Standalone static binary executable rewriting for software protection


Thesis Type: Postgraduate

Institution Of The Thesis: Orta Doğu Teknik Üniversitesi, Graduate School of Natural and Applied Sciences, Graduate School of Natural and Applied Sciences, Turkey

Approval Date: 2015

Student: Özgür Saygın Bican

Principal Consultant (For Co-Consultant Theses): ONUR TOLGA ŞEHİTOĞLU

Abstract:

This study introduces a static binary rewriting method for improving security of executable binaries. For software security, when the network and host-based precautions are passed by the adversary or they are not present at all, the software has to defend itself. Nevertheless, applying software protection methods during software development requires extra source code development and know-how. Furthermore, these methods inherently make the software undesirably complex. Applying these methods after compilation of the software will decouple the software development and protection processes. Binary rewriting is such a method that externally modifies an executable file in order to make binary hard to reverse engineer and tamper. Along with software protection, binary rewriting is also applied on other areas such as binary instrumentation and semantic patching etc. that are out of the scope of this study. Some prior proposed approaches use a special compiler and/or linker and some others use a third party commercial disassemblers to make analysis on the binary file, making process highly dependent on performance of these tools. In this study, a standalone static binary rewriting framework that can work directly on the output of the compiler without any third party disassembler or special compiler/linker dependency is developed. The framework uses debug information in binary to get function locations, and then relocates functions, then update the references to point to the new addresses in the binary. The implementation is tested on various open source software written in C and C++ for performance overhead. Then, as a case study, a software protection method is applied to a program using our framework, and the security of resulting binary is compared in terms of how control flow graph reveals information about software structure.