Control Flow Obfuscation Technology Based on Implicit Jump

doi:10.3778/j.issn.1002-8331.2007-0109

Abstract

Abstract:

The traditional control flow obfuscation schemes introduce some special structures to obfuscate or hide the control flow information of the original program, but this will cause a lot of extra overhead. In addition, for sensitive information in the control flow, the commonly used obfuscation techniques do not have complete protection in program. To solve these problems, a control flow obfuscation technique based on implicit jump is proposed. First the control flow diagram of the program is analyzed and established to obtain the dependencies of each basic block; then a state transition model is established to assign a runtime state to each basic block; finally, the proposed method encrypts and protects sensitive information such as control flow jumps, function calls, and variable references based on the keys generated by this state. These sensitive information are converted into an implicit form that needs to be decrypted at runtime to achieve anti-static analysis. In addition, in view of the duplication of ciphertexts of the same object, a two-stage encryption scheme based on environmental keys is proposed to further reduce the exposure of sensitive information. Experimental results show that compared with the traditional obfuscation technology, this scheme will not have a great impact on the runtime performance of the program, and it can also help the program resist static analysis more comprehensively.

Key words: control flow graph, obfuscation, implicit jump, anti-static analysis

摘要：

传统的控制流混淆方案是通过引入一些特殊结构来混淆或隐藏原程序的控制流信息，但这会导致大量的额外开销，此外针对控制流中其他敏感信息，常用的混淆技术并没有完善的保护方案。针对这些问题，提出了基于隐式跳转的控制流混淆技术。分析建立程序的控制流图，获取每个基本块的依赖关系，建立状态转移模型，为每个基本块分配一个运行时状态，并根据该状态生成的密钥来对控制流的跳转、函数的调用及变量的引用等敏感信息进行加密保护，使之转换为需要在运行时解密才能使用的隐式形式，从而实现反静态分析。此外，针对相同对象的密文重复问题，提出了基于环境密钥的两阶段加密方案，进一步减少敏感信息的暴露。实验结果表明，该方案并不会对程序运行时性能造成很大影响，同时还能较为完善地帮助程序抵抗静态分析。

关键词: 控制流图, 代码混淆, 隐式跳转, 反静态分析

CHEN Yaoyang, CHEN Wei. Control Flow Obfuscation Technology Based on Implicit Jump[J]. Computer Engineering and Applications, 2021, 57(20): 125-132.

陈耀阳，陈伟. 采用隐式跳转的控制流混淆技术[J]. 计算机工程与应用, 2021, 57(20): 125-132.

References

[1] COLLBERG C S，THOMBORSON C.Watermarking，tamper-proofing，and obfuscation-tools for software protection[J].IEEE Transactions on Software Engineering，2002，28（8）：735-746.
[2] Wikipedia Contributors.Reverse engineering[EB/OL].[2020-05-16].https：//en.wikipedia.org/wiki/Reverse_engineering.
[3] COLLBERG C，THOMBORSON C，LOW D.A taxonomy of obfuscating transformations[R].New Zealand：The University of Auckland.Department of Computer Science，1997.
[4] BROUKHIS L.The international obfuscated C code contest[EB/OL].[2020-06-03].https：//ioccc.org/.
[5] Guardsquare.ProGuard[EB/OL].[2020-06-04].https：//www.guardsquare.com/en/products/proguard.
[6] FOKET C，DE BOSSCHERE K，DE SUTTER B.Effective and efficient Java-type obfuscation[J].Software：Practice and Experience，2020，50（2）：136-160.
[7] WARREN H S.Hacker’s delight[M].Hoboken：Addison-Wesley Professional，2012：10-11.
[8] 吴伟民，林水明，林志毅.一种基于混沌不透明谓词的压扁控制流算法[J].计算机科学，2015，42（5）：178-182.
WU W M，LIN S M，LIN Z Y.Chaotic-based opaque predicate control flow flatten algorithm[J].Computer Science，2015，42（5）：178-180.
[9] MING J，XU D，WANG L，et al.Loop：logic-oriented opaque predicate detection in obfuscated binary code[C]//Proceedings of the 22nd ACM SIGSAC Conference on Computer and Communications Security，2015：757-768.
[10] DRAPE S.Intellectual property protection using obfuscation[R].Oxford：Oxford University Computing Laboratory，2010.
[11] XU D，MING J，WU D.Generalized dynamic opaque predicates：a new control flow obfuscation method[C]//International Conference on Information Security.Cham：Springer，2016：323-342.
[12] TOFIGHI-SHIRAZI R，ASAVOAE I M，ELBAZ-VINCENT P，et al.Defeating opaque predicates statically through machine learning and binary analysis[C]//Proceedings of the 3rd ACM Workshop on Software Protection，2019：3-14.
[13] LASZLO T，KISS A.Obfuscating C++ programs via control flow flattening[C]//Proc of the 10th Symposium on Programing Languages and Software Tools，2007：3-19.
[14] Naville.Hikari[EB/OL].[2020-06-04].https：//github.com/HikariObfuscator/Hikari.
[15] Hex-Rayd.IDA Pro[EB/OL].[2020-06-04].https：//www.hex-rays.com/products/ida/.
[16] FALCARIN P.Software protection[J].IEEE Software，2011，28（2）：24-27.
[17] JUNOD P，RINALDINI J，WEHRLI J，et al.Obfuscator-LLVM--software protection for the masses[C]//2015 IEEE/ACM 1st International Workshop on Software Protection，2015：3-9.
[18] Free Software Foundation.GNU operating system[EB/OL].[2020-06-17].http：//www.gnu.org/software/coreutils/.
[19] BRAD C.Crypto-algorithms[EB/OL].[2020-06-17].https：//github.com/B-Con/crypto-algorithms.
[20] Packetizer Forums.AES Crypt[EB/OL].[2020-06-18].https：//www.aescrypt.com/.
[21] SEWARD J.Bzip2[EB/OL].[2020-06-18].http：//www.bzip.org/.