Obfuscation techniques in Java Therese Berge Jonas Ringedal.

Slides:

Advertisements

Similar presentations

1 The Project of this year Mariano Ceccato FBK - Fondazione Bruno Kessler

Advertisements

Saumya Debray The University of Arizona Tucson, AZ

CS266 Software Reverse Engineering (SRE) Applying Anti-Reversing Techniques to Machine Code Teodoro (Ted) Cipresso,

JavaScript Obfuscation Facts and Fiction Pedro Fortuna, Co-Founder and CTO AuditMark.

Deducing Similarities in Java Source from Bytecodes (Appeared in the 1998 USENIX Technical Conference.) Brenda S. Baker Bell Laboratories, Lucent Technologies.

Feature requests for Case Manager By Spar Nord Bank A/S IBM Insight 2014 Spar Nord Bank A/S1.

Java Code Obfuscation Neerja Bhatnagar. Reverse Engineering Figuring out source code corresponding to a given byte code Source code intellectual property,

Copyright © The OWASP Foundation Permission is granted to copy, distribute and/or modify this document under the terms of the OWASP License. The OWASP.

Preventing Reverse Engineering by Obfuscating Bharath Kumar.

Códigos y Criptografía Francisco Rodríguez Henríquez Software Security Through Code Obfuscation.

CS266 Software Reverse Engineering (SRE) Applying Anti-Reversing Techniques to Java Bytecode Teodoro (Ted) Cipresso,

DR. MIGUEL ÁNGEL OROS HERNÁNDEZ 9. Técnicas anti-ingeniería inversa.

.NET IL Obfuscation Presented by: Sarath Chandra Dorbala.

Software Obfuscation Anirban Majumdar University of Trento

Name: Hao Yuan Supervisor: Len Hamey ITEC810 ProjectTransformations for Obfuscating Object-Oriented Programs1.

1 Static Testing: defect prevention SIM objectives Able to list various type of structured group examinations (manual checking) Able to statically.

Cpeg421-08S/final-review1 Course Review Tom St. John.

Java for High Performance Computing Jordi Garcia Almiñana 14 de Octubre de 1998 de la era post-internet.

Combining Static and Dynamic Data in Code Visualization David Eng Sable Research Group, McGill University PASTE 2002 Charleston, South Carolina November.

Lecture 1CS 380C 1 380C Last Time –Course organization –Read Backus et al. Announcements –Hadi lab Q&A Wed 1-2 in Painter 5.38N –UT Texas Learning Center:

Principles of Procedural Programming

2  Problem Definition  Project Purpose – Building Obfuscator  Obfuscation Quality  Obfuscation Using Opaque Predicates  Future Planning.

Automating the Build Process using ANT SE-2030 Dr. Mark L. Hornick 1.

Breaking Abstractions and Unstructuring Data Structures Christian Collberg Clark Thomborson Douglas Low “Mobile programs are distributed in forms that.

JAVA v.s. C++ Programming Language Comparison By LI LU SAMMY CHU By LI LU SAMMY CHU.

Krakatoa: Decompilation in Java “Does Bytecode Reveal Source?” Todd A. Proebsting Scott A. Watterson The University of Arizona Presented by Karl von Randow.

Abstraction Interpretation Abstract Interpretation is a general theory for approximating the semantics of dynamic systems (Cousot & Cousot 1977) Abstract.

Data Structures & AlgorithmsIT 0501 Algorithm Analysis I.

Self-Protecting Mobile Agents Lee Badger Brian Matt Steven Kiernan Funded by both ITS and Active Networks Programs NAI Labs, Network Associates, Inc. 17.

KEVIN COOGAN, GEN LU, SAUMYA DEBRAY DEPARTMENT OF COMUPUTER SCIENCE UNIVERSITY OF ARIZONA 報告者：張逸文 Deobfuscation of Virtualization- Obfuscated Software.

BTEC Unit 06 – Lesson 08 Principals of Software Design Mr C Johnston ICT Teacher

DBPD: A Dynamic Birthmark-based Software Plagiarism Detection Tool

Lecture :2 1.  DEFENTION : Java is a programming language expressly designed for use in the distributed environment of the Internet. It was designed.

CS266 Software Reverse Engineering (SRE) Reversing and Patching Java Bytecode Teodoro (Ted) Cipresso,

EECS 354 Network Security Reverse Engineering. Introduction Preventing Reverse Engineering Reversing High Level Languages Reversing an ELF Executable.

Ioana Sora, Gabriel Glodean, Mihai Gligor Department of Computers Politehnica University of Timisoara Software Architecture Reconstruction: An Approach.

Applying White-Box Cryptography SoBeNet user group meeting October 8, 2004 Brecht Wyseur.

IT Essentials 1 Chapter 9 JEOPADY RouterModesWANEncapsulationWANServicesRouterBasicsRouterCommands RouterModesWANEncapsulationWANServicesRouterBasicsRouterCommands.

