GPU Powered Malware
Résumé
There is an increasing interest in Graphics Processing Units for general-purpose programming, due to their processing power and massively parallel design. Therefore, most consumer graphics hardware are now fully programmable using either Nvidia's CUDA toolkit or AMD/ATI Stream SDK. This presentation will give an analysis of how the GPU can be used by malware as an anti-reverse engineering platform, with examples using the CUDA technology. With CUDA, the GPU is fully programmable in C, but the resulting device program can't be debugged because Nvidia's GPUs do not support this feature natively. As a result, a malware analyst has to use static analysis against the device code in order to understand the malware. But this task is harder with GPU code than with traditional binaries since the source of a CUDA program is compiled to undocumented microcode (and therefore unsupported by standard disassemblers such as IDA Pro). Finally, this presentation will also assess the technical feasability of an unpacker written fully in device code.