Awesome
Obfuscation Benchmarks
By Obfuscation Benchmarks we mean programs which can be obfuscated using different tools at: source code, intermediate representation and/or machine code level. The reason for obfuscating these programs can be (but is not limited) to compare the strength of different obfuscation transformations/implementations against both human-assisted and automated attacks. This repository contains the source code of C programs, which can be used as obfuscation benchmarks.
Description of Each Directory
basic-algorithms
contains typical algorithms taught in Bachelor level computer science and programming courses, e.g. factorial, sorting algorithms, searching algorithms, greatest common divisor, least common multiple, etc.resources
contains archives of some of the tools we used for our experiments. We install these tools in an automated Docker build (instructions provided below), where one can play around with the tools and scripts provided in this repository, without the hassle of installing an configurating everything from scratch.simple-hash-functions
contains non-cryptographic hash functionssmall-programs
contains a set of 48 programs with few lines of code constructed by varying the following code characteristics:- Range of symbolic inputs
- Number of symbolic inputs
- Depth of nested control flow
- Number of IF-statements
- Number of input dependent IF-statements
- Type of IF-condition
- Number of loops
- Number of input length dependent loops (e.g. if the input is 10 characters long, then the loop has 10 iterations)
- Number of input value dependent loops (e.g. if the input is an integer equal to 100, then the loop has 100 iterations)
tigress-generated-programs
contains a large set of programs automatically generated by theRandomFuns
transformation of the Tigress C Diversifier/Obfuscator by varying the following command line options:Seed
randomization seedRandomFunsTypes
data type of variablesRandomFuns Operators
types of operators (e.g. arithmetic, logic)RandomFunsControlStructures
control structure of the programRandomFunsBasicBlockSize
the number of statements in each basic blockRandomFunsForBound
the type of bound in loop conditions (e.g. constant, input dependent)
scrips
contains bash, Python and R scripts to obfuscate C programs using the Tigress and ollvm obfuscation tools and to perform a symbolic execution attack described a series of papers by Banescu et al. [1], [2] and [3]. For more details about how to use these scripts see README inside folder.
Automated Docker Build
Based on Ubuntu 14.04, having the following software installed:
- KLEE symbolic execution engine (latest Docker)
- Tigress C Obfuscator (version 2.2)
- SATGraf (version 0.2)
- Z3 SMT Solver (version 4.5.0)
Root credentials
- Username: klee
- Password: klee
Running the container in Ubuntu
To run GUI apps from the container execute the following command:
XSOCK=/tmp/.X11-unix
XAUTH=/tmp/.docker.xauth
touch $XAUTH
xauth nlist $DISPLAY | sed -e 's/^..../ffff/' | xauth -f $XAUTH nmerge -
docker run -it --volume=$XSOCK:$XSOCK:rw \
--volume=$XAUTH:$XAUTH:rw \
--env="XAUTHORITY=${XAUTH}" \
--env="DISPLAY" --user="klee" banescusebi/obfuscation-symex
If you also want to mount your current directoy to a directlory called
test
then replace the last command from above with:
docker run -it --volume=$XSOCK:$XSOCK:rw \
--volume=$XAUTH:$XAUTH:rw \
--env="XAUTHORITY=${XAUTH}" \
--env="DISPLAY" --user="klee" \
--mount type=bind,src="$(pwd)",dst=/home/klee/test \
banescusebi/obfuscation-symex
Running the container in macOS X
This post helpful to follow in order to run GUI apps from the container on macOS X. For convenience we present the steps here:
brew install socat
socat TCP-LISTEN:6000,reuseaddr,fork UNIX-CLIENT:\"$DISPLAY\"
Install xQuartz either using the following commands or downloding the .dmg file from the website.
brew install xquartz
After installing xQuartz run the following command:
open -a XQuartz
In the preferences window of XQuartz, in the "Security" tab, check the "Allow connections from network clients" checkbox.
IP=$(ifconfig en0 | grep inet | awk '$1=="inet" {print $2}')
docker run -it -v /tmp/.X11-unix:/tmp/.X11-unix \
-e DISPLAY=$IP:0 banescusebi/obfuscation-symex
References
- Banescu, S., Ochoa, M., & Pretschner, A. (2015, May). A framework for measuring software obfuscation resilience against automated attacks. In Proceedings of the 1st International Workshop on Software Protection.
- Banescu, S., Collberg, C., Ganesh, V., Newsham, Z., & Pretschner, A. (2016, December). Code obfuscation against symbolic execution attacks. In Proceedings of the 32nd Annual Conference on Computer Security Applications.
- Banescu, S., Collberg, C., & Pretschner, A. (2017, August). Predicting the Resilience of Obfuscated Code Against Symbolic Execution Attacks via Machine Learning. In Proceedings of the 26th USENIX Security Symposium.
- Banescu, S. E. (2017, August). Characterizing the Strength of Software Obfuscation Against Automated Attacks. Doctoral dissertation, Technische Universität München.