Skip to Main content Skip to Navigation
Journal articles

Effectiveness of Synthesis in Concolic Deobfuscation

Abstract : Control flow obfuscation techniques can be used to hinder software reverse-engineering. Symbolic analysis can counteract these techniques, but only if they can analyze obfuscated conditional statements. We evaluate the use of dynamic synthesis to complement symbolic analysis in the analysis of obfuscated conditionals. We test this approach on the taint-analysis-resistant Mixed Boolean Arithmetics (MBA) obfuscation method that is commonly used to obfuscate and randomly diversify statements. We experimentally ascertain the practical feasibility of MBA obfuscation. We study using SMT-based approaches with different state-of-the-art SMT solvers to counteract MBA obfuscation, and we show how targeted algebraic simplification can greatly reduce the analysis time. We show that synthesis-based deobfuscation is more effective than current SMT-based deobfuscation algorithms, thus proposing a synthesis-based attacker model to complement existing attacker models.
Document type :
Journal articles
Complete list of metadata

Cited literature [49 references]  Display  Hide  Download

https://hal.inria.fr/hal-01241356
Contributor : Fabrizio Biondi <>
Submitted on : Sunday, November 5, 2017 - 10:19:39 PM
Last modification on : Saturday, July 11, 2020 - 3:16:17 AM
Long-term archiving on: : Tuesday, February 6, 2018 - 12:27:43 PM

File

cosemain.pdf
Files produced by the author(s)

Identifiers

Citation

Fabrizio Biondi, Sébastien Josse, Axel Legay, Thomas Sirvent. Effectiveness of Synthesis in Concolic Deobfuscation. Computers and Security, Elsevier, 2017, 70, pp.500-515. ⟨10.1016/j.cose.2017.07.006⟩. ⟨hal-01241356v2⟩

Share

Metrics

Record views

661

Files downloads

3119