Code Obfuscation Using Pseudo-random Number Generators

Abstract: We describe a novel method for malicious code obfuscation that uses code already present in systems: a pseudo-random number generator. This can also be seen as an antidisassembly and anti-debugging technique, depending on deploy-ment, because the actual code does not exist until run -it is generated dynamically by the pseudo-random number generator. A year's worth of experiments are used to demonstrate that this technique is a viable code obfuscation option for a malicious adversary with access to large amount… Show more

“…The type of image that we used is a 24 bit true-color image; in this format each channel: red, green, or blue has a range of values from 0 to 255. For our proof of concept we hid first a message encoded in hexadecimal ( Figure 2b); as a second example we hid the obfuscated bytecode of a simple "hello world" Python program (Figure 2c) as defined in Aycock et al [8]. In our proposed schema the cover picture ( Figure 2a) is left unaltered, and since we are implementing a steganography keybased schema, the sender will transmit the cover picture and the stego-key to the receiver.…”

“…Each one of these seeds was used to generate a subset of the message that we want to reconstruct later; recall that for this example the message was a set of hexadecimal numbers as in Figure 2 where the matching values compared to the original message in hexadecimal code (Figure 2 As with the earlier obfuscation method proposed by Aycock et al [8], it is possible to generate a message using PRNGs. This sequence of values is used later to obtaining the key we will transmit in our steganography procedure.…”

“…al. [8] made other suggestions for seed generation, but for the sake of simplicity we have used the simplest algorithm. In any case the ordering of the seeds for both cases is the following: message=s 2 ,s 1 ,s 3 ,s 1 ,s 2 ,s 3 ,s 1 ,s 3 ,s 1 ,s 2 ,s 2 ,s 1 bytecode= s 1 ,s 2 ,s 2 ,s 3 ,s 1 ,s 1 ,s 2 ,s 1 ,s 2 Now, we need to separate these seeds into sections so they are within the limits of the RGB channels.…”

“…The generated seeds were obtained by implementing a code in Java, which makes use of the Random library and one of the methods described in [8]. In summary the obfuscation method uses a search loop for random seeds; each seed and its generated values are compared with the numbers of our hexadecimal code; if there is a match with at least one hexadecimal value the seed is accepted.…”

“…As long as a source code is a set of strings, or characters in atomic form, we would argue that these techniques used for code obfuscation are feasible also for message obfuscation. Aycock et al [8] proposed a technique for obfuscation, or code hiding, using Pseudo-random Number Generators (PRNGs). According to this schema, a set of particular obtained seeds will generate a group of random numbers, which could be used to match the bytecode of any source code.…”

Secret Key Steganography with Message Obfuscation by Pseudo-random Number Generators

“…The type of image that we used is a 24 bit true-color image; in this format each channel: red, green, or blue has a range of values from 0 to 255. For our proof of concept we hid first a message encoded in hexadecimal ( Figure 2b); as a second example we hid the obfuscated bytecode of a simple "hello world" Python program (Figure 2c) as defined in Aycock et al [8]. In our proposed schema the cover picture ( Figure 2a) is left unaltered, and since we are implementing a steganography keybased schema, the sender will transmit the cover picture and the stego-key to the receiver.…”

“…Each one of these seeds was used to generate a subset of the message that we want to reconstruct later; recall that for this example the message was a set of hexadecimal numbers as in Figure 2 where the matching values compared to the original message in hexadecimal code (Figure 2 As with the earlier obfuscation method proposed by Aycock et al [8], it is possible to generate a message using PRNGs. This sequence of values is used later to obtaining the key we will transmit in our steganography procedure.…”

“…al. [8] made other suggestions for seed generation, but for the sake of simplicity we have used the simplest algorithm. In any case the ordering of the seeds for both cases is the following: message=s 2 ,s 1 ,s 3 ,s 1 ,s 2 ,s 3 ,s 1 ,s 3 ,s 1 ,s 2 ,s 2 ,s 1 bytecode= s 1 ,s 2 ,s 2 ,s 3 ,s 1 ,s 1 ,s 2 ,s 1 ,s 2 Now, we need to separate these seeds into sections so they are within the limits of the RGB channels.…”

“…The generated seeds were obtained by implementing a code in Java, which makes use of the Random library and one of the methods described in [8]. In summary the obfuscation method uses a search loop for random seeds; each seed and its generated values are compared with the numbers of our hexadecimal code; if there is a match with at least one hexadecimal value the seed is accepted.…”

“…As long as a source code is a set of strings, or characters in atomic form, we would argue that these techniques used for code obfuscation are feasible also for message obfuscation. Aycock et al [8] proposed a technique for obfuscation, or code hiding, using Pseudo-random Number Generators (PRNGs). According to this schema, a set of particular obtained seeds will generate a group of random numbers, which could be used to match the bytecode of any source code.…”

Secret Key Steganography with Message Obfuscation by Pseudo-random Number Generators

Ethical Proactive Threat Research

A comprehensive Software Copy Protection and Digital Rights Management platform