New Tools And Workshop Mod & For Loops. Modulo Calculates the remainder (remember long division?) % Examples: 7 % 3 10 % 2 2 % 3 evaluates to 1 evaluates.

RIVERSIDE RESEARCH INSTITUTE Deobfuscator: An Automated Approach to the Identification and Removal of Code Obfuscation Eric Laspe, Reverse Engineer Jason.

1 Java applications reverse engineering Antoni Bertel AUGUST 4, 2015.

Embedded Lab. Park Yeongseong.  Introduction  State of the art  Core values  Design  Experiment  Discussion  Conclusion  Q&A.

JAVA Programming “When you are willing to make sacrifices for a great cause, you will never be alone.” Instructor: รัฐภูมิ เถื่อนถนอม

Chapter 5: Software Re-Engineering Omar Meqdadi SE 3860 Lecture 5 Department of Computer Science and Software Engineering University of Wisconsin-Platteville.

Design and Implementation of a Rationale-Based Analysis Tool (RAT) Diploma thesis from Timo Wolf Design and Realization of a Tool for Linking Source Code.

LOGOPolyUnpack: Automating the Hidden-Code Extraction of Unpack-Executing Malware Royal, P.; Halpin, M.; Dagon, D.; Edmonds, R.; Wenke Lee; Computer Security.

A Generic Approach to Automatic Deobfuscation of Executable Code Paper by Babak Yadegari, Brian Johannesmeyer, Benjamin Whitely, Saumya Debray.

Tony Malatanos. Focal Points  What is reverse engineering?  Reasons Legit Malicious  Legality  Morality  Clean Room Design  Example: ReactOS.

Reverse Engineering. Overview Need for RE Recovery of lost information – providing proper system documentation Assisting with maintenance – identification.

Formal Refinement of Obfuscated Codes Hamidreza Ebtehaj 1.

Reverse Engineering CS3300 Fall What is it? Extracting design information from existing software Two types: Source Code based (easier) or Binary.

Applying Software Obfuscation to Malicious Code Teigh Berg.

Lesson 1 1 LESSON 1 l Background information l Introduction to Java Introduction and a Taste of Java.

Code Obfuscation Tool for Software Protection. Outline  Why Code Obfuscation  Features of a code obfuscator Potency Resilience Cost  Classification.

Lecture1 Instructor: Amal Hussain ALshardy. Introduce students to the basics of writing software programs including variables, types, arrays, control.

Reverse Engineering Dept. of I&CT, MIT, Manipal. Aspects To Be Covered Introduction to reverse engineering. Comparison between reverse and forward engineering.

The process of establishing a connection between a client and a server is called as Client – Server communication.

 Group 6 Project Presentation. Application Overview  The idea of the Android application is to use the Gale–Shapley algorithm that will match Medical.

Reverse Engineering Contemporary Countermeasures By: Joshua Schwartz.

STATIC CODE ANALYSIS. OUTLINE  INTRODUCTION  BACKGROUND o REGULAR EXPRESSIONS o SYNTAX TREES o CONTROL FLOW GRAPHS  TOOLS AND THEIR WORKING  ERROR.

Swords and shields: A study of mobile game hacks and existing defences

Application of Obfuscation Techniques on Android Applications

Cash Me Presented By Group 8 Kartik Patel, Aaron Zhong, Wen-Kai Chen,

Small Engine Tool ID Part 1.

Un</br>able’s MySecretSecrets

TriggerScope Towards detecting logic bombs in android applications

Security by Obscurity: Code Obfuscation

Ethical Hacking.

Programming language translators

Presentation transcript:

Obfuscation techniques in Java Therese Berge Jonas Ringedal

Presentation Goal of the project Background Obfuscation techniques Tests Evaluation and results

Goal of the project Gain knowledge about different obfuscation techniques Find the best technique for us –Testing existing programs –Evaluating the techniques

Background Java increased the threat of reverse engineering –High-level bytecode –Platform independent Portable Anyone can have access to the bytecode Reverse engineering –Analyse system to create higher level representation –Recreate Java source code

Obfuscation techniques Layout Obfuscation Data Obfuscation Control Obfuscation Preventative Transformations

Layout Obfuscation Changing variables Removing comments Both methods: –Free of cost –One way functions

Data Obfuscation Encoding for(int i = 0; i < 100; i++ ){} f(i) = 2*i+5 for(int i = 5; i < 205; i =i+2){} Split array Change ordering –Variable declaration spread out

Hide information flow –Dead code –Parallelize Code Control Obfuscation

Preventative Transformations Crash deobfuscators –Use known weaknesses Stealth Hide obfuscation

Tests Obfuscator: JShrink Decompiler: JAD Test code: Password.java Test results JShrink JAD from.class JAD from obfuscated code

Evaluation and results Obfuscators major tools for protecting Java programs from reverse engineering Hard to find free programs Layout Obfuscation not enough Best: Combination of manually changed code, stealth and obfuscators. Goal achieved