基于浮点数类型转换和运算的不透明谓词构造方法

doi:10.11959/j.issn.2096-109x.2023068

Abstract

Abstract:

With the increasing complexity of software functions and the evolving technologies of network attacks, malicious behaviors such as software piracy, software cracking, data leakage, and malicious software modification are on the rise.As a result, software security has become a focal point in industry research.Code obfuscation is a common software protection technique used to hinder reverse engineering.It aims to make program analyzing and understanding more difficult for attackers while preserving the original program functionality.However, many existing code obfuscation techniques suffer from performance loss and poor concealment in pursuit of obfuscation effectiveness.Control flow obfuscation, particularly opaque predicate obfuscation, is widely used to increase the difficulty of code reverse engineering by disrupting the program’s control flow.A method was proposed to address the limitations of existing code obfuscation techniques.It utilized the phenomenon of precision loss that occurred during type conversion and floating-point number operations in computers.Under certain conditions, this method produced operation results that contradict common sense.By performing forced type conversion, addition, and multiplication with selected decimal numbers, a series of opaque predicates can be constructed based on the statistical analysis of their operation results.This approach achieved code obfuscation with high concealment, good generality, reversibility, and low overhead compared to traditional opaque predicates.Experimental verification demonstrates that this method significantly slows down attackers’ reverse engineering efforts and exhibits good resistance to dynamic analysis techniques such as symbolic execution.

Key words: code obfuscation, bogus control flow, opaque predicates, floating point operations

CLC Number:

TP393

Qingfeng WANG, Hao LIANG, Yawen WANG, Genlin XIE, Benwei HE. Constructing method of opaque predicate based on type conversion and operation of floating point numbers[J]. Chinese Journal of Network and Information Security, 2023, 9(5): 48-58.

