{"id":10677,"date":"2022-07-08T02:30:01","date_gmt":"2022-07-08T02:30:01","guid":{"rendered":"https:\/\/conference.hitb.org\/hitbincyber2024\/?post_type=session&#038;p=10677"},"modified":"2022-09-28T01:52:56","modified_gmt":"2022-09-28T01:52:56","slug":"commsec-lab-a-practical-approach-to-advanced-code-obfuscation-with-mba-expressions","status":"publish","type":"session","link":"https:\/\/conference.hitb.org\/hitbincyber2024\/session\/commsec-lab-a-practical-approach-to-advanced-code-obfuscation-with-mba-expressions\/","title":{"rendered":"COMMSEC LAB: A Practical Approach to Advanced Code Obfuscation with MBA Expressions"},"content":{"rendered":"<p><iframe title=\"#HITB2022SIN #LAB Advanced Code Obfuscation With MBA Expressions - Arnau G\u00e0mez Montolio\" width=\"800\" height=\"450\" src=\"https:\/\/www.youtube.com\/embed\/5yDzbFz2yWo?feature=oembed\" frameborder=\"0\" allow=\"accelerometer; autoplay; clipboard-write; encrypted-media; gyroscope; picture-in-picture\" allowfullscreen><\/iframe><\/p>\n<p style=\"text-align: justify;\">One of the foundational blocks of current state-of-the-art code obfuscation are Mixed Boolean-Arithmetic (MBA) expressions: those combining both integer arithmetic and bitwise operators. Such expressions can be leveraged to arbitrarily increase the data-flow complexity of targeted code by iteratively applying rewrite rules and function identities which mess the syntax while preserving its semantic behavior. They can also be leveraged to conceal sensitive data that must be accessible through the program in runtime: cryptographic keys, known constants for hashing algorithms, etc. The use of such expressions is motivated by the fact that combinations of operators from these different fields do not interact well together: we have no rules (distributivity, factorization\u2026) or general theory to deal with this mixing of operators.<\/p>\n<p style=\"text-align: justify;\">Through the course of this 2 hour session, <strong>we will explore how to apply MBA transformations to build robust obfuscation primitives from a practical standpoint: ranging from opaque predicates to VM-handlers of a virtualization based obfuscation scheme.<\/strong><\/p>\n","protected":false},"template":"","class_list":["post-10677","session","type-session","status-publish","hentry"],"acf":[],"yoast_head":"<!-- This site is optimized with the Yoast SEO plugin v23.3 - https:\/\/yoast.com\/wordpress\/plugins\/seo\/ -->\n<title>COMMSEC LAB: A Practical Approach to Advanced Code Obfuscation with MBA Expressions - HITB (in)Cyber 2024 - Abu Dhabi<\/title>\n<meta name=\"robots\" content=\"index, follow, max-snippet:-1, max-image-preview:large, max-video-preview:-1\" \/>\n<link rel=\"canonical\" href=\"https:\/\/conference.hitb.org\/hitbincyber2024\/session\/commsec-lab-a-practical-approach-to-advanced-code-obfuscation-with-mba-expressions\/\" \/>\n<meta property=\"og:locale\" content=\"en_US\" \/>\n<meta property=\"og:type\" content=\"article\" \/>\n<meta property=\"og:title\" content=\"COMMSEC LAB: A Practical Approach to Advanced Code Obfuscation with MBA Expressions - HITB (in)Cyber 2024 - Abu Dhabi\" \/>\n<meta property=\"og:description\" content=\"One of the foundational blocks of current state-of-the-art code obfuscation are Mixed Boolean-Arithmetic (MBA) expressions: those combining both integer arithmetic and bitwise operators. Such expressions can be leveraged to arbitrarily increase the data-flow complexity of targeted code by iteratively applying rewrite rules and function identities which mess the syntax while preserving