Alexander Gazet (Sogeti ESEC Research & Development)

Presentation Title Defeating Software Protection with Metasm
Presentation Abstract

Metasm, is a binary manipulation framework (disassembly, compilation, executable formats handling, etc.). currently supports x86 (32 and 64 bits) MIPS and PowerPC architectures.

One of its distinctive characteristic, is the encoding of instructions semantics. Based on this semantic encoding, the disassembler takes advantage of what we call a “backtracking” engine (symbolic emulation) that allows a very fine disassembly. Using the encoded semantics of instruction, we have been developing a generic approach on x86 code virtualization based protection. We also used some optimization techniques to defeat obfuscation, and compilation to defeat virtualization. Moreover, there is a very new feature of Metasm: a C decompiler. We have already started to port the optimization into the decompiler with good results.

Our talk will illustrate these different functionalities of Metasm, based on concrete results we have obtained against different state of the art software protections involving heavy obfuscation and code

About Alexander Gazet

Yoann and Alexandre are IT security research engineers at Sogeti ESEC R&D laboratory.
** Note: Presenting with Yoann Guillot (Sogeti ESEC Research & Development)