-
公开(公告)号:US20100058303A1
公开(公告)日:2010-03-04
申请号:US12202909
申请日:2008-09-02
IPC分类号: G06F9/44
CPC分类号: G06F21/14
摘要: Disclosed herein are systems, methods, and computer readable-media for obfuscating code through conditional expansion obfuscation. The method includes identifying a conditional expression in a computer program, identifying a sequence of conditional expressions that is semantically equivalent to the conditional expression, and replacing the conditional expression with the semantically equivalent sequence of conditional expressions. One option replaces each like conditional expression in the computer program with a diverse set of sequences of semantically equivalent conditional expressions. A second option rearranges computer instructions that are to be processed after the sequence of conditional expression is evaluated so that a portion of the instructions is performed before the entire sequence of conditional expressions is evaluated. A third option performs conditional expansion obfuscation of a conditional statement in combination with branch extraction obfuscation.
摘要翻译: 本文公开了用于通过条件扩展混淆来模糊代码的系统,方法和计算机可读介质。 该方法包括识别计算机程序中的条件表达式,识别在语义上等同于条件表达式的条件表达式的序列,以及用条件表达式的语义等价序列替换条件表达式。 一个选项用计算机程序中的条件表达式替换各种语义等价条件表达式的序列集合。 在评估条件表达式的序列之后,第二个选项重新排列要处理的计算机指令,使得在评估整个条件表达式序列之前执行指令的一部分。 第三个选项与条件语句结合使用分支提取混淆来执行条件扩展模糊处理。
-
12.发明授权System and method for obfuscation by common function and common function prototype 有权通用功能和通用功能原型混淆的系统和方法公开(公告)号:US08645930B2
公开(公告)日:2014-02-04
申请号:US12651953
申请日:2010-01-04
申请人: Christopher Arthur Lattner , Tanya Michelle Lattner , Julien Lerouge , Ginger M. Myles , Augustin J. Farrugia , Pierre Betouin
发明人: Christopher Arthur Lattner , Tanya Michelle Lattner , Julien Lerouge , Ginger M. Myles , Augustin J. Farrugia , Pierre Betouin
摘要: Disclosed herein are systems, methods, and computer-readable storage media for obfuscating by a common function. A system configured to practice the method identifies a set of functions in source code, generates a transformed set of functions by transforming each function of the set of functions to accept a uniform set of arguments and return a uniform type, and merges the transformed set of functions into a single recursive function. The single recursive function can allocate memory in the heap. The stack can contain a pointer to the allocated memory in the heap. The single recursive function can include instructions for creating and explicitly managing a virtual stack in the heap. The virtual stack can emulate what would happen to the real stack if one of the set of functions was called. The system can further compile the source code including the single recursive function.
摘要翻译: 本文公开了用于通过共同功能进行混淆的系统,方法和计算机可读存储介质。 被配置为实施该方法的系统识别源代码中的一组函数,通过将函数集合的每个函数变换为接受统一的参数集合并返回统一类型来生成变换的函数集合,并且将经变换的集合 函数转换为单个递归函数。 单个递归函数可以在堆中分配内存。 堆栈可以包含指向堆中分配的内存的指针。 单个递归函数可以包括用于创建和显式管理堆中的虚拟堆栈的说明。 如果调用了一组函数,虚拟堆栈可以模拟真实堆栈将会发生什么。 该系统可以进一步编译包含单个递归函数的源代码。
-
公开(公告)号:US20100058301A1
公开(公告)日:2010-03-04
申请号:US12198873
申请日:2008-08-26
IPC分类号: G06F9/45
CPC分类号: G06F8/41 , G06F8/447 , G06F9/44521 , G06F21/14
摘要: Disclosed herein are systems, methods, and computer readable-media for obfuscating code. The method includes extracting a conditional statement from a computer program, creating a function equivalent to the conditional statement, creating a pointer that points to the function, storing the pointer in an array of pointers, replacing the conditional statement with a call to the function using the pointer at an index in the array, and during runtime of the computer program, dynamically calculating the index corresponding to the pointer in the array. In one aspect, a subset of instructions is extracted from a path associated with the conditional statement and the subset of instructions is placed in the function to evaluate the conditional statement. In another aspect, the conditional statement is replaced with a call to a select function that (1) calculates the index into the array, (2) retrieves the function pointer from the array using the index, and (3) calls the function using the function pointer. Calls can be routed through a select function before the function pointer is used to call the function evaluating the conditional statement. Each step in the method can be applied to source code of the computer program, an intermediate representation of the computer program, and assembly code of the computer program.
