Explore beautiful and ugly buildings. Mathematics helps us create beautiful d...
OIVM
1. Code Obfuscation for Protection Against
Assembly Level Code Reversing
Group 10
Final Minor Internal Presentation
Adwiteeya Agrawal 08496303110
Kritika Sobti 10296303110
Code Obfuscation for Protection Against Assembly Level Code Reversing
2. Contents
Problem Description
Our Approach
System Design
Implementation
Tests
Results
Ratings
References
Future Scope
Code Obfuscation for Protection Against Assembly Level Code Reversing
3. Problem Description
A model needs to be developed that can slow
down cracking/reversing of software.
Code Obfuscation for Protection Against Assembly Level Code Reversing
4. Related Work
Copyright Laws
Media Protection Schemes.
Serial Number based Authentication.
Hardware Based Serial No authentication.
Software as a service
Antireversing – Program Encryption, Anti – Debugging,
Removing Info Disclosures
5. Our Approach
Inlining a VM with a customized instruction set
and porting a packer + encryption routine
over it.
Code Obfuscation for Protection Against Assembly Level Code Reversing
6. System Design
7 Registers, 32 Bits.
65,536 * 4 bytes stack.
Header free, read only Rom Input.
183 Instructions in 11 categories. One Byte format.
RUN to execute fetch, decode and execute.
Special Instruction to execute realloc for runtime expansion
of code.
Code Obfuscation for Protection Against Assembly Level Code Reversing
7. Implementation
Following routines were ported.
Addition
Array Implementation
Loop
Linear Search
Substitution Cipher
On the Fly Code Decryption
On the Fly Code Unpacking(POC)
Code Obfuscation for Protection Against Assembly Level Code Reversing
9. On the Fly Expansion
ALGORITHM
Enter Elements of the Dictionary on stack
Read Rom to get Index
Get Value from the Stack and place new
code on the stack
Write Rom
10. Tests
• Q1 : Have you reversed an Obfuscated code
before ?
• Q2 : Was the code structure familiar to you?
• Q3 : Were you able to Reverse the program ?
• Q4 : Were you able to Patch the program ?
• Q5 : Were you able to identify that this is a VM ?
• Q6 : Would it be faster if you knew this was a VM
beforehand?
Code Obfuscation for Protection Against Assembly Level Code Reversing
12. How Tough ?
Rated an average of 8.7/10 difficulty
Code Obfuscation for Protection Against Assembly Level Code Reversing
13. References | TOP 4
• The Enlightenment(2) :
Reversing Secrets Of Reverse Engineering, The art of
Assembly
• Getting Started :
http://en.wikibooks.org/wiki/Creating_a_Virtual_Mach
ine/Register_VM_in_C
• Similar but Minimal Approach :
http://crackmes.de/users/opcode0x90/crackme_nop_v
m
Code Obfuscation for Protection Against Assembly Level Code Reversing
14. Future Scope
Porting an existing Anti - Debugging Routine.
A randomizer function.
Porting Multiple VMs
Writing a compiler
Byte Translation : Emulator
Porting more complex but critical functions to
OIVM
Code Obfuscation for Protection Against Assembly Level Code Reversing