualization Transformations Virtualization tool Program P 1. Refactor 2. Virtualize Program P` Obfuscated program Interpreter Software Protection via Obfuscation - Ciprian LUCACI 11
Design and Implementation: Algorithm Refactoring transformations Virtualization tool Refactor Virtualize Arithmetic simplification +, -, *, /, ++, --, % Software Protection via Obfuscation - Ciprian LUCACI 12
Design and Implementation: Algorithm Refactoring transformations Virtualization tool Refactor Virtualize Arithmetic simplification +, -, *, /, ++, --, % Software Protection via Obfuscation - Ciprian LUCACI 12
Design and Implementation: Algorithm Refactoring transformations Virtualization tool Refactor Virtualize Arithmetic simplification +, -, *, /, ++, --, % Software Protection via Obfuscation - Ciprian LUCACI 12
Design and Implementation: Algorithm Refactoring transformations Virtualization tool Refactor Virtualize Arithmetic simplification +, -, *, /, ++, --, % Invocation simplification obj.m1().m2().m3() obj.member1.member13 Software Protection via Obfuscation - Ciprian LUCACI 12
Design and Implementation: Algorithm Refactoring transformations Virtualization tool Refactor Virtualize Arithmetic simplification +, -, *, /, ++, --, % Invocation simplification obj.m1().m2().m3() obj.member1.member13 Comparison simplification >, <, >=, <= For, ForEach, DoWhile conversion to While Switch conversion to chained If Local variables initialization Composed assignment Conditional expression Try/Catch statement Software Protection via Obfuscation - Ciprian LUCACI 12
Design and Implementation: Algorithm Virtualization transformations Virtualization tool Refactor Virtualize Step 1. Select method body to virtualize. Software Protection via Obfuscation - Ciprian LUCACI 13
Design and Implementation: Algorithm Virtualization transformations Virtualization tool Refactor Virtualize Step 1. Select method body to virtualize. Step 2. Virtualize constants, local arguments, parameters. - generate DATA array Software Protection via Obfuscation - Ciprian LUCACI 13
Design and Implementation: Algorithm Virtualization transformations Virtualization tool Refactor Virtualize Step 1. Select method body to virtualize. Step 2. Virtualize constants, local arguments, parameters. - generate DATA array Step 3. Process method s body statements. - generate CODE array Software Protection via Obfuscation - Ciprian LUCACI 13
Design and Implementation: Algorithm Virtualization transformations Virtualization tool Refactor Virtualize Step 1. Select method body to virtualize. Step 2. Virtualize constants, local arguments, parameters. - generate DATA array Step 3. Process method s body statements. - generate CODE array Step 4. For compound structures go to previous step and virtualize the statement s body. Software Protection via Obfuscation - Ciprian LUCACI 13
Design and Implementation: Algorithm Virtualization transformations int[] code Virtual Operation Operation Key List<Operand> Prefix Size Postfix Size Offset Frequency Software Protection via Obfuscation - Ciprian LUCACI 14
Design and Implementation: Algorithm Virtualization transformations int[] code Virtual Operation Operation Key List<Operand> Prefix Size Postfix Size Offset Frequency Operation Size Software Protection via Obfuscation - Ciprian LUCACI 14
Design and Implementation: Algorithm Virtualization transformations int[] code Virtual Operation Operation Key List<Operand> Prefix Size Postfix Size Offset Frequency Operation Size Operation Key Software Protection via Obfuscation - Ciprian LUCACI 14
Design and Implementation: Algorithm Virtualization transformations int[] code Virtual Operation Operation Key List<Operand> Prefix Size Postfix Size Offset Frequency Operation Size Prefix Size Operation Key Operand Fake Software Protection via Obfuscation - Ciprian LUCACI 14
Design and Implementation: Algorithm Virtualization transformations int[] code Virtual Operation Operation Key List<Operand> Prefix Size Postfix Size Offset Frequency Operation Size Prefix Size Operation Key Postfix Size Operand Fake Operand Fake Software Protection via Obfuscation - Ciprian LUCACI 14
Design and Implementation: Obfuscation settings Interpreter Inside Method Class Instance Class Static Software Protection via Obfuscation - Ciprian LUCACI 15
Design and Implementation: Obfuscation settings Interpreter Inside Method Class Instance Class Static Software Protection via Obfuscation - Ciprian LUCACI 15
Design and Implementation: Obfuscation settings Interpreter Inside Method Class Instance Class Static Software Protection via Obfuscation - Ciprian LUCACI 15
