back

Lets break modern binary code obfuscation

A semantics based approach

If you suspend your transcription on amara.org, please add a timestamp below to indicate how far you progressed! This will help others to resume your work!

Please do not press “publish” on amara.org to save your progress, use “save draft” instead. Only press “publish” when you're done with quality control.

Video duration
01:00:03
Language
English
Abstract
Do you want to learn how modern binary code obfuscation and deobfuscation works? Did you ever encounter road-blocks where well-known deobfuscation techniques do not work? Do you want to see a novel deobfuscation method that learns the code's behavior without analyzing the code itself? Then come to our talk and we give you a step-by-step guide.

This talk might be interesting for you if you love reverse engineering or binary security analysis. We present you modern code obfuscation techniques, such as opaque predicates, arithmetic encoding and virtualization-based obfuscation. Further, we explain state-of-the-art methods in (automated) deobfuscation [1] as well as how to break these [2]. Finally, we introduce a novel approach [3] that learns the code's semantics and demonstrate how this can be used to deobfuscate real-world obfuscated code.

[1] https://www.ieee-security.org/TC/SP2015/papers-archived/6949a674.pdf
[2] https://mediatum.ub.tum.de/doc/1343173/1343173.pdf
[3] https://www.usenix.org/system/files/conference/usenixsecurity17/sec17-blazytko.pdf

Talk ID
8789
Event:
34c3
Day
1
Room
Saal Dijkstra
Start
6:30 p.m.
Duration
01:00:00
Track
Security
Type of
lecture
Speaker
Tim Blazytko
Moritz Contag
Talk Slug & media link
34c3-8789-lets_break_modern_binary_code_obfuscation
English
0.0% Checking done0.0%
0.0% Syncing done0.0%
0.0% Transcribing done0.0%
100.0% Nothing done yet100.0%
  

Work on this video on Amara!

English: Transcribed until

Last revision: 2 years, 3 months ago