Full Text

1. Introduction

Reverse engineering is the process of analyzing a subject system to create representations of the system at a higher level of abstraction. Recently, reverse engineering is widely used by attackers for software piracy [1, 2, 3].

In this paper, we classify diverse reverse engineering methods into 2 categories: static analysis on code and dynamic analysis on memory. Then, by these categories we compare and evaluate major anti-reverse engineering mechanisms: source code obfiiscation, code encryption, code packing, anti-debugging. Analysis results show that each mechanism has unique protection coverage.

From this observation, we suggest that for anti-reverse engineering, integration of diverse mechanisms is one the most effective ways to have full coverage since unlike other ordinary integrations of diverse techniques, integration of anti-reverse engineering mechanisms is very easy due to small dependency while providing high flexibility.

As for validation, we implemented major anti-reverse engineering mechanisms and two integrated schemes: secure UPX and more secure UPX. Experimental results show that the integrated schemes have low interference and wide coverage. To evaluate additional overheads due to integration, we evaluate code sizes and execution times, which shows that additional integration overhead is almost negligible.

2. Anti-reverse engineering techniques

Anti-reverse engineering techniques to defend against reverse engineering attacks can be classified as 4 groups: code encryption, code packing, obfuscation, and anti-debugging.

2.1 Code packing

Code packing (a. k. a. executable compression) is any means of compressing an executable file and combining the compressed data with the decompression code it...