SCORE: Source Code Optimization & REconstruction

Abstract

The main goal of obfuscation is to make software difficult to analyze. Although obfuscation is one useful method to protect programs, the ability to analyze malware is greatly reduced if used for malicious purposes. The obfuscation technique is most applicable at the binary level, but it can also be applied at the source code level. Although source-level techniques can be applied regardless of the target platform, these are often optimized and eliminated during compilation. However, when control-flow obfuscation is applied at the source code level, removal is not possible. When applied for malicious purposes, the ability to analyze the source code and compiled binary code is greatly reduced. To date, no research has presented a method that increases the readability of source code or the ability to analyze compiled binaries via optimization at the source level. In this paper, we select a very powerful obfuscation tool that provides options, including control-flow obfuscation, at the source level. The result of our research is a tool that outputs optimized source code and performs control-flow reconstruction as preprocessing, which increases readability even when control-flow obfuscation has been applied. The results also suggest an improvement in the ability to analyze binary code. As a result, more than 70% of the source code can be optimized at the source level, and the control-flow graph can be serialized. The optimized source code compiles more concise binary code even if no compiler optimizations are applied. Finally, the paper concludes by presenting the results of a module that prevents deobfuscation through code tampering (preventive obfuscation) at the source code level.