摘要翻译: 这里公开了用于模糊代码的系统,方法和计算机可读介质。 该方法包括从计算机程序中提取条件语句,创建等价于条件语句的函数,创建指向函数的指针,将指针存储在指针数组中,使用对函数的调用替换条件语句 数组中的索引处的指针,以及在计算机程序的运行期间,动态地计算与数组中的指针相对应的索引。 在一个方面,从与条件语句相关联的路径中提取指令子集,并将指令子集置于函数中以评估条件语句。 在另一方面,条件语句被替换为select函数的调用,(1)计算数组中的索引,(2)使用索引从数组中检索函数指针,(3)使用 函数指针。 在使用函数指针调用评估条件语句的函数之前,可以通过select函数路由调用。 该方法中的每一步都可以应用于计算机程序的源代码,计算机程序的中间表示和计算机程序的汇编代码。
-
公开(公告)号:US20090307657A1
公开(公告)日:2009-12-10
申请号:US12135032
申请日:2008-06-06
申请人: Augustin J. Farrugia , Julien Lerouge , Tanya Michelle Lattner , Ginger M. Myles , Gianpaolo Fasoli
发明人: Augustin J. Farrugia , Julien Lerouge , Tanya Michelle Lattner , Ginger M. Myles , Gianpaolo Fasoli
IPC分类号: G06F9/44
CPC分类号: G06F21/6209 , G06F21/10 , G06F21/6218 , G06F2221/2107
摘要: Disclosed herein are systems, methods, and computer readable-media for obfuscating array contents in a first array, the method comprising dividing the first array into a plurality of secondary arrays having a combined total size equal to or greater than the first array, expanding each respective array in the plurality of the secondary arrays by a respective multiple M to generate a plurality of expanded arrays, and arranging data elements within each of the plurality of expanded arrays such that a data element located at an index I in a respective secondary array is located at an index I*M, wherein M is the respective multiple M in an associated expanded array, wherein data in the first array is obfuscated in the plurality of expanded arrays. One aspect further splits one or more of the secondary arrays by dividing individual data elements in a plurality of sub-arrays. The split sub-arrays may contain more data elements than the respective secondary array. The principles herein may be applied to single dimensional or multi-dimensional arrays. The obfuscated array contents may be accessed via an index to the first array which is translated to retrieve data elements stored in the plurality of expanded arrays.
摘要翻译: 本文公开了用于在第一阵列中模糊阵列内容的系统,方法和计算机可读介质,所述方法包括将第一阵列划分成具有等于或大于第一阵列的组合总大小的多个次阵列, 通过相应的多个M在多个次级阵列中的相应阵列以生成多个扩展阵列,并且在多个扩展阵列中的每一个内布置数据元素,使得位于相应次级阵列中的索引I处的数据元素是 位于索引I * M处,其中M是相关联的扩展阵列中的相应多个M,其中第一阵列中的数据在多个扩展阵列中被模糊化。 一个方面通过划分多个子阵列中的各个数据元素来进一步分割一个或多个次级阵列。 分割子阵列可能包含比相应的辅助阵列更多的数据元素。 这里的原理可以应用于单维或多维阵列。 混淆的阵列内容可以经由第一数组的索引访问,该索引被转换以检索存储在多个扩展阵列中的数据元素。
-
15.发明授权公开(公告)号:US08756434B2
公开(公告)日:2014-06-17
申请号:US13083497
申请日:2011-04-08
申请人: Ganna Zaks , Pierre Betouin , Augustin J. Farrugia , Julien Lerouge , Jon McLachlan , Gideon M. Myles , Cédric Tessier
发明人: Ganna Zaks , Pierre Betouin , Augustin J. Farrugia , Julien Lerouge , Jon McLachlan , Gideon M. Myles , Cédric Tessier
IPC分类号: G06F12/14
CPC分类号: G06F12/1408 , G06F21/51 , G06F21/602 , G06F21/71 , G06F21/72
摘要: Disclosed herein are systems, methods, and non-transitory computer-readable storage media for executing encrypted computer code. A system configured to practice the method receives a request to execute encrypted computer code. In response to the request, the system identifies a portion of the encrypted computer code for execution and decrypts the portion to yield decrypted computer code. Then the system stores the decrypted computer code in a pool of memory and executes the decrypted computer code from the pool of memory. The system can store the decrypted computer code in the pool of memory based on a randomization algorithm so that identical executions of the encrypted computer code result in selections of different available memory locations within the pool of memory. Related portions can be stored non-consecutively in the pool of memory. The pool of memory can store different portions of decrypted computer code over time.
