Looking for breakthrough ideas for innovation challenges? Try Patsnap Eureka!

Anti-confusion method, system and application

A decompilation and real technology, applied in the field of anti-obfuscation, can solve problems such as omission, poor anti-obfuscation effect, inability to effectively detect and kill malicious scripts, and achieve the effect of eliminating omissions

Pending Publication Date: 2022-07-29
厦门蝉羽网络科技有限公司
View PDF0 Cites 0 Cited by
  • Summary
  • Abstract
  • Description
  • Claims
  • Application Information

AI Technical Summary

Problems solved by technology

De-obfuscation is a process that is reciprocal to obfuscation. It is a process of converting codes that are difficult to read and understand into simple, understandable, and intuitive codes. De-obfuscation can prevent anti-virus software from being unable to recognize some malicious scripts due to code obfuscation. , making it impossible to effectively detect and kill malicious scripts
[0003] At present, there are some code de-obfuscation techniques, but these de-obfuscation methods all have omissions and poor de-obfuscation effects

Method used

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
View more

Image

Smart Image Click on the blue labels to locate them in the text.
Viewing Examples
Smart Image
  • Anti-confusion method, system and application

Examples

Experimental program
Comparison scheme
Effect test

Embodiment 1

[0054] An anti-obfuscation method such as figure 1 ,include:

[0055] S10: Obtain the binary file information of the target program and convert it into an IR intermediate code to distinguish code blocks.

[0056] In one embodiment, Hopper, 010Editor, IDA or Ghidra decompilation tool is used for decompilation, and the binary file is divided into code blocks.

[0057] S20: Analyze all code blocks based on the IR intermediate code, and identify the code blocks as real blocks or obfuscated blocks by analyzing the structure through IR.

[0058] In one embodiment, block classification is performed using block instruction features:

[0059] If both goto and jcndv exist in the block, it is judged as an obfuscated block, and the obfuscated block is marked and the precursor of the obfuscated block is executed. If the obfuscated block has only one predecessor, the precursor block is also marked as an obfuscated block.

[0060] Both goto and jcndb exist in the block, and it is judged a...

Embodiment 2

[0085] A deobfuscation system including:

[0086] Data acquisition module to obtain the binary file information of the target program

[0087] The data processing module converts the target program into an IR intermediate code and distinguishes the code blocks; analyzes all the code blocks based on the IR intermediate code, and identifies the code blocks as real blocks or obfuscated blocks through the IR analysis structure; the simulation execution traverses all the code blocks Code block, obtain the connection path of the real block, and obtain the association between the real blocks after execution; modify the connection code between the real blocks to eliminate the obfuscated block; decompile the modified binary to obtain the decompiled pseudocode of the target program .

Embodiment 3

[0089] An anti-obfuscation device includes: a memory and a processor. Executable code is stored in the memory, and when the executable code is executed by the processor, the processor is caused to execute the deobfuscation method according to the first embodiment.

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to View More

PUM

No PUM Login to View More

Abstract

The invention provides an anti-obfuscation method, system and application, and the method comprises the steps: converting a target program, distinguishing a real block from an obfuscation block, traversing all code blocks to obtain the connection paths of the real block and the correlation between the connection paths, and modifying the time connection codes of the real block to completely reject the obfuscation block. The problem of poor anti-confusion effect caused by omission during traversal of the existing anti-confusion scheme is solved.

Description

technical field [0001] The invention relates to the technical field of binary security, in particular to an anti-obfuscation method. Background technique [0002] Obfuscation refers to the transformation of the code, and the function after transformation remains unchanged, but it is difficult to read and understand, which can prevent source code leakage. Anti-obfuscation is a process of reciprocal and obfuscation. It is a process of transforming code that is difficult to read and understand into simple, understandable, and intuitive code. Anti-obfuscation can prevent anti-virus software from being unable to identify some malicious scripts due to code obfuscation. , resulting in the inability to effectively detect and kill malicious scripts. [0003] At present, there are some code deobfuscation technologies, but these deobfuscation methods all have the problem of omission and poor deobfuscation effect. SUMMARY OF THE INVENTION [0004] Embodiments of the present inventio...

Claims

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to View More

Application Information

Patent Timeline
no application Login to View More
IPC IPC(8): G06F21/56G06F8/53
CPCG06F21/56G06F8/53
Inventor 刘坤增邢东进杨洪进刘西
Owner 厦门蝉羽网络科技有限公司
Who we serve
  • R&D Engineer
  • R&D Manager
  • IP Professional
Why Patsnap Eureka
  • Industry Leading Data Capabilities
  • Powerful AI technology
  • Patent DNA Extraction
Social media
Patsnap Eureka Blog
Learn More
PatSnap group products

Browse by: Latest US Patents, China's latest patents, Technical Efficacy Thesaurus, Application Domain, Technology Topic, Popular Technical Reports.

© 2024 PatSnap. All rights reserved.Legal|Privacy policy|Modern Slavery Act Transparency Statement|Sitemap|About US| Contact US: help@patsnap.com