Design and Implementation: Obfuscation settings Interpreter Inside Method Class Instance Class Static Refactoring Max operands Max invocations Software Protection via Obfuscation - Ciprian LUCACI 16
Design and Implementation: Obfuscation settings Interpreter Inside Method Class Instance Class Static Operation Prefix size Postfix size Junk code Refactoring Max operands Max invocations Software Protection via Obfuscation - Ciprian LUCACI 16
Design and Implementation: Obfuscation settings Interpreter Inside Method Class Instance Class Static Refactoring Max operands Max invocations Operation Prefix size Postfix size Junk code Switch Default section Operation size Software Protection via Obfuscation - Ciprian LUCACI 16
Design and Implementation: Obfuscation settings Randomization points Software Protection via Obfuscation - Ciprian LUCACI 17
Design and Implementation: Obfuscation settings Randomization points Operation key Software Protection via Obfuscation - Ciprian LUCACI 17
Design and Implementation: Obfuscation settings Randomization points Operation key Operands position Software Protection via Obfuscation - Ciprian LUCACI 17
Design and Implementation: Obfuscation settings Randomization points Operation key Operands position Switch sections Software Protection via Obfuscation - Ciprian LUCACI 17
Design and Implementation: Obfuscation settings Randomization points Operation key Operands position Switch sections Array initialization VPC initialization Software Protection via Obfuscation - Ciprian LUCACI 17
Design and Implementation: Obfuscation settings Randomization points Operation key Operands position Switch sections Array initialization VPC initialization Switch: Default section Software Protection via Obfuscation - Ciprian LUCACI 17
Design and Implementation: Obfuscation settings Randomization points Operation key Operands position Switch sections Array initialization VPC initialization Switch: Default section Operation size Software Protection via Obfuscation - Ciprian LUCACI 17
Evaluation Framework [Collberg1998] Potency: To what degree is a human reader confused? Resilience: How well are automatic deobfuscation attacks resisted? Cost: How much time/space overhead is added? Stealth: How well does obfuscated code blend in the original code? Software Protection via Obfuscation - Ciprian LUCACI 18
Evaluation - Potency To what degree is a human reader confused? Software Protection via Obfuscation - Ciprian LUCACI 19
Evaluation - Potency To what degree is a human reader confused? Layout transformations Remove comments Variable lose names Software Protection via Obfuscation - Ciprian LUCACI 19
Evaluation - Potency To what degree is a human reader confused? Layout transformations Remove comments Variable lose names Control flow obfuscation Logic hidden in CODE array Software Protection via Obfuscation - Ciprian LUCACI 19
Evaluation - Potency To what degree is a human reader confused? Layout transformations Remove comments Variable lose names Control flow obfuscation Logic hidden in CODE array Method overloading Class / Instance interpreter Same interpreter for multiple methods Software Protection via Obfuscation - Ciprian LUCACI 19
Evaluation - Potency To what degree is a human reader confused? Layout transformations Remove comments Variable lose names Control flow obfuscation Logic hidden in CODE array Method overloading Class / Instance interpreter Same interpreter for multiple methods Data transformations Variables and constants are stored in DATA array Software Protection via Obfuscation - Ciprian LUCACI 19
Evaluation - Resilience To what degree is an automatic tool confused? Obfuscation Goal Attacker Goal Attacker Model protect intellectual property extract source code or control flow graph man-at-the-end (MATE) Master Thesis: Virtualization Obfuscation - Ciprian Lucaci 20
Evaluation - Resilience To what degree is an automatic tool confused? Virtualization Obfuscation analysis Obfuscation Goal Attacker Goal Attacker Model protect intellectual property extract source code or control flow graph man-at-the-end (MATE) Paper Level Automation Type Result Limitation Risk Applicable 1 [Rolles2009] binary no / partial static manual analysis extract original code time consuming not scalable 2 [Sharif2009] binary yes dynamic analysis control flow graph strong assumptions high no 3 [Coogan2011] binary yes dynamic automatic analysis approximation of original code significant trace 4 [Kinder2012] binary yes static analysis approximated data values 5 [Yadegari2015] binary yes dynamic analysis trace analysis control flow graph difficult to convert equations to CFG code of the emulator analyzed large input space trace simplification high high Master Thesis: Virtualization Obfuscation - Ciprian Lucaci 20 low high yes yes no yes
