Jurriaan Bremer (Independent Researcher / HITB.nl CTF Core Crew)

PRESENTATION TITLE: SSEXY: Binary Obfuscation the SSE Way

PRESENTATION ABSTRACT:

Over the past few decades people have been reverse engineering 3rd party software in order to analyze and break it. Hence many attempts have been done to make it harder to analyze, therefore obfuscating the software. Today I present a relatively new way to obfuscate binaries - Using the SSE Instruction Set, an extension for the x86 instruction set (this is the machine code that is processed by the CPU), I will show how to obfuscate existing assembly and binaries by translating “normal” instructions into SSE instructions.

The SSE Instruction Set is a special instruction set provided by the CPU for heavy math operations, it performs really well for 3D graphics (such as used in games and rendering engines) and bruteforcing hashes (md5 etc.)  The idea of using SSE to obfuscate binaries is definitely not new, but has not been used before for entire binaries, which makes it unique in it’s own way.

At last through the use of my tool SSEXY, I will show how SSE will break existing code analysis tools and Anti Virus software. I will show new ways to obfuscate existing binaries and new methods to fool reverse engineers, static analyzers and anti virus engines.

ABOUT JURRIAAN BREMER

Jurriaan is an independent security researcher from the Netherlands who has been interested in the development and analysis of low-level software, their algorithms and new ways to bypass existing security measures. He is also a member of “De Eindbazen” (a dutch team that plays CTFs) and one of the people behind the HITB.nl CTF.