its semantic behavior. They [&hellip;]\" \/>\n<meta property=\"og:url\" content=\"https:\/\/conference.hitb.org\/hitbincyber2024\/session\/commsec-lab-a-practical-approach-to-advanced-code-obfuscation-with-mba-expressions\/\" \/>\n<meta property=\"og:site_name\" content=\"HITB (in)Cyber 2024 - Abu Dhabi\" \/>\n<meta property=\"article:modified_time\" content=\"2022-09-28T01:52:56+00:00\" \/>\n<meta name=\"twitter:card\" content=\"summary_large_image\" \/>\n<meta name=\"twitter:label1\" content=\"Est. reading time\" \/>\n\t<meta name=\"twitter:data1\" content=\"1 minute\" \/>\n<script type=\"application\/ld+json\" class=\"yoast-schema-graph\">{\"@context\":\"https:\/\/schema.org\",\"@graph\":[{\"@type\":\"WebPage\",\"@id\":\"https:\/\/conference.hitb.org\/hitbincyber2024\/session\/commsec-lab-a-practical-approach-to-advanced-code-obfuscation-with-mba-expressions\/\",\"url\":\"https:\/\/conference.hitb.org\/hitbincyber2024\/session\/commsec-lab-a-practical-approach-to-advanced-code-obfuscation-with-mba-expressions\/\",\"name\":\"COMMSEC LAB: A Practical Approach to Advanced Code Obfuscation with MBA Expressions - HITB (in)Cyber 2024 - Abu Dhabi\",\"isPartOf\":{\"@id\":\"https:\/\/conference.hitb.org\/hitbincyber2024\/#website\"},\"datePublished\":\"2022-07-08T02:30:01+00:00\",\"dateModified\":\"2022-09-28T01:52:56+00:00\",\"breadcrumb\":{\"@id\":\"https:\/\/conference.hitb.org\/hitbincyber2024\/session\/commsec-lab-a-practical-approach-to-advanced-code-obfuscation-with-mba-expressions\/#breadcrumb\"},\"inLanguage\":\"en-US\",\"potentialAction\":[{\"@type\":\"ReadAction\",\"target\":[\"https:\/\/conference.hitb.org\/hitbincyber2024\/session\/commsec-lab-a-practical-approach-to-advanced-code-obfuscation-with-mba-expressions\/\"]}]},{\"@type\":\"BreadcrumbList\",\"@id\":\"https:\/\/conference.hitb.org\/hitbincyber2024\/session\/commsec-lab-a-practical-approach-to-advanced-code-obfuscation-with-mba-expressions\/#breadcrumb\",\"itemListElement\":[{\"@type\":\"ListItem\",\"position\":1,\"name\":\"Home\",\"item\":\"https:\/\/conference.hitb.org\/hitbincyber2024\/\"},{\"@type\":\"ListItem\",\"position\":2,\"name\":\"Session\",\"item\":\"https:\/\/conference.hitb.org\/hitbincyber2024\/session\/\"},{\"@type\":\"ListItem\",\"position\":3,\"name\":\"COMMSEC LAB: A Practical Approach to Advanced Code Obfuscation with MBA Expressions\"}]},{\"@type\":\"WebSite\",\"@id\":\"https:\/\/conference.hitb.org\/hitbincyber2024\/#website\",\"url\":\"https:\/\/conference.hitb.org\/hitbincyber2024\/\",\"name\":\"HITB (in)Cyber 2024 - Abu Dhabi\",\"description\":\"May 14 - 16, Etihad Arena \",\"potentialAction\":[{\"@type\":\"SearchAction\",\"target\":{\"@type\":\"EntryPoint\",\"urlTemplate\":\"https:\/\/conference.hitb.org\/hitbincyber2024\/?s={search_term_string}\"},\"query-input\":\"required name=search_term_string\"}],\"inLanguage\":\"en-US\"}]}<\/script>\n<!-- \/ Yoast SEO plugin. -->","yoast_head_json":{"title":"COMMSEC LAB: A Practical Approach to Advanced Code Obfuscation with MBA Expressions - HITB (in)Cyber 2024 - Abu Dhabi","robots":{"index":"index","follow":"follow","max-snippet":"max-snippet:-1","max-image-preview":"max-image-preview:large","max-video-preview":"max-video-preview:-1"},"canonical":"https:\/\/conference.hitb.org\/hitbincyber2024\/session\/commsec-lab-a-practical-approach-to-advanced-code-obfuscation-with-mba-expressions\/","og_locale":"en_US","og_type":"article","og_title":"COMMSEC LAB: A Practical Approach to Advanced Code Obfuscation with MBA Expressions - HITB (in)Cyber 2024 - Abu Dhabi","og_description":"One of the