摘要翻译: 这里公开了用于执行加密的计算机代码的系统,方法和非暂时的计算机可读存储介质。 配置为执行该方法的系统接收执行加密的计算机代码的请求。 响应于该请求,系统识别加密的计算机代码的一部分用于执行,并解密部分以产生解密的计算机代码。 然后,系统将解密的计算机代码存储在存储器池中,并从存储器池中执行解密的计算机代码。 系统可以基于随机化算法将解密的计算机代码存储在存储器池中,使得加密的计算机代码的相同执行导致在存储器池内的不同可用存储器位置的选择。 相关部分可以非连续地存储在存储器池中。 内存池可以随时间存储解密的计算机代码的不同部分。
-
16.发明申请公开(公告)号:US20120260102A1
公开(公告)日:2012-10-11
申请号:US13083497
申请日:2011-04-08
申请人: Ganna Zaks , Pierre Betouin , Augustin J. Farrugia , Julien Lerouge , Jon McLachlan , Gideon M. Myles , Cédric Tessier
发明人: Ganna Zaks , Pierre Betouin , Augustin J. Farrugia , Julien Lerouge , Jon McLachlan , Gideon M. Myles , Cédric Tessier
IPC分类号: G06F12/14
CPC分类号: G06F12/1408 , G06F21/51 , G06F21/602 , G06F21/71 , G06F21/72
摘要: Disclosed herein are systems, methods, and non-transitory computer-readable storage media for executing encrypted computer code. A system configured to practice the method receives a request to execute encrypted computer code. In response to the request, the system identifies a portion of the encrypted computer code for execution and decrypts the portion to yield decrypted computer code. Then the system stores the decrypted computer code in a pool of memory and executes the decrypted computer code from the pool of memory. The system can store the decrypted computer code in the pool of memory based on a randomization algorithm so that identical executions of the encrypted computer code result in selections of different available memory locations within the pool of memory. Related portions can be stored non-consecutively in the pool of memory. The pool of memory can store different portions of decrypted computer code over time.
摘要翻译: 这里公开了用于执行加密的计算机代码的系统,方法和非暂时的计算机可读存储介质。 配置为执行该方法的系统接收执行加密的计算机代码的请求。 响应于该请求,系统识别加密的计算机代码的一部分用于执行,并解密部分以产生解密的计算机代码。 然后,系统将解密的计算机代码存储在存储器池中,并从存储器池中执行解密的计算机代码。 系统可以基于随机化算法将解密的计算机代码存储在存储器池中,使得加密的计算机代码的相同执行导致在存储器池内的不同可用存储器位置的选择。 相关部分可以非连续地存储在存储器池中。 内存池可以随时间存储解密的计算机代码的不同部分。
-
17.发明申请SYSTEM AND METHOD FOR BLURRING INSTRUCTIONS AND DATA VIA BINARY OBFUSCATION 有权用于通过二进制补偿来引导指令和数据的系统和方法公开(公告)号:US20120284688A1
公开(公告)日:2012-11-08
申请号:US13100041
申请日:2011-05-03
申请人: Jon McLachlan , Ganna Zaks , Julien Lerouge , Pierre Betouin , Augustin J. Farrugia , Gideon M. Myles , Cédric Tessier
发明人: Jon McLachlan , Ganna Zaks , Julien Lerouge , Pierre Betouin , Augustin J. Farrugia , Gideon M. Myles , Cédric Tessier
IPC分类号: G06F9/44
CPC分类号: G06F21/14 , G06F21/125
摘要: Disclosed herein are systems, methods, and non-transitory computer-readable storage media for obfuscating a computer program. A system configured to practice the method identifies a set of executable instructions at a first location in an instruction section of the computer program and identifies a second location in a data section of the computer program. Then the system moves the set of executable instructions to the second location and patches references in the computer program to the set of executable instructions to point to the second location. The instruction section of the computer program can be labeled as _TEXT,_text and the data section of the computer program is labeled as _DATA,_data. The set of executable instructions can include one or more non-branching instructions optionally followed by a branching instruction. The placement of the first and second locations can be based on features of a target computing architecture, such as cache size.
摘要翻译: 本文公开了用于模糊计算机程序的系统,方法和非暂时的计算机可读存储介质。 被配置为练习该方法的系统在计算机程序的指令部分中的第一位置识别一组可执行指令,并且识别计算机程序的数据部分中的第二位置。 然后系统将可执行指令集移动到第二位置,并将计算机程序中的引用修补到指向第二位置的可执行指令集。 计算机程序的指令部分可以标记为_TEXT,_text,计算机程序的数据部分标记为_DATA,_data。 该可执行指令集可以包括一个或多个非分支指令,可选地跟随分支指令。 第一和第二位置的放置可以基于诸如高速缓存大小的目标计算架构的特征。
-
18.发明授权公开(公告)号:US08615735B2
公开(公告)日:2013-12-24
申请号:US13100041
申请日:2011-05-03
申请人: Jon McLachlan , Ganna Zaks , Julien Lerouge , Pierre Betouin , Augustin J. Farrugia , Gideon M. Myles , Cédric Tessier
发明人: Jon McLachlan , Ganna Zaks , Julien Lerouge , Pierre Betouin , Augustin J. Farrugia , Gideon M. Myles , Cédric Tessier
IPC分类号: G06F9/44
CPC分类号: G06F21/14 , G06F21/125
摘要: Disclosed herein are systems, methods, and non-transitory computer-readable storage media for obfuscating a computer program. A system configured to practice the method identifies a set of executable instructions at a first location in an instruction section of the computer program and identifies a second location in a data section of the computer program. Then the system moves the set of executable instructions to the second location and patches references in the computer program to the set of executable instructions to point to the second location. The instruction section of the computer program can be labeled as _TEXT,_text and the data section of the computer program is labeled as _DATA,_data. The set of executable instructions can include one or more non-branching instructions optionally followed by a branching instruction. The placement of the first and second locations can be based on features of a target computing architecture, such as cache size.
