—As the control flow graph can reflect the logic structure of programs, static and dynamic reverse methods are used to analyze the logic structure and instruction sequence, and the existing methods of control flow obfuscation have low potency to resist reverse attacks. To solve this problem, we propose an obfuscation method based on instruction fragment diversification and control flow randomization, diversified instruction fragments are generated by various equivalent transformation rules, and random functions are used to select one execution path from the multi-way branches of programs, then programs are iteratively obfuscated. Experiments and analysis show that diversified instruction fragments and multi-way branches can increase the difficulty of static reverse analysis, random selection for multi-way branches will increase the difficulty of dynamic instruction tracing, and iterative transformation for many times enhances the complexity of control flow graph.
—Code obfuscation, iterative transformation, instruction fragment diversification, control flow randomization.
Xin Xie is with Zhengzhou Information Science and Technology Institute, and the State Key Laboratory of Mathematical Engineering and Advanced Computing, Zhengzhou, Henan 450002, China (e-mail: email@example.com).
Fenlin Liu, Bin Lu, and Fei Xiang are with Zhengzhou Information Science and Technology Institute, China (e-mail: firstname.lastname@example.org, email@example.com, firstname.lastname@example.org).
Cite:Xin Xie, Fenlin Liu, Bin Lu, and Fei Xiang, "An Iteration Obfuscation Based on Instruction Fragment Diversification and Control Flow Randomization," International Journal of Computer Theory and Engineering vol. 8, no. 4, pp. 303-312, 2016.