obfuscation & reverse engineering - auckland › compsci316s2c › ...obfuscation & reverse...
TRANSCRIPT
![Page 1: Obfuscation & Reverse Engineering - Auckland › compsci316s2c › ...OBFUSCATION & REVERSE ENGINEERING Lecture 16b COMPSCI 316 Cyber Security. Top right corner for field customer](https://reader030.vdocument.in/reader030/viewer/2022040108/5f045b0d7e708231d40d9275/html5/thumbnails/1.jpg)
Slide title
In CAPITALS
50 pt
Slide subtitle
32 pt
Muhammad Rizwan Asghar
August 27, 2019
OBFUSCATION &
REVERSE ENGINEERING
Lecture 16b
COMPSCI 316
Cyber Security
![Page 2: Obfuscation & Reverse Engineering - Auckland › compsci316s2c › ...OBFUSCATION & REVERSE ENGINEERING Lecture 16b COMPSCI 316 Cyber Security. Top right corner for field customer](https://reader030.vdocument.in/reader030/viewer/2022040108/5f045b0d7e708231d40d9275/html5/thumbnails/2.jpg)
Top right
corner for
field
customer or
partner logotypes.
See Best practice
for example.
Slide title
40 pt
Slide subtitle
24 pt
Text
24 pt
5
20 pt
2
FOCUS OF THIS LECTURE
Understand code obfuscation
Know reverse engineering
![Page 3: Obfuscation & Reverse Engineering - Auckland › compsci316s2c › ...OBFUSCATION & REVERSE ENGINEERING Lecture 16b COMPSCI 316 Cyber Security. Top right corner for field customer](https://reader030.vdocument.in/reader030/viewer/2022040108/5f045b0d7e708231d40d9275/html5/thumbnails/3.jpg)
Top right
corner for
field
customer or
partner logotypes.
See Best practice
for example.
Slide title
40 pt
Slide subtitle
24 pt
Text
24 pt
5
20 pt
3
CODE OBFUSCATION
Code obfuscation aims at hardening the process of
reverse engineering
A promising technique to protect sensitive information
in application code
– E.g., password match or licence check
Code obfuscation can be broadly classified into four
main categories [Balachandran TIFS13]
– Layout obfuscation
– Design obfuscation
– Data obfuscation
– Control obfuscation
![Page 4: Obfuscation & Reverse Engineering - Auckland › compsci316s2c › ...OBFUSCATION & REVERSE ENGINEERING Lecture 16b COMPSCI 316 Cyber Security. Top right corner for field customer](https://reader030.vdocument.in/reader030/viewer/2022040108/5f045b0d7e708231d40d9275/html5/thumbnails/4.jpg)
Top right
corner for
field
customer or
partner logotypes.
See Best practice
for example.
Slide title
40 pt
Slide subtitle
24 pt
Text
24 pt
5
20 pt
4
LAYOUT OBFUSCATION
Layout obfuscation refers to obscuring the
layout of the program
Examples– Deleting comments
– Removing debugging information
– Renaming variables
– Changing formatting of source code
– …
![Page 5: Obfuscation & Reverse Engineering - Auckland › compsci316s2c › ...OBFUSCATION & REVERSE ENGINEERING Lecture 16b COMPSCI 316 Cyber Security. Top right corner for field customer](https://reader030.vdocument.in/reader030/viewer/2022040108/5f045b0d7e708231d40d9275/html5/thumbnails/5.jpg)
Top right
corner for
field
customer or
partner logotypes.
See Best practice
for example.
Slide title
40 pt
Slide subtitle
24 pt
Text
24 pt
5
20 pt
5
DESIGN OBFUSCATION
Design obfuscation refers to obscuring the
design of the software system
Examples– Splitting classes
– Merging classes
– …
![Page 6: Obfuscation & Reverse Engineering - Auckland › compsci316s2c › ...OBFUSCATION & REVERSE ENGINEERING Lecture 16b COMPSCI 316 Cyber Security. Top right corner for field customer](https://reader030.vdocument.in/reader030/viewer/2022040108/5f045b0d7e708231d40d9275/html5/thumbnails/6.jpg)
Top right
corner for
field
customer or
partner logotypes.
See Best practice
for example.
Slide title
40 pt
Slide subtitle
24 pt
Text
24 pt
5
20 pt
6
DATA OBFUSCATION
Data obfuscation aims at preventing the
adversary from extracting information from the
data used in the program
Examples– Data to procedure conversion
Encoding (or encryption)
E.g., input == “1234” vs H(input) == “78CD…”
– Variable splitting
– Changing lifetime of variables
– …
![Page 7: Obfuscation & Reverse Engineering - Auckland › compsci316s2c › ...OBFUSCATION & REVERSE ENGINEERING Lecture 16b COMPSCI 316 Cyber Security. Top right corner for field customer](https://reader030.vdocument.in/reader030/viewer/2022040108/5f045b0d7e708231d40d9275/html5/thumbnails/7.jpg)
Top right
corner for
field
customer or
partner logotypes.
See Best practice
for example.
