Fighting against computer malware require a mandatory step of reverseengineering. As soon as the code has been disassemblied/decompiled (including adynamic analysis step), there is a hope to understand what the malware actuallydoes and to implement a detection mean. This also applies to protection ofsoftware whenever one wishes to analyze them. In this paper, we show how toamour code in such a way that reserse engineering techniques (static anddymanic) are absolutely impossible by combining malicious cryptographytechniques developped in our laboratory and new types of programming (k-arycodes). Suitable encryption algorithms combined with new cryptanalyticapproaches to ease the protection of (malicious or not) binaries, enable toprovide both total code armouring and large scale polymorphic features at thesame time. A simple 400 Kb of executable code enables to produce a binary codeand around $2^{140}$ mutated forms natively while going far beyond the oldconcept of decryptor.
展开▼