Evaluation - Resilience Manual static analysis: [Rolles2009] Revert Interpreter Master Thesis: Virtualization Obfuscation - Ciprian Lucaci 21
Evaluation - Resilience Manual static analysis: [Rolles2009] Revert Interpreter Automatic dynamic analysis [Coogan2011] Master Thesis: Virtualization Obfuscation - Ciprian Lucaci 21
Evaluation - Resilience Manual static analysis: [Rolles2009] Revert Interpreter Automatic dynamic analysis [Coogan2011] Step 1: Mark method to trace ConfuserEx, CIL instructions Code injection Master Thesis: Virtualization Obfuscation - Ciprian Lucaci 21
Evaluation - Resilience Manual static analysis: [Rolles2009] Revert Interpreter Automatic dynamic analysis [Coogan2011] Step 1: Mark method to trace ConfuserEx, CIL instructions Code injection Step 2: Trace instructions Data Dump Runtime trace Master Thesis: Virtualization Obfuscation - Ciprian Lucaci 21
Evaluation - Resilience Manual static analysis: [Rolles2009] Revert Interpreter Automatic dynamic analysis [Coogan2011] Step 1: Mark method to trace ConfuserEx, CIL instructions Code injection Step 2: Trace instructions Data Dump Runtime trace Step 3: Simplify traces Python scripts Master Thesis: Virtualization Obfuscation - Ciprian Lucaci 21
Evaluation - Resilience Manual static analysis: [Rolles2009] Revert Interpreter Automatic dynamic analysis [Coogan2011] Step 1: Mark method to trace ConfuserEx, CIL instructions Code injection Step 2: Trace instructions Data Dump Runtime trace Step 3: Simplify traces Python scripts Step 4: Compare traces Master Thesis: Virtualization Obfuscation - Ciprian Lucaci 21
Evaluation - Resilience Step 3: Simplify traces Simplified Obfuscated Software Protection via Obfuscation - Ciprian LUCACI 22
Evaluation - Resilience Step 3: Simplify traces Simplified Obfuscated Software Protection via Obfuscation - Ciprian LUCACI 22
Evaluation - Resilience Step 3: Simplify traces Simplified Obfuscated Software Protection via Obfuscation - Ciprian LUCACI 22
Evaluation - Resilience Step 3: Simplify traces Simplified Obfuscated Software Protection via Obfuscation - Ciprian LUCACI 22
Evaluation - Resilience Step 3: Simplify traces Simplified Obfuscated Software Protection via Obfuscation - Ciprian LUCACI 22
Evaluation - Resilience Step 3: Simplify traces Simplified Obfuscated Software Protection via Obfuscation - Ciprian LUCACI 22
Evaluation - Resilience Step 3: Simplify traces Software Protection via Obfuscation - Ciprian LUCACI 23
Evaluation - Resilience Step 3: Simplify traces Software Protection via Obfuscation - Ciprian LUCACI 23
Evaluation - Resilience Step 3: Simplify traces Software Protection via Obfuscation - Ciprian LUCACI 23
Evaluation - Resilience Step 4: Compare traces
Evaluation - Resilience Step 4: Compare traces Levenshtein distance (edit distance) Character = generic instruction, e.g. load, store, method call Compare: original simplified trace with obfuscated simplified trace
Evaluation - Resilience Step 4: Compare traces Levenshtein distance (edit distance) Character = generic instruction, e.g. load, store, method call Compare: original simplified trace with obfuscated simplified trace Different obfuscation settings Max number of operands Max number of invocations
Distance Evaluation - Resilience 3125 625 Distance / Iterations / Max # Invocations Maximum # Invocations 125 25 5 1 5 25 125 Loop Iterations 1 invocation 2 invocations 3 invocations 4 invocations 5 invocations Maximum 4 Operands Software Protection via Obfuscation - Ciprian LUCACI 25
Evaluation - Resilience Resilience to Settings correlation More Aggressive Refactorization
Evaluation - Cost Runtime overhead How much overhead is added? Software Protection via Obfuscation - Ciprian LUCACI 27
Evaluation - Cost How much overhead is added? Runtime overhead Quick Sort: Iterative and Recursive Binary Search: Iterative and Recursive GitHub Opensource Project: ResourceLib Jungheinrich Components: Startup time Software Protection via Obfuscation - Ciprian LUCACI 27
Evaluation - Cost Runtime overhead Quick Sort: Iterative and Recursive Binary Search: Iterative and Recursive GitHub Opensource Project: ResourceLib Jungheinrich Components: Startup time Size Managed code assembly on the disk How much overhead is added? Software Protection via Obfuscation - Ciprian LUCACI 27
