#prog #abnormalprogramming (#evenmoreabnormalprogramming?)
Вероятно, многие мои читатели уже знают про movfuscator:
The M/o/Vfuscator (short 'o', sounds like "mobfuscator") compiles programs into "mov" instructions, and only "mov" instructions. Arithmetic, comparisons, jumps, function calls, and everything else a program needs are all performed through mov operations; there is no self-modifying code, no transport-triggered calculation, and no other form of non-mov cheating.
Так вот, оказывается, как средство обфускации этот проект не так уж и надёжен: есть Demovfuscator
This tool constitutes a generic way of recovering the control flow of the original program from movfuscated binaries. As our approach makes zero assumptions about register allocations or a particular instruction order, but rather adheres to the high-level invariants that each movfuscated binary needs to conform to, our demovfuscator is also not affected by the proposed hardening techniques such as register renaming and instruction reordering. To achieve this, we use a combination of static taint analysis on the movfuscated code and a satisfiable modulo theory (SMT) solver. We successfully used our demovfuscator against several movfuscated binaries that emerged during several CTFs during the last months (Hackover CTF and 0CTF) proving that it already can handle real-world binaries that were not created by us.
(thanks @vitvakatu)
Вероятно, многие мои читатели уже знают про movfuscator:
The M/o/Vfuscator (short 'o', sounds like "mobfuscator") compiles programs into "mov" instructions, and only "mov" instructions. Arithmetic, comparisons, jumps, function calls, and everything else a program needs are all performed through mov operations; there is no self-modifying code, no transport-triggered calculation, and no other form of non-mov cheating.
Так вот, оказывается, как средство обфускации этот проект не так уж и надёжен: есть Demovfuscator
This tool constitutes a generic way of recovering the control flow of the original program from movfuscated binaries. As our approach makes zero assumptions about register allocations or a particular instruction order, but rather adheres to the high-level invariants that each movfuscated binary needs to conform to, our demovfuscator is also not affected by the proposed hardening techniques such as register renaming and instruction reordering. To achieve this, we use a combination of static taint analysis on the movfuscated code and a satisfiable modulo theory (SMT) solver. We successfully used our demovfuscator against several movfuscated binaries that emerged during several CTFs during the last months (Hackover CTF and 0CTF) proving that it already can handle real-world binaries that were not created by us.
(thanks @vitvakatu)
GitHub
GitHub - xoreaxeaxeax/movfuscator: The single instruction C compiler
The single instruction C compiler. Contribute to xoreaxeaxeax/movfuscator development by creating an account on GitHub.
🔥7🤯3😁1