Skip to main content
SpringerLink
Log in

Semi-automatic binary protection tampering

  • Original Paper
  • Published:
Journal in Computer Virology Aims and scope Submit manuscript

Abstract

Both on malicious binaries and commercial software like video games, the complexity of software protections, which aim at slowing reverse-engineering, is constantly growing. Analyzing those protections and eventually circumventing them, require more and more elaborated tools. Through two examples, we illustrate some particularly interesting protection families and try to show their limits and how to remove them to recover a binary which is close to the original code. Each of our approaches is based on the use of the binary manipulation framework Metasm.

This is a preview of subscription content, log in via an institution to check access.

Access this article

Log in via an institution

Price excludes VAT (USA)
Tax calculation will be finalised during checkout.

Instant access to the full article PDF.

Institutional subscriptions

Similar content being viewed by others

References

  1. Allamigeon X., Hymans C.: Static analysis by abstract interpretation: application to the detection of heap overflows. J. Comput. Virol. 4(1), 5–24 (2007)

    Article  Google Scholar 

  2. Collberg, C., Thomborson, C., Low, D.: A taxonomy of obfuscating transformations, Technical Report 148, Department of Computer Science, University of Auckland, July 1997. http://www.cs.auckland.ac.nz/~collberg/Research/Publications/CollbergThomborsonLow97a; http://citeseer.nj.nec.com/collberg97taxonomy.html (1997)

  3. Collberg, C., Thomborson, C., Low, D.: Manufacturing cheap, resilient, and stealthy opaque constructs. In: Principles of Programming Languages 1998, POPL’98, pp. 184–196. http://citeseer.ist.psu.edu/collberg98manufacturing.html (1998)

  4. Guillot, Y.: Metasm. In: Proceedings of the 5ème Symposium sur la Sécurité Technologies de l’Information et des Communicatins (SSTIC’07). http://actes.sstic.org (2007)

  5. Guillot, Y.: Metasm, a ruby (dis)assembler. In: Proceedins of the Hack.Lu 2007 Conference. http://www.hack.lu/archive/2007 (2007)

  6. Metasm Website. http://metasm.cr0.org/

  7. Ruby Programming Language Website. http://ruby-lang.org/

  8. yEd Graph Editor Homepage. http://www.yworks.com/en/products_yed_about.html

Download references

Author information

Authors and Affiliations

  1. Sogeti, ESEC, Paris, France

    Yoann Guillot & Alexandre Gazet

Authors
  1. Yoann Guillot
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. Alexandre Gazet
    View author publications

    You can also search for this author in PubMed Google Scholar

Rights and permissions

Reprints and permissions

About this article

Cite this article

Guillot, Y., Gazet, A. Semi-automatic binary protection tampering. J Comput Virol 5, 119–149 (2009). https://doi.org/10.1007/s11416-009-0118-4

Download citation

  • Received:

  • Accepted:

  • Published:

  • Issue Date:

  • DOI: https://doi.org/10.1007/s11416-009-0118-4

Keywords

Search

Navigation