Deobfuscating Tools for the Validation & Verification of Tamper-proofed Software

Recently, there has been an increase in the use of anti-tamper techniques (e.g., obfuscation) in all types of software. However, applying anti-tamper techniques is technically challenging, and when applied to large, sophisticated software, there is a danger of introducing subtle bugs, or not introducing sufficient protection. The existing state of anti-tamper technology is undesirable in that it (a) is much too effective at protecting (small) malware samples, but (b) does not offer sufficient guarantees of correctness and protection for (large) legitimate applications.

We propose a deobfuscation tool that uses machine-code analysis to check that the (self-protecting) program output from a tamper-proofing tool is indeed protected, and has the same behavior as the input program. This deobfuscator leverages concolic analysis techniques. Program analysis techniques can be divided into dynamic analyses that observe the subject program when executed on a set of inputs, and static analyses that consider all possible executions, without executing the subject program on any particular input. Each approach has its strengths and weaknesses. Concolic analysis combines static and dynamic analyses and leverage the strengths of each to counter the weaknesses of the other.

Keywords: software protection, deobfuscation, reverse engineering, concolic execution, disassembly.


Areas | Products | Sponsors | Publications | News | About Us © 2007-2012, GrammaTech, Inc. All rights reserved.
The Synthesizer Generator, Ada-ASSURED, Ada-Utilities, and SmashProof are trademarks of GrammaTech, Inc. CodeSurfer and CodeSonar are registered trademarks of GrammaTech, Inc.