Yoann Guillot scite author profile

Yoann Guillot

2Publications

18Citation Statements Received

11Citation Statements Given

How they've been cited

How they cite others

Affiliations

Publications

Order By: Most citations

Automatic binary deobfuscation

Guillot¹,

Gazet²

2009

J Comput Virol

View full text Add to dashboard Cite

This paper gives an overview of our research in the automation of the process of software protection analysis. We will focus more particularly on the problem of obfuscation. Our current approach is based on a local semantic analysis, which aims to rewrite the binary code in a simpler (easier to understand) way. This approach has the advantage of not relying on a manual search for "patterns" of obfuscation. This way of manipulating the code is, at the end, quite similar to the optimising stage of most of compilers. We will exhibit concrete results based on the development of a prototype and its application to a test target. Current limitations and future prospects will be discussed in as well.As a continuation of our work from last year [1], we focus on the automation of the software protection analysis process. We will focus more particularly on the problem of obfuscation.This problem is crucial as most malicious binaries (like viruses or trojans) use this kind of protection to slow down their analysis and to make their detection harder. Automation is a key step in order to face the constant growth of the amount of malware, year after year.Our previous paper was mainly focused on the attack and suppression of protection mechanisms using the Metasm framework. It provides many useful primitives to deal with protected code: control flow graph manipulation, recompilation, filtering processor,… Nevertheless most of these approaches rely on a tedious work of manual identification of the "patterns" used by the protection.Y. Guillot · A. Gazet (B) We will now present the development of our new methods, relying on a semantic analysis of the binary code to extract a simpler representation. The objective is no longer to seek and destroy known patterns, but to proceed to a complete, on-the-fly, optimised code rewriting.We will exhibit concrete results obtained by applying these methods to a test target. Then, current limitations and future prospects will be discussed.

show abstract

Semi-automatic binary protection tampering

Guillot¹,

Gazet²

2009

J Comput Virol

View full text Add to dashboard Cite

Both on malicious binaries and commercial software like video games, the complexity of software protections, which aim at slowing reverse-engineering, is constantly growing. Analyzing those protections and eventually circumventing them, require more and more elaborated tools.Through two examples, we illustrate some particularly interesting protection families and try to show their limits and how to remove them to recover a binary which is close to the original code. Each of our approaches is based on the use of the binary manipulation framework Metasm.

show abstract

scite is a Brooklyn-based organization that helps researchers better discover and understand research articles through Smart Citations–citations that display the context of the citation and describe whether the article provides supporting or contrasting evidence. scite is used by students and researchers from around the world and is funded in part by the National Science Foundation and the National Institute on Drug Abuse of the National Institutes of Health.

Contact Info

customersupport@researchsolutions.com

10624 S. Eastern Ave., Ste. A-614

Henderson, NV 89052, USA

This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.

Blog Terms and Conditions API Terms Privacy Policy Contact Cookie Preferences Do Not Sell or Share My Personal Information

Made with 💙 for researchers

Part of the Research Solutions Family.

Yoann Guillot

Automatic binary deobfuscation

Semi-automatic binary protection tampering

Contact Info

Product

Resources

About