Deobfuscation reverse engineering obfuscated code

Sharath K. Udupa, Saumya K Debray, Matias Madou

Research output: Chapter in Book/Report/Conference proceedingConference contribution

107 Citations (Scopus)

Abstract

In recent years, code obfuscation has attracted attention as a low cost approach to improving software security by making it difficult for attackers to understand the inner workings of proprietary software systems. This paper examines techniques for automatic deobfuscation of obfuscated programs, as a step towards reverse engineering such programs. Our results indicate that much of the effects of code obfuscation, designed to increase the difficulty of static analyses, can be defeated using simple combinations of straightforward static and dynamic analyses, Our results have applications to both software engineering and software security. In the context of software engineering, we show how dynamic analyses can be used to enhance reverse engineering, even for code that has been designed to be difficult to reverse engineer. For software security, our results serve as an attack model for code obfuscators, and can help with the development of obfuscation techniques that are more resilient to straightforward reverse engineering.

Original languageEnglish (US)
Title of host publicationProceedings - Working Conference on Reverse Engineering, WCRE
Pages45-56
Number of pages12
Volume2005
DOIs
StatePublished - 2005
EventWCRE: 12th Working Conference on Reverse Engineering 2005 - Pittsburgh, PA, United States
Duration: Nov 7 2005Nov 11 2005

Other

OtherWCRE: 12th Working Conference on Reverse Engineering 2005
CountryUnited States
CityPittsburgh, PA
Period11/7/0511/11/05

Fingerprint

Reverse engineering
Software engineering
Engineers
Costs

ASJC Scopus subject areas

  • Engineering(all)

Cite this

Udupa, S. K., Debray, S. K., & Madou, M. (2005). Deobfuscation reverse engineering obfuscated code. In Proceedings - Working Conference on Reverse Engineering, WCRE (Vol. 2005, pp. 45-56). [1566145] https://doi.org/10.1109/WCRE.2005.13

Deobfuscation reverse engineering obfuscated code. / Udupa, Sharath K.; Debray, Saumya K; Madou, Matias.

Proceedings - Working Conference on Reverse Engineering, WCRE. Vol. 2005 2005. p. 45-56 1566145.

Research output: Chapter in Book/Report/Conference proceedingConference contribution

Udupa, SK, Debray, SK & Madou, M 2005, Deobfuscation reverse engineering obfuscated code. in Proceedings - Working Conference on Reverse Engineering, WCRE. vol. 2005, 1566145, pp. 45-56, WCRE: 12th Working Conference on Reverse Engineering 2005, Pittsburgh, PA, United States, 11/7/05. https://doi.org/10.1109/WCRE.2005.13
Udupa SK, Debray SK, Madou M. Deobfuscation reverse engineering obfuscated code. In Proceedings - Working Conference on Reverse Engineering, WCRE. Vol. 2005. 2005. p. 45-56. 1566145 https://doi.org/10.1109/WCRE.2005.13
Udupa, Sharath K. ; Debray, Saumya K ; Madou, Matias. / Deobfuscation reverse engineering obfuscated code. Proceedings - Working Conference on Reverse Engineering, WCRE. Vol. 2005 2005. pp. 45-56
@inproceedings{3143b93905a64a5e9a5fbba4924f8288,
title = "Deobfuscation reverse engineering obfuscated code",
abstract = "In recent years, code obfuscation has attracted attention as a low cost approach to improving software security by making it difficult for attackers to understand the inner workings of proprietary software systems. This paper examines techniques for automatic deobfuscation of obfuscated programs, as a step towards reverse engineering such programs. Our results indicate that much of the effects of code obfuscation, designed to increase the difficulty of static analyses, can be defeated using simple combinations of straightforward static and dynamic analyses, Our results have applications to both software engineering and software security. In the context of software engineering, we show how dynamic analyses can be used to enhance reverse engineering, even for code that has been designed to be difficult to reverse engineer. For software security, our results serve as an attack model for code obfuscators, and can help with the development of obfuscation techniques that are more resilient to straightforward reverse engineering.",
author = "Udupa, {Sharath K.} and Debray, {Saumya K} and Matias Madou",
year = "2005",
doi = "10.1109/WCRE.2005.13",
language = "English (US)",
isbn = "0769524745",
volume = "2005",
pages = "45--56",
booktitle = "Proceedings - Working Conference on Reverse Engineering, WCRE",

}

TY - GEN

T1 - Deobfuscation reverse engineering obfuscated code

AU - Udupa, Sharath K.

AU - Debray, Saumya K

AU - Madou, Matias

PY - 2005

Y1 - 2005

N2 - In recent years, code obfuscation has attracted attention as a low cost approach to improving software security by making it difficult for attackers to understand the inner workings of proprietary software systems. This paper examines techniques for automatic deobfuscation of obfuscated programs, as a step towards reverse engineering such programs. Our results indicate that much of the effects of code obfuscation, designed to increase the difficulty of static analyses, can be defeated using simple combinations of straightforward static and dynamic analyses, Our results have applications to both software engineering and software security. In the context of software engineering, we show how dynamic analyses can be used to enhance reverse engineering, even for code that has been designed to be difficult to reverse engineer. For software security, our results serve as an attack model for code obfuscators, and can help with the development of obfuscation techniques that are more resilient to straightforward reverse engineering.

AB - In recent years, code obfuscation has attracted attention as a low cost approach to improving software security by making it difficult for attackers to understand the inner workings of proprietary software systems. This paper examines techniques for automatic deobfuscation of obfuscated programs, as a step towards reverse engineering such programs. Our results indicate that much of the effects of code obfuscation, designed to increase the difficulty of static analyses, can be defeated using simple combinations of straightforward static and dynamic analyses, Our results have applications to both software engineering and software security. In the context of software engineering, we show how dynamic analyses can be used to enhance reverse engineering, even for code that has been designed to be difficult to reverse engineer. For software security, our results serve as an attack model for code obfuscators, and can help with the development of obfuscation techniques that are more resilient to straightforward reverse engineering.

UR - http://www.scopus.com/inward/record.url?scp=33846192387&partnerID=8YFLogxK

UR - http://www.scopus.com/inward/citedby.url?scp=33846192387&partnerID=8YFLogxK

U2 - 10.1109/WCRE.2005.13

DO - 10.1109/WCRE.2005.13

M3 - Conference contribution

AN - SCOPUS:33846192387

SN - 0769524745

SN - 9780769524740

VL - 2005

SP - 45

EP - 56

BT - Proceedings - Working Conference on Reverse Engineering, WCRE

ER -