摘要翻译: 本文公开了用于模糊计算机程序的系统,方法和非暂时的计算机可读存储介质。 被配置为练习该方法的系统在计算机程序的指令部分中的第一位置识别一组可执行指令,并且识别计算机程序的数据部分中的第二位置。 然后系统将可执行指令集移动到第二位置,并将计算机程序中的引用修补到指向第二位置的可执行指令集。 计算机程序的指令部分可以标记为_TEXT,_text,计算机程序的数据部分标记为_DATA,_data。 该可执行指令集可以包括一个或多个非分支指令,可选地跟随分支指令。 第一和第二位置的放置可以基于诸如高速缓存大小的目标计算架构的特征。
-
公开(公告)号:US20130036473A1
公开(公告)日:2013-02-07
申请号:US13195748
申请日:2011-08-01
CPC分类号: G06F21/14 , G06F2221/033
摘要: Disclosed herein are systems, methods, and non-transitory computer-readable storage media for obfuscating branches in computer code. A compiler or a post-compilation tool can obfuscate branches by receiving source code, and compiling the source code to yield computer-executable code. The compiler identifies branches in the computer-executable code, and determines a return address and a destination value for each branch. Then, based on the return address and the destination value for each branch, the compiler constructs a binary tree with nodes and leaf nodes, each node storing a balanced value, and each leaf node storing a destination value. The non-leaf nodes are arranged such that searching the binary tree by return address leads to a corresponding destination value. Then the compiler inserts the binary tree in the computer-executable code and replaces each branch with instructions in the computer-executable code for performing a branching operation based on the binary tree.
摘要翻译: 本文公开了用于在计算机代码中模糊分支的系统,方法和非暂时的计算机可读存储介质。 编译器或后编译工具可以通过接收源代码来模糊分支,并编译源代码以产生计算机可执行代码。 编译器识别计算机可执行代码中的分支,并确定每个分支的返回地址和目标值。 然后,基于每个分支的返回地址和目的地值,编译器构造具有节点和叶节点的二叉树,每个节点存储平衡值,并且每个叶节点存储目的地值。 非叶节点被布置为使得通过返回地址搜索二叉树导致相应的目的地值。 然后,编译器将二进制树插入计算机可执行代码,并用计算机可执行代码中的指令替换每个分支,以执行基于二叉树的分支操作。
-
公开(公告)号:US08887140B2
公开(公告)日:2014-11-11
申请号:US12688807
申请日:2010-01-15
CPC分类号: G06F21/14 , G06F8/4443 , G06F9/463 , G06F17/241
摘要: Disclosed herein are systems, methods, and computer-readable storage media for obfuscating using inlined functions. A system configured to practice the method receives a program listing including annotated functions for obfuscation, identifies an annotated function called more than once in the program listing, and creates an inline control flow structure in the program listing for the identified annotated function, the control flow structure being computationally equivalent to inlining the identified annotated function into the program listing for each occurrence of the identified annotated function. The program listing can include tiers of annotated functions. The system can identify annotated functions called more than once based on an optionally generated callgraph. The system can create inline control flow structures in the program listing in order of annotation importance. The system can identify how many times each annotated function is called in the program listing.
摘要翻译: 本文公开了用于使用内联函数进行混淆的系统,方法和计算机可读存储介质。 配置为实施该方法的系统接收包括用于模糊化的注释功能的程序列表,在程序列表中标识多于一次的注释函数,并且在所述程序列表中为所识别的注释功能创建一个内联控制流结构, 计算结构相当于将所识别的注释功能内联到所述识别的注释功能的每次出现的程序列表中。 程序列表可以包括注释功能的层次。 系统可以基于可选地生成的呼叫图来识别多次调用的注释功能。 该系统可以在注释重要性的顺序创建程序列表中的内联控制流结构。 系统可以识别每个注释功能在程序列表中调用的次数。
-
-
-
-
-
-
-
-
-
搜索结果
40 条记录 (耗时 0.025 秒)
