Please use this identifier to cite or link to this item: http://hdl.handle.net/2445/176925
Title: Code deobfuscation by program synthesis-aided simplification of mixed boolean-arithmetic expressions
Author: Gàmez i Montolio, Arnau
Director/Tutor: Roca Cánovas, Raúl
Benseny, Antoni
Reyes De Los Mozos, Mario
Keywords: Matemàtica discreta
Treballs de fi de grau
Teoria de la computació
Lògica matemàtica
Àlgebra universal
Discrete mathematics
Bachelor's thesis
Theory of computation
Mathematical logic
Universal algebra
Issue Date: 21-Jun-2020
Abstract: [en] This project studies the theoretical background of Mixed Boolean-Arithmetic (MBA) expressions as well as its practical applicability within the field of code obfuscation, which is a technique used both by malware threats and software protection in order to complicate the process of reverse engineering (parts of) a program. An MBA expression is composed of integer arithmetic operators, e.g. $(+,-, *)$ and bitwise operators, e.g. $(\wedge, \vee, \oplus, \neg).$ MBA expressions can be leveraged to obfuscate the data-flow of code by iteratively applying rewrite rules and function identities that complicate (obfuscate) the initial expression while preserving its semantic behavior. This possibility is motivated by the fact that the combination of operators from these different fields do not interact well together: we have no rules (distributivity, factorization...) or general theory to deal with this mixing of operators. Current deobfuscation techniques to address simplification of this type of data-flow obfuscation are limited by being strongly tied to syntactic complexity. We explore novel program synthesis approaches for addressing simplification of MBA expressions by reasoning on the semantics of the obfuscated expressions instead of syntax, discussing their applicability as well as their limits. We present our own tool $r$ 2syntia that integrates Syntia, an open source program synthesis tool, into the reverse engineering framework radare 2 in order to retrieve the semantics of obfuscated code from its Input/Output behavior. Finally, we provide some improvement ideas and potential areas for future work to be done.
Note: Treballs Finals de Grau de Matemàtiques, Facultat de Matemàtiques, Universitat de Barcelona, Any: 2020, Director: Raúl Roca Cánovas, Antoni Benseny i Mario Reyes de los Mozos
URI: http://hdl.handle.net/2445/176925
Appears in Collections:Treballs Finals de Grau (TFG) - Enginyeria Informàtica
Programari - Treballs de l'alumnat
Treballs Finals de Grau (TFG) - Matemàtiques

Files in This Item:
File Description SizeFormat 
codi_176925.zipCodi font165.57 kBzipView/Open
176925.pdfMemòria2.52 MBAdobe PDFView/Open


This item is licensed under a Creative Commons License Creative Commons