Defeating MBA-based Obfuscation

Abstract : Mixed Boolean-Arithmetic expressions are presented as a strong protection in the context of data flow obfuscation. As there is very little literature on the analysis of such obfus-cated expressions, two important subjects of interest are: to define what simplifying those expressions means, and how to design a simplification solution. We focus on evaluating the resilience of this technique, by giving theoretical elements to justify its efficiency and proposing a simplification algorithm using a pattern matching approach. The implementation of this solution is capable of simplifying the public examples of MBA-obfuscated expressions, demonstrating that at least a subset of MBA obfuscation lacks resilience against pattern matching analysis.
Type de document :
Communication dans un congrès
ACM. 2nd International Workshop on Software PROtection, Oct 2016, Vienna, Austria. Proceedings of the 2nd International Workshop on Software PROtection, 2016, <10.1145/2995306.2995308>
Liste complète des métadonnées

https://hal.archives-ouvertes.fr/hal-01388109
Contributeur : Marion Videau <>
Soumis le : mercredi 26 octobre 2016 - 14:56:56
Dernière modification le : samedi 18 février 2017 - 01:17:24

Fichier

spro05.pdf
Fichiers produits par l'(les) auteur(s)

Identifiants

Citation

Ninon Eyrolles, Louis Goubin, Marion Videau. Defeating MBA-based Obfuscation. ACM. 2nd International Workshop on Software PROtection, Oct 2016, Vienna, Austria. Proceedings of the 2nd International Workshop on Software PROtection, 2016, <10.1145/2995306.2995308>. <hal-01388109>

Partager

Métriques

Consultations de
la notice

209

Téléchargements du document

138