ringzerø

Abstract

In an increasingly interconnected digital world, the need for robust software protection mechanisms is paramount. Advanced Software Protection - Attacks and Defense is a comprehensive 4-day course that delves into the intricate realm of software security. Designed to empower students with advanced knowledge and techniques, this course offers a holistic approach to safeguarding software assets.

Over four intensive days, attendees will embark on a journey through the software protection landscape. Beginning with a deep dive into obfuscation, cryptography, and analysis fundamentals, participants will then explore advanced topics such as Mixed Boolean-Arithmetic (MBA), virtualization-based protection, and the synergy between cryptography and obfuscation. The course also covers the intriguing world of white-box cryptography and emerging trends in software security.

Led by an expert instructor, this course caters to a diverse audience of professionals, including developers and security engineers responsible for safeguarding valuable software assets, red team members seeking to enhance their implant-building and protection skills, reverse engineers faced with the formidable challenge of analyzing heavily protected targets, and enthusiastic security researchers eager to expand their horizons in this intellectually stimulating field. Regardless of your background or goals, this course equips you with the tools and knowledge necessary to defend against evolving threats and secure software components, preserving commercial value and intellectual property. Join us for a transformative learning experience and contribute to advancing software security in a dynamic digital landscape.

Key Learning Objectives

• Develop the skills needed to protect software components and preserve commercial value and intellectual property.
• Understand the fundamentals of software protection, including obfuscation, cryptography, and analysis techniques.
• Explore advanced obfuscation methods, including Mixed Boolean-Arithmetic (MBA) and virtualization-based protection.
• Strengthen cryptographic implementations through obfuscation and delve into white-box cryptography design, development, and attacks.
• Enhance capabilities for reverse engineering highly protected targets and bypassing detection engines.
• Equip professionals to safeguard software assets effectively, from developers to security researchers.

Intended Audience

• Developers and security engineers that need to protect sensitive software components against abuse to preserve commercial value and intellectual property.
• Red team members who want to build, protect, and diversify their implants to bypass detection engines and thwart defense analysis efforts.
• Reverse engineers dealing with highly protected (obfuscated) targets in malware analysis or application security assessments.
• Enthusiastic security researchers that enjoy an intellectually stimulating challenge, exploring a vast field beyond their comfort zone.

Detailed Agenda

Module 1

Introduction, context, and motivation

• Software protection landscape
• Secure design and architecture

Obfuscation 101

• Code obfuscation and code deobfuscation
• Data flow based obfuscation
• Control flow based obfuscation

Cryptography 101

• Cryptography and cryptanalysis
• Myths and realities of practical cryptography

Analysis 101

• SMT-based analysis
• Symbolic execution
• Program synthesis

Module 2

Math refresher

• Matrices and vectors
• Polynomials
• Linearity
• Invertible mappings

Mixed Boolean-Arithmetic (MBA)

• Introduction and motivation
• Polynomial MBA expressions
• Linear MBA expressions

Obfuscation with MBA

• Rewriting rules
• Insertion of identities
• Opaque constants

Module 3

Virtualization (VM) based software protection

• Anatomy of an in-process VM
• Implementation specifics
• Hardening techniques

Analysis of virtualization obfuscators

• Identifying the VM bytecode and architecture
• Recovering handler semantics
• Reconstructing control flow
• Automation

Module 4

Hardening cryptography with obfuscation

• Mixing operators in obfuscation vs. cryptography
• Conceal recognizable algorithms and computations
• Conceal known constants

White-box cryptography

• Introduction and motivation
• Design and development
• Analysis and attacks

Misc. and future

• Perfect vs. provably secure obfuscation
• Homomorphic encryption
• Post-quantum cryptography

Knowledge Prequisites

• Understanding of basic programming concepts
• Familiarity with x86/ARM assembly, C and Python
• Knowledge of reverse engineering fundamentals

Hardware Requirements

• A working computer capable of running virtual machines
• 40 GB free hard disk space

Software Requirements

• Virtualization software