Obfuscation Flashcards
What is an informal definition of obfuscation?
To obfuscate a program P means to transform it into a executable program P’ from which it is harder to extract information than from P.
What is an informal definition of reverse engineering?
The process of extracting data or a model of the system by inspecting its lower level description and/or behavior.
Name 2 attack scenarios addressed by obfuscation
Stealing intellectual property, stealing secrets embedded in program
Name the two main types of obfuscation and their respective properties
Static obfuscation:
- obfuscated program remains fixed at runtime
- raises bar against static analysis
- can be attacked through dynamic techniques
Dynamic obfuscation
- program keeps changing at runtime -> self modifying code
- raises the bar against static analysis
What are different ‘Points of insertion’ for obfuscation?
Source code, Intermediate representation, machine code
What are the different Transformation targets?
- layout -> scramble identifiers and code layout
- data -> obfuscate data embedded in code
- control flow -> obfuscate secret algorithms
Name 9 different static obfuscation techniques
Confuse Code Reader:
- Scramble identifiers
- Instruction substitution
- Garbage code insertion
- Merging and splitting functions
- Control-flow flattening
Confuse Code Reader and Compiler:
- Opaque predicates
- Virtualization obfuscation
- Opaque expressions
- White-box cryptography
What is Scrambling identifiers?
Identifier names are replaced with random strings
What is instruction substitution?
Replace binary operation by functionally equivalent but more complicated computations
What is garbage code insertion?
Dead code is added
What are opaque predicates?
Opaque predicates are bogus branches in the control flow which always take the same branch, although hard to see for an attacker
What is control-flow flattening?
- Put each basic block in a case of a switch statement
2. Wrap the switch statement in an infinite loop
What is a possible attack on control-flow flattening and how could it be countered?
- Find next blocks of every basic block
- Rebuild original CFG
Mitigation: assign opaque expression to next
What is an opaque expression?
An opaque expression is an expression that will always evaluate to the same value in a way not obvious for an attacker.
How do opaque expressions from array aliasing work?
- A statically initialized array with seemingly random values
- The values are generated such that some invariant holds
- Update array cells with values that respect invariants