Software (De)-Obfuscation

What do games developer, financial institutions and malware authors have in common? They want to make their software more difficult to analyze; they want it to be more resilient to reverse engineering.

Code obfuscation describes a set of techniques which aim to impede reverse engineering. Contrary, code deobfuscation techniques transform the obfuscated code into a simpler representation which is easier to understand.

In this training, we will get to know state-of-the-art code obfuscation techniques and have a look at how these complicate reverse engineering. Afterwards, we will gradually become familiar with different deobfuscation techniques and use them to break the obfuscation schemes in hands-on sessions. Thereby, participants will deepen their knowledge in program analysis and learn when and how (not) to use different techniques.

Trainer und Dozenten

Tim Blazytko is a reverse engineer and final-year PhD student at the Ruhr-Universität Bochum. His research focus is on novel methods for program analysis in the context of binary application security. Alongside his research, Tim gives trainings and performs security audits as a freelancer.

Voraussetzungen

Inhalt

Code (De)obfuscation

  • motivation
  • application scenarios
  • program analysis techniques

Code Obfuscation Techniques

  • opaque predicates
  • control-flow flattening
  • mixed Boolean-Arithmetic
  • virtual machines

Code Deobfuscation Techniques

  • compiler optimizations
  • reconstructing control flow
  • taint analysis
  • symbolic execution

Compiler Optimizations

  • dead code elimination
  • constant propagation/folding
  • static single assignment (SSA)
  • applications to deobfuscation

Symbolic Execution

  • intermediate languages for reverse engineering
  • symbolic and semantic simplification of obfuscated code
  • automation in reverse engineering
  • deobfuscating VM-based obfuscation schemes
  • breaking opaque predicates

Kurszeiten

Wer möchte, reist bis 22 Uhr am Vortag an und nutzt den Abend bereits zum Fachsimpeln am Kamin oder im Park.

An den Kurstagen dann von 9-18 Uhr (mit 2 Kaffee- und 1 Mittagspause) etwa 60% Schulungen und 40% Übungen. Selbstverständlich arbeitet jeder Teilnehmer am von uns gestellten Notebook oft parallel zum Referenten mit.

Anschließend Abendessen und Angebote für Fachsimpeln, Ausflüge uvm. Wir schaffen eine Atmosphäre, in der Fachleute sich ungezwungen austauschen. Wer das nicht will, wird zu nichts gezwungen und findet auch jederzeit Ruhe.