SlideShare a Scribd company logo

[CB20] DeClang: Anti-hacking compiler by Mengyuan Wan

CODE BLUE
CODE BLUE

There are various approaches in client protection technology, including packing, obfuscation, anti-decompilation and tamper detection. In this presentation, we examine the advantages and disadvantages of these approaches, and introduce our compiler-type client protection tool DeClang. In previous research so far, there are many open source obfuscation projects based on LLVM. However, these projects are mostly in the experimental stage, with various drawbacks such as lurking bugs, lack of ARM support, and inapplicability to mobile apps' build flow. DeClang overcomes these problems and will be partly open sourced as a working-level obfuscation compiler. In this presentation, we will analyze the Unity build flow and explain how to incorporate DeClang into the Unity build flow.I will also show you how to find and fix a long-standing bug in the obfuscator-llvm project to make it a working-level obfuscator. Through this presentation, we would like to make it possible for anyone to easily protect mobile apps.

Presentations & Public Speaking
1 of 48
Download to read offline
CODE BLUE 2020 DeClang : Anti-hacking Compiler Mengyuan Wan 万萌遠
CODE BLUE 2020 Self Introduction ≫ Security Engineer at DeNA Co., Ltd. ≫ Reverse Engineering / Developing / SOC / Application Pentesting / Cloud Security etc. ≫ CISSP ≫ Contacts − GitHub: https://www.github.com/nevermoe − Twitter: @nevermoecom 2
CODE BLUE 2020 Agenda ≫ Motivation ≫ DeClang Introduction & Features ≫ An O-LLVM Bug & Fix ≫ Conclusion 3
CODE BLUE 2020 Motivation ≫ Game cheating, app hacking is everywhere − Memory Hacking − Time Hacking − Network Traffic Tampering − Binary Tampering − Hooking − Assets dumping − etc. 4
CODE BLUE 2020 Motivation ≫ Commercial anti-hacking solutions are expensive − Packer − Anti-hacking Library − Obfuscation Compiler 5
CODE BLUE 2020 Motivation ≫ Can we create a free, open sourced anti-hacking solution? − You can’t open source a packer or an anti-hacking library. − But you can open source an obfuscation compiler partly. 6 * Other reasons: https://www.slideshare.net/dena_tech/declang-clang-dena-techcon-2020
CODE BLUE 2020 Motivation ≫ That is DeClang − An anti-hacking compiler partly open sourced. − Based on LLVM project and extended Obfuscator-LLVM: https://github.com/obfuscator-llvm/obfuscator − Free to secure your apps and games. (Apache License 2.0) − https://github.com/DeNA/DeClang 7
CODE BLUE 2020 Motivation ≫ Why DeClang? − Compatible with Unity build flow, mobile apps build flow. − Cross-platform • Host ➢ Windows / OSX / Linux • Target ➢ X86 / X64 / ARM / AArch64 ➢ Elf / Mach-O / PE ➢ Windows / OSX / Linux / Android / iOS • Build Flow ➢ Unity / Cocos2d / NDK / Xcode / Make / Visual Studio 8
CODE BLUE 2020 DeClang Introduction ≫ Take Unity for example 9
CODE BLUE 2020 DeClang Introduction ≫ Unity build flow Unity C# C++ IL2CPP iOS APK Apple Clang (Xcode) NDK Clang IPA 10 Android
CODE BLUE 2020 DeClang Introduction ≫ How to integrate with DeClang? Unity C# C++ IL2CPP iOS APK Apple Clang (Xcode) NDK Clang IPA 11 Android