Figures/Tables 9

References 27

[1]	奇安信代码安全实验室. 2022 中国软件供应链安全分析报告[EB].
	Qi An Xin Code Security Lab. 2022 China software supply chain security analysis report[EB].
[2]	BSA Global Software Survey. Software management:security imperative,business opportunity[EB].
[3]	张汉宁 . 基于精简指令集的软件保护虚拟机技术研究[D]. 西安:西北大学, 2010.
	ZHANG H N . Research on software protection virtual machine technology based on reduced instruction set[D]. Xi'an:Northwest University, 2010.
[4]	SHERIDAN B , SHERR M . On manufacturing resilient opaque constructs against static analysis[J]. Springer International Publishing, 2016.
[5]	COLLBERG C , THOMBORSON C , LOW D . A taxonomy of obfuscating transformations[J]. Technical Report, 1997.
[6]	李成扬, 黄天波, 陈夏润 ,等. LLVM 中间语言的控制流混淆方案[J]. 计算机工程与应用, 2023,(4): 1-8.
	LI C Y , HUANG T B , CHEN X R ,et al. Control flow obfuscation scheme for LLVM intermediate languages[J]. Computer Engineering and Applications, 2023,(4): 1-8.
[7]	LáSZLó T , KISS A . Obfuscating C++ programs via control flow flattening[R]. 2009.
[8]	ROLLES R . Unpacking virtualization obfuscators[C]// Proceedings of the 3rd USENIX Conference on Offensive Technologies. 2009.
[9]	KUANG K , TANG Z , GONG X ,et al. Exploiting dynamic scheduling for VM-based code obfuscation[C]// 2017 IEEE Trustcom/BigDataSE/I SPA. 2017.
[10]	陈耀阳 . 基于代码混淆的软件保护技术研究与实现[D]. 南京:南京邮电大学, 2021.
	CHEN Y Y . Research and implementation of software protection technology based on code obfuscation[D]. Nanjing:Nanjing University of Posts and Telecommunications, 2021.
[11]	房鼎益, 张恒, 汤战勇 ,等. 一种抗语义攻击的虚拟化软件保护方法[J]. 工程科学与技术, 2017,49(1): 159-168.
	FANG D Y , ZHANG H , TANG Z Y ,et al. DAS-VMP:a virtual machine-based software protection method for defending against semantic attacks[J]. Advanced Engineering Sciences, 2017,49(1): 159-168.
[12]	汤战勇, 李光辉, 房鼎益 ,等. 一种具有指令集随机化的代码虚拟化保护系统[J]. 华中科技大学学报(自然科学版), 2016,44(3): 28-33.
	TANG Z Y , LI G H , FANG D Y ,et al. Code virtualized protection system with instruction set randomization[J]. Journal of Huazhong University of Science and Technology(Natural Science Edition), 2016,44(3): 28-33.
[13]	COLLBERG C , THOMBORSON C , LOW D . Manufacturing cheap,resilient,and stealthy opaque constructs[C]// Proceedings of the 25th ACM SIGPLAN-SIGACT Symposium on Principles of Programming Languages (POPL ’98). 1998: 184-196.
[14]	袁征, 冯雁, 温巧燕 ,等. 构造一种新的混淆 Java 程序的不透明谓词[J]. 北京邮电大学学报, 2007,30(6): 103-106.
	YUAN Z , FENG Y , WEN Q Y ,et al. Manufacture of a new opaque predicate for java programs[J]. Journal of Beijing University of Posts and Telecom, 2007,30(6): 103-106.
[15]	MOSER A , KRUEGEL C , KIRDA E . Limits of static analysis for malware detection[C]// Twenty-Third Annual Computer Security Applications Conference (ACSAC 2007). 2007.
[16]	TIELLA R , CECCATO M . Automatic generation of opaque constants based on the k-clique problem for resilient data obfuscation[C]// 2017 IEEE 24th International Conference on Software Analysis,Evolution and Reengineering (SANER). 2017: 182-192.
[17]	SHARIF M , LANZI A , GIFFIN J ,et al. Impeding malware analysis using conditional code obfuscation[C]// Proceedings of the Network and Distributed System Security Symposium (NDSS 2008). 2008.
[18]	ZHU W , THOMBORSON C . A provable scheme for homomorphic obfuscations in software security[R]. ACTA Press, 2005.
[19]	ARBOIT G . A method for watermarking Java programs via opaque predicates[C]// Proc Int Conf Electronic Commerce Research, 2002.
[20]	WANG Z , MING J , JIA C ,et al. Linear obfuscation to combat symbolic execution[C]// European Symposium on Research in Computer Security. 2011.
[21]	付蒙 . 抵抗符号执行的不透明谓词混淆技术研究[D]. 西安:西安电子科技大学, 2019.
	FU M . Research on opaque predicate-based obfuscations against symbolic execution[D]. Xi’an:Xidian University, 2019.
[22]	KING J C . Symbolic execution and program testing[J]. Communications of the ACM, 1976,19(7): 385-394.
[23]	MING J , XU D , WANG L ,et al. LOOP:logic-oriented opaque predicate detection in obfuscated binary code[C]// Proceedings of the 22nd ACM SIGSAC Conference on Computer and Communications Security. 2015: 757-768.
[24]	YADEGARI B , JOHANNESMEYER B , WHITELY B ,et al. A generic approach to automatic deobfuscation of executable code[C]// 2015 IEEE Symposium on Security and Privacy. 2015: 674-691.
[25]	BARDIN S , DAVID R , MARION J Y . Backward-bounded DSE:targeting infeasibility questions on obfuscated codes[C]// 2017 IEEE Symposium on Security and Privacy (SP). 2017: 633-651.
[26]	BANESCU S , COLLBERG C , GANESH V ,et al. Code obfuscation against symbolic execution attacks[C]// Proceedings of the 32nd Annual Conference on Computer Security Applications. 2016: 189-200.
[27]	王国俊 . 有理数、无理数与实数[J]. 数学的实践与认识, 1998(3): 258-266.
	WANG G J . Rational,irrational and numbers[J]. Mathematics in Practice and Theory, 1998(3): 258-266.

Metrics

Recommended 0

No Suggested Reading articles found!

