programmers resources
  http://www.intel-assembler.it/  (c)2017 intel-assembler.it   info@intel-assembler.it
 
Search :  
Lingua Italiana    English Language   
Index
 
just an empty assembly space
just an arrow Intel Platform
just an arrow Article & Guides
just an arrow Download Software


23/01/2009 Featured Article: How to remove Buzus Virus (permalink)




:::3135481:::
Bottone Scambio Directory Pubblicitaonline.it
Home Page | Articles & Guides | Download | Intel Platform | Contacts

Google
 


Bookmark and Share
Download 
Tell a friend



Applied Binary Code Obfuscation

Obfuscation in assembler

(by n.george, g.charalambous)

Obfuscation is a technique very used for protecting code from prying eyes. It can be a simple XORing of the bytes or a more difficult scrambled and modified rappresentation of the original binary.
This article is online from 2973 days and has been seen 8209 times


Applied Binary Code Obfuscation Date
21/02/2009
N.George, G.Charalambous

An obfuscated code is the one that is hard (but not impossible) to read and understand. Sometimes corporate developers, programmers and malware coders for security reasons, intentionally obfuscate their software in an attempt to delay reverse engineering or confuse antivirus engines from identifying malicious behaviors. Nowadays, obfuscation is often applied to object oriented cross-platform programming languages like Java, .NET (C#, VB), Perl, Ruby, Python and PHP. That is because their code can be easily decompiled and examined making them vulnerable to reverse engineering. On the other hand, obfuscating binary code is not as easy as encrypting object or function names as it is done in programming languages mentioned above. In this case, the code is altered by using a variety of transformations, for instance self modifying code, stack operations or even splitting the factors of simple mathematical functions. Moreover, binary obfuscation is also used to defeat automated network traffic analyzers such like Intrusion Detection and Prevention Systems. In other words, binary code obfuscation is the technique of altering the original code structure and maintaining its original functionality. In the next pages of this paper we will explore the theory and practice of binary code obfuscation as well as a number of various techniques that can be used.

- Introduction
- Tools
- Instruction Obfuscations
- EIP (the Instruction Pointer)
- return EIP;
- CALL myself
- Stack Based Obfuscation
- 1. PUSH <value/register>
- 2. POP <register/[memory]>
- 3. CALL <address>
- 4. RETN
- 5. MOV <register/[memory]>,<register/[memory]/value>
- 6. JMP <address>
- Arithmetic and Logical Binary Obfuscation
- 1. ADD <register/memory>, <value>
- 2. SUB <register/[memory]>, <value>
- 3. ADD <register,[memory]>,1
- 4. SUB <register/[memory]>,1
- 5. MOV <register>, 0
- 6. NOP
- 7. NOT<register/[memory]>
- 8. CMP <register>,0
- 9. NEG <register/[memory]>
- 10. MOV <register>,<value>
- Additional Obfuscations
- SAHF/LAHF
- Polymorphisism and Self Modifying Code
- Example Software
- Program Analysis
- Source Code
- User Interface
- Assembled Code
- General Obfuscation approach
- Obfuscation Index Table



Top
Download 
Tell a friend
Bookmark and Share



Similar Articles

Anti Debugging Tricks Analysis
Notes by M.Forrest on 'Anti Debugging Tricks'
(by Michael Forrest)

Anti Debugging Tricks Rel.2
Tecniche di Antidebug in assembler
(by Inbar Raz)

Anti Debugging Tricks Rel.5
Antidebugging techniques
(by Inbar Raz)

Anti-Debugger Techniques
Assembler techniques for protecting code
(by Anonymous)

Avoiding Windows Rootkit Detection
Bypassing PatchFinder 2
(by Edgar Barbosa)

Bifurcation of variables
An approach at protecting program functions
(by Lord Soth)

Binary Protection Schemes
Code Protection under Linux
(by Andrew Griffiths)

Code Concealment
Come sigillare il proprio codice
(by Demogorgon)

Copylok
Documento tecnico di analisi sul Copylok
(by Kilby)

Extending DOS Executables
How to modify a Windows executable relocating code
(by Digital Alchemist)

How to undongle
hardware key debugging with softice
(by Xoanon)

Keep Your Code Hidden From Prying Eyes
Tecniche di back-jump nel codice
(by Demogorgon)

Reverse engineering: Anti-cracking Techniques
How to protect your code in 24 pages
(by N.George, G.Charalambous)

Windows Anti-Debug Reference
Several anti-debugging techniques used on Windows
(by Nicolas Falliere)

Writing Self-Modifying Code
Utilizing Advanced Assembly techniques
(by Russell Sanford)

Xoanon-flags
A debugging session in some old protection scheme
(by Xoanon / Pinnacle)

Xoanon-timelock
A debugging session on an old protection scheme
(by Xoanon / Pinnacle)

Yodas Protector 1.02
An exe protector with antidebug, antidump
(by Ashkbiz Danehkar)

 Tags: antidebug, protection


webmaster jes
writers rguru, tech-g, aiguru, drAx

site optimized for IE/Firefox/Chrome with 1024x768 resolution

Valid HTML 4.01 Transitional


ALL TRADEMARKS ® ARE PROPERTY OF LEGITTIMATE OWNERS.
© ALL RIGHTS RESERVED.

hosting&web - www.accademia3.it

grossocactus
find rguru on
http://www.twitter.com/sicurezza3/
... send an email ...
Your name

Destination email

Message

captcha! Code