CODE BLUE 2020 DeClang Introduction ≫ Simply replace official Clang with DeClang! − For Android, replace the Clang binary. − For iOS, set the CC and CXX environment variable. Unity C# C++ IL2CPP iOS APK DeClang (Xcode) NDK DeClang IPA Android 12
CODE BLUE 2020 DeClang Introduction ≫ How to pass config parameters to compiler? − Pass -mllvm -fla to compiler − Add __attribute((__annotate__(("fla")))) to functions in source file 13
CODE BLUE 2020 DeClang Introduction ≫ How to pass config parameters to compiler? − Pass -mllvm -fla to compiler − Add __attribute((__annotate__(("fla")))) to functions in source file ≫ You cannot control parameters passed to NDK in Unity build flow ≫ It’s difficult to modify C++ files generated by IL2CPP every time 😕 14
CODE BLUE 2020 DeClang Introduction ≫ How to pass config parameters to compiler? − Set environment variable DECLANG_HOME & pass parameters by $DECLANG_HOME/.DeClang/config.json − Flexible: All the setup can be done in shell / powershell scripts. So it’s easy to integrate DeClang into CI. 15
CODE BLUE 2020 ≫ Control Flow Flattening & Split Basic Blocks (Originated from O-LLVM) DeClang’s Feature "flatten": [ { "name": "PlayerShooting_Shoot_m", "split_level": 2 }, { "name": "^is_jailbroken$" } ] //config.json: 16
CODE BLUE 2020 DeClang’s Feature ≫ Control Flow Flattening & Split Basic Blocks (Originated from O-LLVM) 17
CODE BLUE 2020 ≫ Control Flow Flattening & Split Basic Blocks (Originated from O-LLVM) DeClang’s Feature 18
CODE BLUE 2020 DeClang’s Feature { "overall_obfuscation": 100 // obfuscation percentage } //config.json: ≫ Indirect Branch (Original Feature) − It is globally applied so you don’t bother selecting target functions. − However it is weaker. 19
CODE BLUE 2020 DeClang’s Feature ≫ Indirect Branch (Original Feature) – These code blocks belong to a single function but IDA recognizes them as different functions. – As a result, IDA fails to decompile these codes. 20
CODE BLUE 2020 DeClang’s Feature 21 ≫ Other O-LLVM features can be ported to DeClang easily − Instruction Substitution − Bogus Control Flow
CODE BLUE 2020 DeClang’s Feature 22 ≫ Features that are not open sourced − Function-level anti-tamper − Global anti-tamper − Root / Jailbreak / Emulator detection − global-metadata encryption
CODE BLUE 2020 ≫ Function-level anti-tamper DeClang’s Feature foo bar 23
CODE BLUE 2020 ≫ Insert tamper detection at the beginning of the function DeClang’s Feature foo bar tamper detecttamper detection 24
CODE BLUE 2020 ≫ Detecting tamper mutually DeClang’s Feature foo bar tamper detection tamper detect tamper detect tamper detection 25
CODE BLUE 2020 ≫ Detecting tamper mutually DeClang’s Feature baz tamper detect tamper detect tam perdetect tam perdetect tamper detection tamper detection foo tamper detection bar tamper detection 26
CODE BLUE 2020 ≫ Detecting tamper mutually DeClang’s Feature baz tamper detect tamper detect tam perdetect tam perdetect tamper detection tamper detection foo tamper detection bar tamper detection Hacker have to remove all tamper detection at once! 27