数字	0.1	0.2	0.3	0.4	0.5	0.6	0.7	0.8	0.9
0.1	=	=	=	=	=	>	=	>	=
0.2	=	=	=	=	=	=	=	=	=
0.3	=	=	=	>	=	>	=	=	=
0.4	=	=	>	=	=	=	=	=	=
0.5	=	=	=	=	=	=	=	=	=
0.6	>	=	>	=	=	=	=	>	=
0.7	=	=	=	=	=	=	=	=	<
0.8	>	=	=	=	=	>	=	=	=
0.9	=	=	=	=	=	=	<	=	=

数字	0.1	0.2	0.3	0.4	0.5	0.6	0.7	0.8	0.9
0.1	>	>	>	>	=	>	=	>	<
0.2	>	>	>	>	=	>	=	>	<
0.3	>	>	=	>	=	=	>	>	=
0.4	>	>	>	>	=	>	=	>	<
0.5	=	=	=	=	=	=	=	=	=
0.6	>	>	=	>	=	=	>	>	=
0.7	=	=	>	=	=	>	<	=	=
0.8	>	>	>	>	=	>	=	>	<
0.9	<	<	=	<	=	=	=	<	<

文件类型	基准测试程序	程序运行时间/s
文件类型	基准测试程序	实际	用户态	系统
	bzip2	2.699	2.687	0.002
	mcf	470.588	470.255	0.246
origin	gobmk	0.153	0.136	0.011
	sjeng	5.042	4.954	0.078
	lbm	2.351	2.245	0.098
	sphinx3	0.352	0.332	0.015
	bzip2	14.213	14.199	0.002
	mcf	1400.885	1400.324	0.273
origin+bcf1	gobmk	0.941	0.929	0.008
	sjeng	44.066	43.973	0.077
	lbm	3.919	3.828	0.082
	sphinx3	1.022	0.992	0.023
	bzip2	13.721	13.707	0.002
	mcf	1427.152	1426.625	0.231
origin+bcf2	gobmk	0.855	0.846	0.005
	sjeng	34.516	34.428	0.07
	lbm	4.024	3.943	0.076
	sphinx3	0.98	0.957	0.018
	bzip2	13.51	13.494	0.002
	mcf	1160.316	1159.864	0.239
origin+bcf3	gobmk	0.517	0.506	0.004
	sjeng	22.4	22.322	0.067
	lbm	3.616	3.526	0.087
	sphinx3	0.719	0.696	0.018

文件类型	可执行文件大小/bit
文件类型	bzip2	mcf	gobmk	sjeng	lbm	sphinx3
origin	134 080	30 560	4 228 400	206 328	38 616	280 272
origin+bcf1	1 915 344	305 744	20 450 280	3 149 064	173 984	3 703 776
origin+bcf2	1 231 808	206 688	14 157 104	1 971 704	132 824	2 397 904
origin+bcf3	936 896	161 632	11 552 048	1 471 992	116 440	1 840 848

文件类型	可执行文件相似度
文件类型	bzip2	mcf	gobmk	sjeng	lbm	sphinx3
origin VS origin+bcf1	0.18	0.21	0.17	0.12	0.31	0.18
origin VS origin+bcf2	0.15	0.22	0.14	0.12	0.32	0.13
origin VS origin+bcf3	0.16	0.22	0.14	0.10	0.32	0.12

Constructing method of opaque predicate based on type conversion and operation of floating point numbers

RichHTML

PDF下载

Knowledge

Abstract

Cite this article

share this article

Figures/Tables 9

References 27

Related Articles 2

Metrics

Recommended 0

[1]	Yuqiang XIAO, Yunfei GUO, Yawen WANG. Metrics for code obfuscation based on symbolic execution and N-scope complexity [J]. Chinese Journal of Network and Information Security, 2022, 8(6): 123-134.
[2]	Pu GENG,Yuefei ZHU. Review of path branch obfuscation [J]. Chinese Journal of Network and Information Security, 2020, 6(2): 12-18.