Defeating MBA-based Obfuscation

Abstract : Mixed Boolean-Arithmetic expressions are presented as a strong protection in the context of data flow obfuscation. As there is very little literature on the analysis of such obfus-cated expressions, two important subjects of interest are: to define what simplifying those expressions means, and how to design a simplification solution. We focus on evaluating the resilience of this technique, by giving theoretical elements to justify its efficiency and proposing a simplification algorithm using a pattern matching approach. The implementation of this solution is capable of simplifying the public examples of MBA-obfuscated expressions, demonstrating that at least a subset of MBA obfuscation lacks resilience against pattern matching analysis.
Document type :
Conference papers
Liste complète des métadonnées

Cited literature [30 references]  Display  Hide  Download

https://hal.archives-ouvertes.fr/hal-01388109
Contributor : Marion Videau <>
Submitted on : Wednesday, October 26, 2016 - 2:56:56 PM
Last modification on : Thursday, February 7, 2019 - 4:51:57 PM

File

spro05.pdf
Files produced by the author(s)

Identifiers

Citation

Ninon Eyrolles, Louis Goubin, Marion Videau. Defeating MBA-based Obfuscation. 2nd International Workshop on Software PROtection, Oct 2016, Vienna, Austria. ⟨10.1145/2995306.2995308⟩. ⟨hal-01388109⟩

Share

Metrics

Record views

419

Files downloads

625