Hiding in the Particles: When Return-Oriented Programming Meets Program Obfuscation
This work addresses the problem of making reverse engineering more difficult for attackers by using ROP for program obfuscation, offering a new technique for software developers concerned with intellectual property protection and code integrity.
This paper explores the use of return-oriented programming (ROP) for program obfuscation, transforming functions into ROP chains that integrate with existing software. The authors demonstrate that these ROP chains can resist common static and dynamic deobfuscation methods, requiring significant computational resources for an attacker to deobfuscate.
Largely known for attack scenarios, code reuse techniques at a closer look reveal properties that are appealing also for program obfuscation. We explore the popular return-oriented programming paradigm under this light, transforming program functions into ROP chains that coexist seamlessly with the surrounding software stack. We show how to build chains that can withstand popular static and dynamic deobfuscation approaches, evaluating the robustness and overheads of the design over common programs. The results suggest a significant amount of computational resources would be required to carry a deobfuscation attack for secret finding and code coverage goals.