Abstract
With the development of the software industry, the competition between software protection and cracking has become increasingly fierce, and corresponding protection and cracking methods have emerged in endlessly. Nowadays, most hackers need reverse engineering coupled with static analysis to perform cracking. Software protection is usually prevented from being cracked or maliciously reused through program obfuscation. Opaque predicates have been proposed for program obfuscation in recent years. The main approaches are to add condition branches with bogus program paths whose execution is unknown before runtime. Unlike those approaches, we propose a new obfuscation method dubbed BinSEAL in this paper by converting direct function calls of a program into indirect ones and using opaque predicates to obfuscate the target addresses. We implement BinSEAL and publish a toolset that can automatically transform Linux COTS binaries into obfuscated ones without requiring binary reconstruction. Evaluation results show that our method can resist certain static analysis such as symbolic execution.
This is a preview of subscription content, log in via an institution to check access.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
References
Balachandran, V., Emmanuel, S.: Software code obfuscation by hiding control flow information in stack. In: 2011 IEEE International Workshop on Information Forensics and Security, pp. 1–6. IEEE (2011)
Collberg, C., Thomborson, C., Low, D.: A taxonomy of obfuscating transformations (1997)
Collberg, C., Thomborson, C., Low, D.: Breaking abstractions and unstructuring data structures. In: Proceedings of the 1998 International Conference on Computer Languages (Cat. No. 98CB36225), pp. 28–38. IEEE (1998)
Dolan, S.: MOV is Turing-complete. Cl. Cam. Ac. Uk, pp. 1–4 (2013)
Lin, Z., Riley, R.D., Xu, D.: Polymorphing software by randomizing data structure layout. In: Flegel, U., Bruschi, D. (eds.) DIMVA 2009. LNCS, vol. 5587, pp. 107–126. Springer, Heidelberg (2009). https://doi.org/10.1007/978-3-642-02918-9_7
Ming, J., Xu, D., Wang, L., Wu, D.: LOOP: logic-oriented opaque predicate detection in obfuscated binary code. In: Proceedings of the 22nd ACM SIGSAC Conference on Computer and Communications Security, pp. 757–768 (2015)
Mu, D., Guo, J., Ding, W., Wang, Z., Mao, B., Shi, L.: ROPOB: obfuscating binary code via return oriented programming. In: Lin, X., Ghorbani, A., Ren, K., Zhu, S., Zhang, A. (eds.) SecureComm 2017. LNICST, vol. 238, pp. 721–737. Springer, Cham (2018). https://doi.org/10.1007/978-3-319-78813-5_38
Popov, I.V., Debray, S.K., Andrews, G.R.: Binary obfuscation using signals. In: USENIX Security Symposium, pp. 275–290 (2007)
ProGuard: Shrink, obfuscate, and optimize your app (2020). https://developer.android.com/studio/build/shrink-code
Seto, T., Monden, A., Yücel, Z., Kanzaki, Y.: On preventing symbolic execution attacks by low cost obfuscation. In: 2019 20th IEEE/ACIS International Conference on Software Engineering, Artificial Intelligence, Networking and Parallel/Distributed Computing (SNPD), pp. 495–500. IEEE (2019)
Suk, J.H., Lee, Y.B., Lee, D.H.: SCORE: source code optimization & reconstruction. IEEE Access 8, 129478–129496 (2020)
Tofighi-Shirazi, R., Asavoae, I.M., Elbaz-Vincent, P., Le, T.H.: Defeating opaque predicates statically through machine learning and binary analysis. In: Proceedings of the 3rd ACM Workshop on Software Protection, pp. 3–14 (2019)
Xu, D., Ming, J., Wu, D.: Generalized dynamic opaque predicates: a new control flow obfuscation method. In: Bishop, M., Nascimento, A.C.A. (eds.) ISC 2016. LNCS, vol. 9866, pp. 323–342. Springer, Cham (2016). https://doi.org/10.1007/978-3-319-45871-7_20
Xu, H., Zhou, Y., Kang, Y., Tu, F., Lyu, M.: Manufacturing resilient bi-opaque predicates against symbolic execution. In: 2018 48th Annual IEEE/IFIP International Conference on Dependable Systems and Networks (DSN), pp. 666–677. IEEE (2018)
Zobernig, L., Galbraith, S.D., Russello, G.: When are opaque predicates useful? In: 2019 18th IEEE International Conference on Trust, Security and Privacy in Computing and Communications/13th IEEE International Conference on Big Data Science and Engineering (TrustCom/BigDataSE), pp. 168–175. IEEE (2019)
Acknowledgements
We sincerely thank reviewers for their insightful feedback. This work was supported in part by NSFC Award #61972200.
Author information
Authors and Affiliations
Corresponding authors
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2021 Springer Nature Switzerland AG
About this paper
Cite this paper
Qin, R., Han, H. (2021). BinSEAL: Linux Binary Obfuscation Against Symbolic Execution. In: Wang, G., Chen, B., Li, W., Di Pietro, R., Yan, X., Han, H. (eds) Security, Privacy, and Anonymity in Computation, Communication, and Storage. SpaCCS 2020. Lecture Notes in Computer Science(), vol 12383. Springer, Cham. https://doi.org/10.1007/978-3-030-68884-4_6
Download citation
DOI: https://doi.org/10.1007/978-3-030-68884-4_6
Published:
Publisher Name: Springer, Cham
Print ISBN: 978-3-030-68883-7
Online ISBN: 978-3-030-68884-4
eBook Packages: Computer ScienceComputer Science (R0)