| With the rapid development and progress of computer technology,software has been increasingly applied to all walks of life and has become an essential tool in almost everyone's life.At the same time,binary analysis technology and reverse engineering technology are also rapidly developing and progressing.Currently,mature and automated reverse toolsets have appeared,which has greatly improved the software's analysis capabilities and analysis efficiency.It brought a great threat to software security and copyright issues.In order to deal with the security threats caused by reverse analysis to the software,the main protection measures currently taken are: 1.Shell,using a relatively high-intensity virtual shell or using a solitary shell written by yourself to protect the target software;2.Code Obfuscation,changing the logical structure and increasing the complexity of the program by obfuscating the program to increase the difficulty of reverse analysis.In order to enhance the ability of ELF files to resist reverse analysis,this paper focuses on encryption shell protection and code obfuscation of ELF files on Linux platforms.The main work of this article includes:Firstly,researching the ELF file encryption shell protection.By analyzing the loading process of ELF files and the principles of common shell methods of ELF files,the shortcomings of common shell methods are summarized,and then an inclusive ELF file shell method is proposed.This shell method makes it easier to replace the encryption and decryption or compression and decompression algorithms of the ELF file shell.Secondly,researching the ELF binary obfuscation technology.By analyzing the common binary obfuscation techniques,the shortcomings of common binary obfuscation methods are summarized,and then a binary obfuscation algorithm based on basic block exchange between functions is proposed.The overall idea of the obfuscation algorithm is given,and the obfuscation algorithm is described in detail,including the formal definition of the obfuscation algorithm and the specific algorithm used by the basic blocks in the obfuscation algorithm for exchange and reconstruction of the obfuscated binary file.Finally,an ELF file protection system is designed and implemented based on the proposed ELF file shell method and obfuscation algorithm.The system includes an ELF file encryption packer and an ELF file obfuscator.The design and implementation of the ELF file encryption packer and the ELF file obfuscator are described in detail,and the functional verification and performance evaluation of the ELF file encryption packer and the ELF file obfuscator are performed.Experimental results show that the proposed shell method and binary code obfuscation algorithm are both effective,and they can effectively enhance the ability of ELF files to resist reverse analysis. |
PDF Full Text Request