HITB-Invoice-Logo

thank you for joining us!

COMMSEC LAB: A Practical Approach to Advanced Code Obfuscation with MBA Expressions

Date

August 26, 2022

Time

14:00

Track

CommSec Track

One of the foundational blocks of current state-of-the-art code obfuscation are Mixed Boolean-Arithmetic (MBA) expressions: those combining both integer arithmetic and bitwise operators. Such expressions can be leveraged to arbitrarily increase the data-flow complexity of targeted code by iteratively applying rewrite rules and function identities which mess the syntax while preserving its semantic behavior. They can also be leveraged to conceal sensitive data that must be accessible through the program in runtime: cryptographic keys, known constants for hashing algorithms, etc. The use of such expressions is motivated by the fact that combinations of operators from these different fields do not interact well together: we have no rules (distributivity, factorization…) or general theory to deal with this mixing of operators.

Through the course of this 2 hour session, we will explore how to apply MBA transformations to build robust obfuscation primitives from a practical standpoint: ranging from opaque predicates to VM-handlers of a virtualization based obfuscation scheme.

Speakers

Founder

Fura Labs

Catalan hacker, reverse engineer and mathematician, with an extensive background in code (de)obfuscation research and Mixed Boolean-Arithmetic expressions, as well as industry experience as a senior malware reverse engineer. Founder of Fura Labs, a research and education firm on software security and reverse engineering. Co-founder and president of Hacking Lliure, a non-profit association and hacking community. Speaker and trainer at several international security conferences.

What students say about his training:

Duncan Ogilvie, author of x64dbg (@mrexodia)
“The lectures by Arnau on Mixed Boolean-Arithmetic obfuscation and deobfuscation techniques went very deep, while staying accessible for people without a formal math background. The exercise materials and projects were engaging and a natural practical extension of the theory discussed during the lectures. Arnau was also very responsive and happy to discuss ideas in the Discord channel. Overall a superb experience and I highly recommend you attend one of his trainings!”

Other Talks in This Track

LOCATION

CommSec Track

DATE

August 26

TIME

10:30

LOCATION

CommSec Track

DATE

August 26

TIME

11:30

LOCATION

CommSec Track

DATE

August 26

TIME

12:00

LOCATION

CommSec Track

DATE

August 26

TIME

16:30