CODE BLUE 2020 ≫ Without Flattening uint32_t foo() { uint32_t V_0 = 0; goto LBL3; LBL1: if (V_0 == 1) { printf("2n"); goto LBL2; } else goto LBL3; LBL2: printf("3n"); goto LBL3; LBL3: printf("1n"); V_0 = getNum(); //getNum() {return first_time_called ? 1 : 0;} if (V_0) goto LBL1; else { printf("4n"); return V_0; } } An O-LLVM Bug 1 2 3 1 4 Output: 28
CODE BLUE 2020 ≫ Flattened uint32_t foo() { uint32_t V_0 = 0; goto LBL3; LBL1: if (V_0 == 1) { printf("2n"); goto LBL2; } else goto LBL3; LBL2: printf("3n"); goto LBL3; LBL3: printf("1n"); V_0 = getNum(); //getNum() {return first_time_called ? 1 : 0;} if (V_0) goto LBL1; else { printf("4n"); return V_0; } } An O-LLVM Bug 2 3 1 2 3 1 4 LBL1 executed first?! Output: 29
CODE BLUE 2020 ≫ Flattening Logic ①: bb1 ends with “br bb2” An O-LLVM Bug https://github.com/obfuscator-llvm/obfuscator/blob/llvm-4.0/lib/Transforms/Obfuscation/Flattening.cpp bb1 (prologue) bb2 bb3 bb4 (epilogue) bb1 (prologue) switchVar = 0x1 bb2 switchVar = 0x2 bb3 switchVar = 0x3 switch bb bb4 (epilogue) if switchVar == 0x1 if switchVar == 0x2 if switchVar == 0x3 30
CODE BLUE 2020 ≫ Flattening Logic ②: bb1 ends with conditional branch An O-LLVM Bug https://github.com/obfuscator-llvm/obfuscator/blob/llvm-4.0/lib/Transforms/Obfuscation/Flattening.cpp#L100 bb1 (prologue) bb2 bb3 bb4 (epilogue) 31
CODE BLUE 2020 ≫ Flattening Logic ②: bb1 ends with conditional branch An O-LLVM Bug https://github.com/obfuscator-llvm/obfuscator/blob/llvm-4.0/lib/Transforms/Obfuscation/Flattening.cpp bb1 (prologue) bb2 bb3 bb4 (epilogue) bb1.2 (cond br) bb2 bb3 bb4 (epilogue) bb1.1 (prologue) bb1.1 (prologue) bb2 bb3 switch bb bb4 (epilogue) bb1.2 (cond br) switch bb 32
CODE BLUE 2020 ≫ Flattening Logic ③: What if bb1 ends with “br bb3”? An O-LLVM Bug bb1 (prologue) bb2 bb3 bb4 (epilogue) bb1 (prologue) switchVar = 0x1 bb2 switchVar = 0x3 bb3 switchVar = 0x1 switch bb bb4 (epilogue) if switchVar == 0x1 if switchVar == 0x2 if switchVar == 0x3 33
CODE BLUE 2020 bb1 (prologue) switchVar = 0x1 bb2 switchVar = 0x3 bb3 switchVar = 0x1 switch bb bb4 (epilogue) if switchVar == 0x1 if switchVar == 0x2 if switchVar == 0x3 ≫ Flattening Logic ③: What if bb1 ends with “br bb3”? An O-LLVM Bug https://github.com/obfuscator-llvm/obfuscator/blob/llvm-4.0/lib/Transforms/Obfuscation/Flattening.cpp#L119-L122 bb1(prologue) bb2 bb3 bb4 (epilogue) bb4 (epilogue) O-LLVM always assume first bb (bb2) in switch will be executed first. 34
CODE BLUE 2020 ≫ How could this happen? − Usually prologue will only branch to the bb indexed next to it (if the branch instruction is not conditional). An O-LLVM Bug bb1 (prologue) bb2 bb3 bb4 (epilogue) Normal Case 35
CODE BLUE 2020 An O-LLVM Bug ≫ How could this happen? − However if you write a messy code with a lot of goto... 36 Abnormal Case bb1 (prologue) bb2 bb3 bb4 (epilogue)