foundational blocks of current state-of-the-art code obfuscation are Mixed Boolean-Arithmetic (MBA) expressions: those combining both integer arithmetic and bitwise operators. Such expressions can be leveraged to arbitrarily increase the data-flow complexity of targeted code by iteratively applying rewrite rules and function identities which mess the syntax while preserving its semantic behavior. They [&hellip;]","og_url":"https:\/\/conference.hitb.org\/hitbincyber2024\/session\/commsec-lab-a-practical-approach-to-advanced-code-obfuscation-with-mba-expressions\/","og_site_name":"HITB (in)Cyber 2024 - Abu Dhabi","article_modified_time":"2022-09-28T01:52:56+00:00","twitter_card":"summary_large_image","twitter_misc":{"Est. reading time":"1 minute"},"schema":{"@context":"https:\/\/schema.org","@graph":[{"@type":"WebPage","@id":"https:\/\/conference.hitb.org\/hitbincyber2024\/session\/commsec-lab-a-practical-approach-to-advanced-code-obfuscation-with-mba-expressions\/","url":"https:\/\/conference.hitb.org\/hitbincyber2024\/session\/commsec-lab-a-practical-approach-to-advanced-code-obfuscation-with-mba-expressions\/","name":"COMMSEC LAB: A Practical Approach to Advanced Code Obfuscation with MBA Expressions - HITB (in)Cyber 2024 - Abu Dhabi","isPartOf":{"@id":"https:\/\/conference.hitb.org\/hitbincyber2024\/#website"},"datePublished":"2022-07-08T02:30:01+00:00","dateModified":"2022-09-28T01:52:56+00:00","breadcrumb":{"@id":"https:\/\/conference.hitb.org\/hitbincyber2024\/session\/commsec-lab-a-practical-approach-to-advanced-code-obfuscation-with-mba-expressions\/#breadcrumb"},"inLanguage":"en-US","potentialAction":[{"@type":"ReadAction","target":["https:\/\/conference.hitb.org\/hitbincyber2024\/session\/commsec-lab-a-practical-approach-to-advanced-code-obfuscation-with-mba-expressions\/"]}]},{"@type":"BreadcrumbList","@id":"https:\/\/conference.hitb.org\/hitbincyber2024\/session\/commsec-lab-a-practical-approach-to-advanced-code-obfuscation-with-mba-expressions\/#breadcrumb","itemListElement":[{"@type":"ListItem","position":1,"name":"Home","item":"https:\/\/conference.hitb.org\/hitbincyber2024\/"},{"@type":"ListItem","position":2,"name":"Session","item":"https:\/\/conference.hitb.org\/hitbincyber2024\/session\/"},{"@type":"ListItem","position":3,"name":"COMMSEC LAB: A Practical Approach to Advanced Code Obfuscation with MBA Expressions"}]},{"@type":"WebSite","@id":"https:\/\/conference.hitb.org\/hitbincyber2024\/#website","url":"https:\/\/conference.hitb.org\/hitbincyber2024\/","name":"HITB (in)Cyber 2024 - Abu Dhabi","description":"May 14 - 16, Etihad Arena ","potentialAction":[{"@type":"SearchAction","target":{"@type":"EntryPoint","urlTemplate":"https:\/\/conference.hitb.org\/hitbincyber2024\/?s={search_term_string}"},"query-input":"required name=search_term_string"}],"inLanguage":"en-US"}]}},"_links":{"self":[{"href":"https:\/\/conference.hitb.org\/hitbincyber2024\/wp-json\/wp\/v2\/session\/10677"}],"collection":[{"href":"https:\/\/conference.hitb.org\/hitbincyber2024\/wp-json\/wp\/v2\/session"}],"about":[{"href":"https:\/\/conference.hitb.org\/hitbincyber2024\/wp-json\/wp\/v2\/types\/session"}],"version-history":[{"count":1,"href":"https:\/\/conference.hitb.org\/hitbincyber2024\/wp-json\/wp\/v2\/session\/10677\/revisions"}],"predecessor-version":[{"id":10734,"href":"https:\/\/conference.hitb.org\/hitbincyber2024\/wp-json\/wp\/v2\/session\/10677\/revisions\/10734"}],"wp:attachment":[{"href":"https:\/\/conference.hitb.org\/hitbincyber2024\/wp-json\/wp\/v2\/media?parent=10677"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}