To counter man-at-the-end attacks such as reverse engineering and tampering, software is often protected with techniques that require support modules to be linked into the application. It is well known, however, that attackers can exploit the modular nature of applications and their protections to speed up the identification and comprehension process of the relevant code, the assets, and the applied protections. To counter that exploitation of modularity at different levels of granularity, the boundaries between the modules in the program need to be obfuscated. We propose to do so by combining three cross-boundary protection techniques that thwart the disassembly process and in particular the reconstruction of functions: code layout randomization, interprocedurally coupled opaque predicates, and code factoring with intraprocedural control flow idioms. By means of an experimental evaluation on realistic use cases and state-of-the-art tools, we demonstrate our technique’s potency and resilience to advanced attacks. All relevant code is publicly available online.

为了应对诸如逆向工程和篡改之类的终端攻击，通常使用需要将支持模块链接到应用程序中的技术来保护软件。但是，众所周知，攻击者可以利用应用程序及其保护的模块化性质，来加快相关代码，资产和应用保护的识别和理解过程。为了应对不同粒度级别对模块化的利用，需要混淆程序中模块之间的边界。我们建议通过结合三种跨界保护技术来做到这一点，这些技术可以阻止反汇编过程，尤其是对功能的重构：代码布局随机化，过程间耦合的不透明谓词，以及带有过程内控制流习惯用法的代码分解。通过对实际用例和最新工具的实验评估，我们证明了我们的技术对高级攻击的潜能和弹性。所有相关代码均可在线公开获得。