Evaluation - Cost Binary Search runtime performance 4.000.000 elements Software Protection via Obfuscation - Ciprian LUCACI 28
Evaluation - Cost Binary Search runtime performance Binary Search iterative - slowdown trend Binary Search recursive - slowdown trend Software Protection via Obfuscation - Ciprian LUCACI 29
Evaluation - Cost Open Source Project: ResourceLib C# File Resource Management Library 46 unit tests 8 obfuscated methods in 4 different classes out of >100 methods, >40 classes >1300 calls to obfuscated methods 25 times evaluated runtime performance +0.5 https://github.com/dblock/resourcelib Software Protection via Obfuscation - Ciprian LUCACI 30
Evaluation - Cost Jungheinrich Components: Startup time Software Protection via Obfuscation - Ciprian LUCACI 31
Evaluation - Cost Jungheinrich Components: Startup time Logging Component 4 methods obfuscated +0.05 Software Protection via Obfuscation - Ciprian LUCACI 31
Evaluation - Cost Size Software Protection via Obfuscation - Ciprian LUCACI 32
Evaluation - Cost Size Software Protection via Obfuscation - Ciprian LUCACI 32
Evaluation - Cost Size Software Protection via Obfuscation - Ciprian LUCACI 32
Evaluation - Stealth How well does obfuscated code blend in the original code? Software Protection via Obfuscation - Ciprian LUCACI 33
Evaluation - Stealth How well does obfuscated code blend in the original code? Method Signatures maintained No broken dependencies Software Protection via Obfuscation - Ciprian LUCACI 33
Evaluation - Stealth How well does obfuscated code blend in the original code? Method Signatures maintained No broken dependencies Side effects maintained Fields Lambda expressions Software Protection via Obfuscation - Ciprian LUCACI 33
Evaluation - Stealth How well does obfuscated code blend in the original code? Method Signatures maintained No broken dependencies Side effects maintained Fields Lambda expressions Annotations for non-intrusive tagging Use annotations to mark which methods to obfuscate Software Protection via Obfuscation - Ciprian LUCACI 33
Conclusion To Obfuscate or Not To Obfuscate Software Protection via Obfuscation - Ciprian LUCACI 34
Conclusion To Obfuscate or Not To Obfuscate Software Protection there is NO silver bullet!!! always consider the ENTIRE system use OWASP testing guide consider concurrency issues Software Protection via Obfuscation - Ciprian LUCACI 34
Conclusion To Obfuscate or Not To Obfuscate Software Protection there is NO silver bullet!!! always consider the ENTIRE system use OWASP testing guide consider concurrency issues Evaluation do you really need to obfuscate everything? consider worst case scenario use potency, resilience, cost, and stealth as criteria Software Protection via Obfuscation - Ciprian LUCACI 34
Conclusion To Obfuscate or Not To Obfuscate Software Protection there is NO silver bullet!!! always consider the ENTIRE system use OWASP testing guide consider concurrency issues Evaluation do you really need to obfuscate everything? consider worst case scenario use potency, resilience, cost, and stealth as criteria Reverse Engineering reconstruct source code from simplified traces think as the other side Software Protection via Obfuscation - Ciprian LUCACI 34
Conclusion To Obfuscate or Not To Obfuscate Software Protection there is NO silver bullet!!! always consider the ENTIRE system use OWASP testing guide consider concurrency issues Evaluation do you really need to obfuscate everything? consider worst case scenario use potency, resilience, cost, and stealth as criteria Little protection is always better than no protection Reverse Engineering reconstruct source code from simplified traces think as the other side Software Protection via Obfuscation - Ciprian LUCACI 34
Thank you for your attention! Any questions? References [Rolles2009] Unpacking Virtualization Obfuscators [Sharif2009] Automatic Reverse Engineering of Malware Emulators [Coogan2011] Deobfuscation of Virtualization-Obfuscated Software [Kinder2012] Towards Static Analysis of Virtualization-Obfuscated Binaries [Yadegari2015] A Generic Approach to Automatic Deobfuscation of Executable Code [Cazalas2014] Probing the Limits of Virtualized Software Protection [Anckaert2006] Proteus: Virtualization for Diversified Tamper-Resistance [Cohen1993] Operating system protection through program evolution [Collberg1998] Manufacturing Cheap, Resilient, and Stealthy Opaque Constructs Microsoft Roslyn Project: https://github.com/dotnet/roslyn Software Protection via Obfuscation - Ciprian LUCACI 35