Search results

This research aims to propose an attack that de-obfuscates codes by exploiting the properties of context-free grammars since it is important to understand the strength of obfuscation provided by context-free grammar-based obfuscators. In addition, the possibility of automatically generated transformations is explored.

As part of our empirical investigation, a development environment for obfuscating transformations is built. The tool is used to simulate a context-free obfuscator and to devise ways of reversing such transformations. Furthermore, a theoretical investigation of subset grammars and subset languages is carried out.

It is concluded that context-free grammar-based obfuscators provide limited levels of protection. Nevertheless, their application is appropriate when combined with other obfuscating techniques.

The algorithms behave as expected on a limited number of test samples. Further work is required to increase their practicality and to establish their average reliability.

This research shows how a frequency analysis attack can threaten the security of code scrambled by context-free grammar-based obfuscators.