Exploiting code mobility for dynamic binary obfuscation

Software protection aims at protecting the integrity of software applications deployed on un-trusted hosts and being subject to illegal analysis. Within an un-trusted environment a possibly malicious user has complete access to system resources and tools in order to analyze and tamper with the application code. To address this research problem, we propose a novel binary obfuscation approach based on the deployment of an incomplete application whose code arrives from a trusted network entity as a flow of mobile code blocks which are arranged in memory with a different customized memory layout. This paper presents our approach to contrast reverse engineering by defeating static and dynamic analysis, and discusses its effectivenes

Software Protection with Code Mobility

The analysis of binary code is a common step of Man-At-The-End attacks to identify code sections crucial to implement attacks, such as identifying private key hidden in the code, identifying sensitive algorithms or tamper with the code to disable protections (e.g. license checks or DRM) embedded in binary code, or use the software in an unauthorized manner. Code Mobility can be used to thwart code analysis and debugging by removing parts of the code from the deployed software program and installing it at run-time by downloading binary code blocks from a trusted server. The proposed architecture of the code mobility protection downloads mobile code blocks, which are allocated dynamically at addresses determined at run-time; control transfers into and out of mobile code blocks are rewritten using the Diablo binary-rewriter tool

Exploiting Code Mobility for Dynamic Binary Obfuscation

Software protection aims at protecting the integrity of software applications deployed on un-trusted hosts and being subject to illegal analysis. Within an un-trusted environment a possibly malicious user has complete access to system resources and tools in order to analyze and tamper with the application code. To address this research problem, we propose a novel binary obfuscation approach based on the deployment of an incomplete application whose code arrives from a trusted network entity as a flow of mobile code blocks which are arranged in memory with a different customized memory layout. This paper presents our approach to contrast reverse engineering by defeating static and dynamic analysis, and discusses its effectiveness