Slide title
40 pt
Slide subtitle
24 pt
Text
24 pt
5
20 pt
7
CONTROL OBFUSCATION
Control obfuscation obscures the control flow
information of the program
Examples– Opaque predicates
E.g., “if (1 > 0)”
– Control flow flattening
It breaks the structure of Control Flow Graphs
(CFGs)
– …
![Page 8: Obfuscation & Reverse Engineering - Auckland › compsci316s2c › ...OBFUSCATION & REVERSE ENGINEERING Lecture 16b COMPSCI 316 Cyber Security. Top right corner for field customer](https://reader030.vdocument.in/reader030/viewer/2022040108/5f045b0d7e708231d40d9275/html5/thumbnails/8.jpg)
Top right
corner for
field
customer or
partner logotypes.
See Best practice
for example.
Slide title
40 pt
Slide subtitle
24 pt
Text
24 pt
5
20 pt
8
REVERSE ENGINEERING
Reverse engineering techniques aim at
analysing the code
A reverse engineer can understand the code
by using reverse engineering tools
![Page 9: Obfuscation & Reverse Engineering - Auckland › compsci316s2c › ...OBFUSCATION & REVERSE ENGINEERING Lecture 16b COMPSCI 316 Cyber Security. Top right corner for field customer](https://reader030.vdocument.in/reader030/viewer/2022040108/5f045b0d7e708231d40d9275/html5/thumbnails/9.jpg)
Top right
corner for
field
customer or
partner logotypes.
See Best practice
for example.
Slide title
40 pt
Slide subtitle
24 pt
Text
24 pt
5
20 pt
9
SAMPLE QUESTION
Which one of the following is not protected by
Code Obfuscation?
a) Password matching
b) Licence check
c) Business logic
d) Output of a program
![Page 10: Obfuscation & Reverse Engineering - Auckland › compsci316s2c › ...OBFUSCATION & REVERSE ENGINEERING Lecture 16b COMPSCI 316 Cyber Security. Top right corner for field customer](https://reader030.vdocument.in/reader030/viewer/2022040108/5f045b0d7e708231d40d9275/html5/thumbnails/10.jpg)
Top right
corner for
field
customer or
partner logotypes.
See Best practice
for example.
Slide title
40 pt
Slide subtitle
24 pt
Text
24 pt
5
20 pt
10
SAMPLE QUESTION: ANSWER
Which one of the following is not protected by
Code Obfuscation?
a) Password matching
b) Licence check
c) Business logic
d) Output of a program
Answer) d
![Page 11: Obfuscation & Reverse Engineering - Auckland › compsci316s2c › ...OBFUSCATION & REVERSE ENGINEERING Lecture 16b COMPSCI 316 Cyber Security. Top right corner for field customer](https://reader030.vdocument.in/reader030/viewer/2022040108/5f045b0d7e708231d40d9275/html5/thumbnails/11.jpg)
Top right
corner for
field
customer or
partner logotypes.
See Best practice
for example.
Slide title
40 pt
Slide subtitle
24 pt
Text
24 pt
5
20 pt
11
SUMMARY
Code obfuscation is used in practice
Software developers use obfuscation
– To protect intellectual property
– To make app repackaging difficult
Malware developers also use obfuscation to
hide malicious code
There is an arms race between code
obfuscation and reverse engineering
![Page 12: Obfuscation & Reverse Engineering - Auckland › compsci316s2c › ...OBFUSCATION & REVERSE ENGINEERING Lecture 16b COMPSCI 316 Cyber Security. Top right corner for field customer](https://reader030.vdocument.in/reader030/viewer/2022040108/5f045b0d7e708231d40d9275/html5/thumbnails/12.jpg)
Top right
corner for
field
customer or
partner logotypes.
See Best practice
for example.
Slide title
40 pt
Slide subtitle
24 pt
Text
24 pt
5
20 pt
12
RESOURCES
[Balachandran TIFS13] Balachandran, Vivek, and Sabu
Emmanuel, Potent and Stealthy Control Flow Obfuscation by
Stack Based Self-modifying Code, IEEE Transactions on
Information Forensics and Security (TIFS) 8, no. 4 (2013): 669-681
[Download link]
Asghar, Muhammad Rizwan, and Andrew Luxton-Reilly, Teaching
Cyber Security Using Competitive Software Obfuscation and
Reverse Engineering Activities, In Proceedings of the 49th ACM
Technical Symposium on Computer Science Education, pp. 179-
184. ACM, 2018 [Download link]
Obfuscation and reverse engineering tools:
https://mobilesecuritywiki.com
![Page 13: Obfuscation & Reverse Engineering - Auckland › compsci316s2c › ...OBFUSCATION & REVERSE ENGINEERING Lecture 16b COMPSCI 316 Cyber Security. Top right corner for field customer](https://reader030.vdocument.in/reader030/viewer/2022040108/5f045b0d7e708231d40d9275/html5/thumbnails/13.jpg)
Top right
corner for
field
customer or
partner logotypes.
See Best practice
for example.
Slide title
40 pt
Slide subtitle
24 pt
Text
24 pt
5
20 pt
13
Questions?
Thanks for your attention!