CODE BLUE 2020 ≫ How could this happen? uint32_t foo() { uint32_t V_0 = 0; goto LBL3; LBL1: if (V_0 == 1) { printf("2n"); goto LBL2; } else goto LBL3; LBL2: printf("3n"); goto LBL3; LBL3: printf("1n"); V_0 = getNum(); //getNum() {return first_time_called ? 1 : 0;} if (V_0) goto LBL1; else { printf("4n"); return V_0; } } An O-LLVM Bug LLVM IR (Without Flattening) define i32 @_Z3foov() local_unnamed_addr #1 { br label %5 ; <label>:1: ; preds = %5 %2 = tail call i32 @puts(i8* getelementptr inbounds ([2 x i8], [2 x i8]* @str.5, i64 0, i64 0)) %3 = tail call i32 @puts(i8* getelementptr inbounds ([2 x i8], [2 x i8]* @str.6, i64 0, i64 0)) br label %4 ; <label>:4: ; preds = %1, %5 br label %5 ; <label>:5: ; preds = %4, %0 %6 = tail call i32 @puts(i8* getelementptr inbounds ([2 x i8], [2 x i8]* @str, i64 0, i64 0)) %7 = tail call i32 @_Z6getNumv() switch i32 %7, label %4 [ i32 0, label %8 i32 1, label %1 ] ; <label>:8: ; preds = %5 %9 = tail call i32 @puts(i8* getelementptr inbounds ([2 x i8], [2 x i8]* @str.4, i64 0, i64 0)) ret i32 0 } 37
CODE BLUE 2020 ≫ How could this happen? uint32_t foo() { uint32_t V_0 = 0; goto LBL3; LBL1: if (V_0 == 1) { printf("2n"); goto LBL2; } else goto LBL3; LBL2: printf("3n"); goto LBL3; LBL3: printf("1n"); V_0 = getNum(); //getNum() {return first_time_called ? 1 : 0;} if (V_0) goto LBL1; else { printf("4n"); return V_0; } } An O-LLVM Bug define i32 @_Z3foov() local_unnamed_addr #1 { %1 = alloca i32 %2 = alloca i32 %3 = bitcast i32 0 to i32 store i32 205249092, i32* %1 br label %4 ; <label>:4: ; preds = %0, %29 %5 = load i32, i32* %1 switch i32 %5, label %6 [ i32 205249092, label %7 i32 -1124873994, label %10 i32 -1130815655, label %11 i32 -1828373093, label %12 i32 192667987, label %15 i32 -599381087, label %19 i32 -786179519, label %23 i32 2098306815, label %27 ] ; <label>:6: ; preds = %4 br label %29 ; <label>:7: ; preds = %4 %8 = tail call i32 @puts(i8* getelementptr inbounds ([2 x i8], [2 x i8]* @str.5, i64 0, i64 0)) %9 = tail call i32 @puts(i8* getelementptr inbounds ([2 x i8], [2 x i8]* @str.6, i64 0, i64 0)) store i32 -1130815655, i32* %1 br label %29 … } first non-default bb is always executed first LLVM IR (Flattened by O-LLVM) 38
CODE BLUE 2020 ≫ Fix − Simply always split first bb! An O-LLVM Bug // always split first BB if ((br != NULL /* && br->isConditional()*/ ) || insert -> getTerminator() -> getNumSuccessors() > 1) { BasicBlock::iterator i = insert -> end(); --i; if (insert -> size() > 1) { --i; } BasicBlock * tmpBB = insert -> splitBasicBlock(i, "first"); origBB.insert(origBB.begin(), tmpBB); } https://github.com/obfuscator-llvm/obfuscator/blob/llvm-4.0/lib/Transforms/Obfuscation/Flattening.cpp#L100 39
CODE BLUE 2020 ≫ Fix uint32_t foo() { uint32_t V_0 = 0; goto LBL3; LBL1: if (V_0 == 1) { printf("2n"); goto LBL2; } else goto LBL3; LBL2: printf("3n"); goto LBL3; LBL3: printf("1n"); V_0 = getNum(); //getNum() {return first_time_called ? 1 : 0;} if (V_0) goto LBL1; else { printf("4n"); return V_0; } } An O-LLVM Bug LLVM IR (Flattened by DeClang) define i32 @_Z3foov() local_unnamed_addr #1 { br label %1 ; <label>:1: ; preds = %0 br label %7 ; <label>:2: ; preds = %12 %3 = tail call i32 @puts(i8* getelementptr inbounds ([2 x i8], [2 x i8]* @str.5, i64 0, i64 0)) %4 = tail call i32 @puts(i8* getelementptr inbounds ([2 x i8], [2 x i8]* @str.6, i64 0, i64 0)) br label %6 ; <label>:5: ; preds = %12, %14 br label %6 ; <label>:6: ; preds = %5, %2 br label %7 ; <label>:7: ; preds = %6, %1 %8 = tail call i32 @puts(i8* getelementptr inbounds ([2 x i8], [2 x i8]* @str, i64 0, i64 0)) %9 = tail call i32 @_Z6getNumv() br label %10 … } 40
