Home

Awesome

Obfuscation Benchmarks

By Obfuscation Benchmarks we mean programs which can be obfuscated using different tools at: source code, intermediate representation and/or machine code level. The reason for obfuscating these programs can be (but is not limited) to compare the strength of different obfuscation transformations/implementations against both human-assisted and automated attacks. This repository contains the source code of C programs, which can be used as obfuscation benchmarks.

Description of Each Directory

Automated Docker Build

Based on Ubuntu 14.04, having the following software installed:

Root credentials

Running the container in Ubuntu

To run GUI apps from the container execute the following command:

XSOCK=/tmp/.X11-unix
XAUTH=/tmp/.docker.xauth
touch $XAUTH
xauth nlist $DISPLAY | sed -e 's/^..../ffff/' | xauth -f $XAUTH nmerge -
docker run -it --volume=$XSOCK:$XSOCK:rw \
               --volume=$XAUTH:$XAUTH:rw \
               --env="XAUTHORITY=${XAUTH}" \
               --env="DISPLAY" --user="klee" banescusebi/obfuscation-symex

If you also want to mount your current directoy to a directlory called test then replace the last command from above with:

docker run -it --volume=$XSOCK:$XSOCK:rw \
               --volume=$XAUTH:$XAUTH:rw \
               --env="XAUTHORITY=${XAUTH}" \
               --env="DISPLAY" --user="klee" \
               --mount type=bind,src="$(pwd)",dst=/home/klee/test \
               banescusebi/obfuscation-symex

Running the container in macOS X

This post helpful to follow in order to run GUI apps from the container on macOS X. For convenience we present the steps here:

brew install socat
socat TCP-LISTEN:6000,reuseaddr,fork UNIX-CLIENT:\"$DISPLAY\"

Install xQuartz either using the following commands or downloding the .dmg file from the website.

brew install xquartz

After installing xQuartz run the following command:

open -a XQuartz

In the preferences window of XQuartz, in the "Security" tab, check the "Allow connections from network clients" checkbox.

IP=$(ifconfig en0 | grep inet | awk '$1=="inet" {print $2}')
docker run -it -v /tmp/.X11-unix:/tmp/.X11-unix \
           -e DISPLAY=$IP:0 banescusebi/obfuscation-symex

References

  1. Banescu, S., Ochoa, M., & Pretschner, A. (2015, May). A framework for measuring software obfuscation resilience against automated attacks. In Proceedings of the 1st International Workshop on Software Protection.
  2. Banescu, S., Collberg, C., Ganesh, V., Newsham, Z., & Pretschner, A. (2016, December). Code obfuscation against symbolic execution attacks. In Proceedings of the 32nd Annual Conference on Computer Security Applications.
  3. Banescu, S., Collberg, C., & Pretschner, A. (2017, August). Predicting the Resilience of Obfuscated Code Against Symbolic Execution Attacks via Machine Learning. In Proceedings of the 26th USENIX Security Symposium.
  4. Banescu, S. E. (2017, August). Characterizing the Strength of Software Obfuscation Against Automated Attacks. Doctoral dissertation, Technische Universität München.