|
|
Generic Obfuscation on the Bytecode Level
Kollát, Samuel ; Křoustek, Jakub (referee) ; Ďurfina, Lukáš (advisor)
This work contains definition of obfuscation and methods of obfuscation. It is followed by description of LLVM Project and its suitability for obfuscation on the bytecode level for purpose of targeting different architectures. The core of the work is formed by detailed design of obfuscation methods aiming towards their implementation in back-end of LLVM compiler. Closing section is dedicated to verification of implemented functionality on different architectures by automated testing.
|
|
|
JavaScript Code Normalization During Detection of Vulnerabilities
Havlíček, Lukáš ; Dolejška, Daniel (referee) ; Polčák, Libor (advisor)
This thesis deals with the minification, obfuscation of JavaScript and normalization of abstract syntactic trees for browser extensions implemented in Mr. Randýsek’s thesis. The tools and techniques of both JavaScript minification and obfuscation have been studied. This information was used in the design and implementation of abstract syntactic tree normalization. The trees are used in a Chrome browser extension that detects and corrects JavaScript code. I tested the normalizations with unit and integration tests. I also tested the vulnerability detection extension, where I detected 125 vulnerabilities on 1000 websites.
|
|
|
Analysis of Virtual Machine based obfuscation
Středa, Adolf ; Boháček, Milan (advisor) ; Bálek, Martin (referee)
Software systems may contain sensitive data that should be protected. In a scenario, where an analyst has full access to the system, it may be desirable to transform the program to become harder to understand and reverse-engineer, while preserving the original functionality of the program. Machine code obfuscation tackles this problem by adding complexity to the pro- gram's control flow, a programming idiom removal, and various abstractions. Specifically, WProtect is an obfuscation engine that utilises a stack virtual ma- chine and its own instruction set to achieve these properties. In this thesis, I will analyse WProtect obfuscation engine, its obfuscation algo- rithms and present a generic approach to an extraction of a code protected by WProtect. Furthermore, I will design a generic framework for a static code ex- traction that is tweakable in order to support different WProtect configurations. Several improvements to WProtect, both in terms of configuration and design, will also be proposed. These proposals mostly intend to mitigate vulnerabilities that are exploited in the code extraction, however, several proposals shall also include improvements specifically targeting static analysis prevention. 1
|
|
|
Generic Obfuscation on the Bytecode Level
Kollát, Samuel ; Křoustek, Jakub (referee) ; Ďurfina, Lukáš (advisor)
This work contains definition of obfuscation and methods of obfuscation. It is followed by description of LLVM Project and its suitability for obfuscation on the bytecode level for purpose of targeting different architectures. The core of the work is formed by detailed design of obfuscation methods aiming towards their implementation in back-end of LLVM compiler. Closing section is dedicated to verification of implemented functionality on different architectures by automated testing.
|
guest ::
