Translingual Obfuscation Pei Wang, Shuai Wang, Jiang Ming, Yufei Jiang, and Dinghao Wu College of Information Sciences and Technology The Pennsylvania State University fpxw172, szw175, jum310, yzj107,
[email protected] Abstract—Program obfuscation is an important software pro- Currently the state-of-the-art obfuscation technique is to tection technique that prevents attackers from revealing the incorporate with process-level virtualization. For example, programming logic and design of the software. We introduce obfuscators such as VMProtect [10] and Code Virtualizer [4] translingual obfuscation, a new software obfuscation scheme replace the original binary code with new bytecode, and a which makes programs obscure by “misusing” the unique custom interpreter is attached to interpret and execute the features of certain programming languages. Translingual ob- bytecode. The result is that the original binary code does fuscation translates part of a program from its original lan- not exist anymore, leaving only the bytecode and interpreter, guage to another language which has a different program- making it difficult to directly reverse engineer [39]. How- ming paradigm and execution model, thus increasing program ever, recent work has shown that the decode-and-dispatch complexity and impeding reverse engineering. In this paper, execution pattern of virtualization-based obfuscation can we investigate the feasibility and effectiveness of translingual be a severe vulnerability leading to effective deobfusca- obfuscation with Prolog, a logic programming language. We tion [24], [66], implying that we are in need of obfuscation implement translingual obfuscation in a tool called BABEL, techniques based on new schemes. which can selectively translate C functions into Prolog pred- We propose a novel and practical obfuscation method icates.