RUS  ENG
Full version
JOURNALS // Prikladnaya Diskretnaya Matematika. Supplement // Archive

Prikl. Diskr. Mat. Suppl., 2021 Issue 14, Pages 138–140 (Mi pdma549)

This article is cited in 1 paper

Mathematical Foundations of Computer Security

Application of x86 extensions for code protection

R. K. Lebedev, I. A. Koryakin

Novosibirsk State University

Abstract: A new approach is proposed to protect the program code against reverse engineering tools, such as decompilers and symbolic execution tools. The approach is based on the usage of uncommon x86 processor instructions that could be implemented incorrectly in the aforementioned tools. Existing approaches to this problem are also considered, and the relative performance advantage of the proposed approach is noted. A method for numeric constants obfuscation, following this approach, is developed with the usage of AES-NI extension for the x86 architecture and its AESENC instruction in particular. This method is implemented for Clang compiler with the help of LLVM Intermediate Representation and tested against reverse engineering tools, such as IDA and Ghidra decompilers and angr symbolic execution tool.

Keywords: code protection, reverse engineering, decompiler, symbolic execution, x86 processor architecture.

UDC: 004.056.5

DOI: 10.17223/2226308X/14/30



© Steklov Math. Inst. of RAS, 2024