CODE BLUE 2020 ≫ Fix uint32_t foo() { uint32_t V_0 = 0; goto LBL3; LBL1: if (V_0 == 1) { printf("2n"); goto LBL2; } else goto LBL3; LBL2: printf("3n"); goto LBL3; LBL3: printf("1n"); V_0 = getNum(); //getNum() {return first_time_called ? 1 : 0;} if (V_0) goto LBL1; else { printf("4n"); return V_0; } } An O-LLVM Bug LLVM IR (Flattened by DeClang) define i32 @_Z3foov() local_unnamed_addr #1 { %1 = alloca i32 %2 = alloca i32 %3 = bitcast i32 0 to i32 store i32 205249092, i32* %1 br label %4 ; <label>:4: ; preds = %0, %30 %5 = load i32, i32* %1 switch i32 %5, label %6 [ i32 205249092, label %7 ... i32 192667987, label %13 ... ] ; <label>:6: ; preds = %4 br label %30 ; <label>:7: ; preds = %4 store i32 192667987, i32* %1 br label %30 ... ; <label>:13: ; preds = %4 %14 = tail call i32 @puts(i8* getelementptr inbounds ([2 x i8], [2 x i8]* @str, i64 0, i64 0)) %15 = tail call i32 @_Z6getNumv() store i32 %15, i32* %2 store i32 -599381087, i32* %1 br label %30 41
CODE BLUE 2020 ≫ But who the hell writes this kind of messy code? An O-LLVM Bug uint32_t foo() { uint32_t V_0 = 0; goto LBL3; LBL1: if (V_0 == 1) { printf("2n"); goto LBL2; } else goto LBL3; LBL2: printf("3n"); goto LBL3; LBL3: printf("1n"); V_0 = getNum(); ///getNum() {return first_time_called ? 1 : 0;} if (V_0) goto LBL1; else { printf("4n"); return V_0; } } 42
CODE BLUE 2020 ≫ But who the hell writes this kind of messy code? − Unity does! An O-LLVM Bug 43
CODE BLUE 2020 ≫ C++ files generated by IL2CPP have a lot of “goto”! An O-LLVM Bug IL2CPP_EXTERN_C IL2CPP_METHOD_ATTR void TutorialInfo_ToggleShowAtLaunch_m3632B30A9CA1D2147A5A71C32AA605C54EBA1E37 (TutorialInfo_t32C32F28F3E107CDDA9A04D4A6B927D7CED565C6 * __this, const RuntimeMethod* method) { ... { ... if (L_3) { G_B2_0 = L_2; goto IL_0021; } } { G_B3_0 = 0; G_B3_1 = G_B1_0; goto IL_0022; } IL_0021: { G_B3_0 = 1; G_B3_1 = G_B2_0; } IL_0022: { ... return; } } 44
CODE BLUE 2020 ≫ C++ files generated by IL2CPP have a lot of “goto”! An O-LLVM Bug IL2CPP_EXTERN_C IL2CPP_METHOD_ATTR void TutorialInfo_ToggleShowAtLaunch_m3632B30A9CA1D2147A5A71C32AA605C54EBA1E37 (TutorialInfo_t32C32F28F3E107CDDA9A04D4A6B927D7CED565C6 * __this, const RuntimeMethod* method) { ... { ... if (L_3) { G_B2_0 = L_2; goto IL_0021; } } { G_B3_0 = 0; G_B3_1 = G_B1_0; goto IL_0022; } IL_0021: { G_B3_0 = 1; G_B3_1 = G_B2_0; } IL_0022: { ... return; } } 45 To conclude: This is a bug triggered by GOTO campaign ?!
CODE BLUE 2020 ≫ A demo of function-level anti-tamper feature − https://www.youtube.com/watch?v=Y-zkDt2e-pI&featur e=youtu.be Demo 46
CODE BLUE 2020 ≫ DeClang motto − Cheaper: Everyone can secure their apps freely. − Easier: Everyone can integrate DeClang easily. − Stronger: Everyone can improve DeClang. Conclusion 47 https://github.com/DeNA/DeClang
CODE BLUE 2020 Follow Twitter @DeNAxTech !

