binOb+: A Framework for Potent and Stealthy Binary Obfuscation

摘要

Reverse engineering is the process of discovering a high-level structure and its semantics from a lower-level structure. In order to prevent malicious use of reverse engineering against binaries, various techniques have been developed called bi nary obfuscation. Obfuscated binary is a transformed binary which retains original binary's executing behavior while its outer representation obstructs the reverse engineering. In this paper we propose three novel approaches to improve the binary obfuscation. First we propose a generalized binary obfuscation algorithm that covers any specific or whole part of a binary code by using confusing code and redirecting control-flow using exceptions. Second, we employ a data mining method to make our obfuscated binary look like a normal binary. And third, we address the issue that the previous techniques could not be applied to Windows bi naries by designing a new exception hooking mechanism in Windows. Experimental results show that our obfuscated binary can hide 60-90% of the original instructions from re verse engineering tools, while its execution slows down a little, and moreover the obfuscated binary's stealth can be guaranteed.