Binary obfuscation method based on ROP (Return Oriented Programming) attack feature

A binary and characteristic technology, applied in the system and software security, computer field, can solve problems such as performance loss, dependence on specific hardware processor, easy to be cracked, etc., to achieve low execution speed loss, wide applicability, and low program performance loss Effect

Inactive Publication Date: 2017-03-22
NANJING UNIV
View PDF5 Cites 14 Cited by
  • Summary
  • Abstract
  • Description
  • Claims
  • Application Information

AI Technical Summary

Problems solved by technology

[0012] On the basis of the existing work, the purpose of the present invention is to: propose a new binary obfuscation method based on ROP attack characteristics, solve the problems of easy cracking, serious performance loss, and dependence on specific hardware processors in the existing software obfuscation methods question

Method used

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
View more

Image

Smart Image Click on the blue labels to locate them in the text.
Viewing Examples
Smart Image
  • Binary obfuscation method based on ROP (Return Oriented Programming) attack feature
  • Binary obfuscation method based on ROP (Return Oriented Programming) attack feature
  • Binary obfuscation method based on ROP (Return Oriented Programming) attack feature

Examples

Experimental program
Comparison scheme
Effect test

Embodiment Construction

[0033] The method of the present invention at first disassembles the ELF binary file, obtains the assembly code, then divides the assembly code into basic blocks; after obtaining the basic blocks, carries out ROP instrumentation to the basic blocks, so that the basic blocks are converted into gadgets ending with ret instructions, these The code in the gadget form is the code in the obfuscated form; then, based on the assembly code in the gadget form, add the FindNext binary search function code, add the payload data segment and the maptable data segment, generate an asm format assembly file, recompile, and generate a new executable Execute the file; finally, reconstruct the original executable file, fill the content of the original code segment with nop instructions, add a new code segment newtxt to store the obfuscated code, and add a new data segment payload segment to control the gadget The connection between them adds a new data segment maptable segment for address mapping ...

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to view more

PUM

No PUM Login to view more

Abstract

The invention provides a binary obfuscation method based on a ROP (Return Oriented Programming) attack feature. The method comprises the steps of disassembling an original binary file and dividing basic blocks; carrying out ROP form instrumentation on the basic blocks, thereby obtaining gadget form assembly code ended by a ret instruction; and refactoring recompiled new code and the original binary file, and generating a finally obfuscated executable file. According to the method, through application of a mode of converting a code segment of the binary file into a gadget form, an obfuscation purpose is achieved. The software obfuscation performance loss is low. The deployable performance is high. The dependence on a feature of a special hardware processor is removed.

Description

technical field [0001] The invention belongs to the field of computer technology, especially the field of system and software safety. The invention provides a software obfuscation method utilizing Return Oriented Programming (ROP) attack technical characteristics, which is used for protecting application software. Background technique [0002] Software piracy, tampering and reverse engineering have seriously threatened the security of software. Therefore, protecting software from running normally in an unknown environment and preventing attacks from reverse engineering and static analysis has become an important issue in software protection. Code obfuscation is widely accepted as a way of software protection. ROP attack is a code reuse attack. As a software attack technique, the control flow obfuscation of executable files can be performed by using the serial characteristics of gadgets during the attack. [0003] Reverse engineering: Reverse analysis of the target softwar...

Claims

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to view more

Application Information

Patent Timeline
no application Login to view more
Patent Type & Authority Applications(China)
IPC IPC(8): G06F21/14
CPCG06F21/14
Inventor 郭佳茅兵
Owner NANJING UNIV
Who we serve
  • R&D Engineer
  • R&D Manager
  • IP Professional
Why Eureka
  • Industry Leading Data Capabilities
  • Powerful AI technology
  • Patent DNA Extraction
Social media
Try Eureka
PatSnap group products

Browse by: Latest US Patents, China's latest patents, Technical Efficacy Thesaurus, Application Domain, Technology Topic.

© 2024 PatSnap. All rights reserved.Legal|Privacy policy|Modern Slavery Act Transparency Statement|Sitemap