BinSEAL: Linux Binary Obfuscation Against Symbolic Execution

BinSEAL: Linux Binary Obfuscation Against Symbolic Execution

연구 분야: Analysis

학회: International Conference on Security, Privacy and Anonymity in Computation, Communication and Storage

With the development of the software industry, the competition between software protection and cracking has become increasingly fierce, and corresponding protection and cracking methods have emerged in endlessly. Nowadays, most hackers need reverse engineering coupled with static analysis to perform cracking. Software protection is usually prevented from being cracked or maliciously reused through program obfuscation. Opaque predicates have been proposed for program obfuscation in recent years. The main approaches are to add condition branches with bogus program paths whose execution is unknown before runtime. Unlike those approaches, we propose a new obfuscation method dubbed BinSEAL in this paper by converting direct function calls of a program into indirect ones and using opaque predicates to obfuscate the target addresses. We implement BinSEAL and publish a toolset that can automatically transform Linux COTS binaries into obfuscated ones without requiring binary reconstruction. Evaluation results show that our method can resist certain static analysis such as symbolic execution.