Recommended

Black Hat Europe 2017. DPAPI and DPAPI-NG: Decryption Toolkit
Black Hat Europe 2017. DPAPI and DPAPI-NG: Decryption ToolkitBlack Hat Europe 2017. DPAPI and DPAPI-NG: Decryption Toolkit
Black Hat Europe 2017. DPAPI and DPAPI-NG: Decryption ToolkitPaula Januszkiewicz
 
Introduction and Overview of Apache Kafka, TriHUG July 23, 2013
Introduction and Overview of Apache Kafka, TriHUG July 23, 2013Introduction and Overview of Apache Kafka, TriHUG July 23, 2013
Introduction and Overview of Apache Kafka, TriHUG July 23, 2013mumrah
 
Getting up to speed with MirrorMaker 2 | Mickael Maison, IBM and Ryanne Dolan...
Getting up to speed with MirrorMaker 2 | Mickael Maison, IBM and Ryanne Dolan...Getting up to speed with MirrorMaker 2 | Mickael Maison, IBM and Ryanne Dolan...
Getting up to speed with MirrorMaker 2 | Mickael Maison, IBM and Ryanne Dolan...HostedbyConfluent
 
Best Practices in Qt Quick/QML - Part I
Best Practices in Qt Quick/QML - Part IBest Practices in Qt Quick/QML - Part I
Best Practices in Qt Quick/QML - Part IICS
 
G1 Garbage Collector: Details and Tuning
G1 Garbage Collector: Details and TuningG1 Garbage Collector: Details and Tuning
G1 Garbage Collector: Details and TuningSimone Bordet
 
An Introduction to CMake
An Introduction to CMakeAn Introduction to CMake
An Introduction to CMakeICS
 
Introduction to Git and GitHub
Introduction to Git and GitHubIntroduction to Git and GitHub
Introduction to Git and GitHubBioinformatics and Computational Biosciences Branch
 
Kotlin coroutines 톺아보기
Kotlin coroutines 톺아보기Kotlin coroutines 톺아보기
Kotlin coroutines 톺아보기Taewoo Kim
 

Recommended

Black Hat Europe 2017. DPAPI and DPAPI-NG: Decryption Toolkit
Black Hat Europe 2017. DPAPI and DPAPI-NG: Decryption ToolkitBlack Hat Europe 2017. DPAPI and DPAPI-NG: Decryption Toolkit
Black Hat Europe 2017. DPAPI and DPAPI-NG: Decryption ToolkitPaula Januszkiewicz
 
Introduction and Overview of Apache Kafka, TriHUG July 23, 2013
Introduction and Overview of Apache Kafka, TriHUG July 23, 2013Introduction and Overview of Apache Kafka, TriHUG July 23, 2013
Introduction and Overview of Apache Kafka, TriHUG July 23, 2013mumrah
 
Getting up to speed with MirrorMaker 2 | Mickael Maison, IBM and Ryanne Dolan...
Getting up to speed with MirrorMaker 2 | Mickael Maison, IBM and Ryanne Dolan...Getting up to speed with MirrorMaker 2 | Mickael Maison, IBM and Ryanne Dolan...
Getting up to speed with MirrorMaker 2 | Mickael Maison, IBM and Ryanne Dolan...HostedbyConfluent
 
Best Practices in Qt Quick/QML - Part I
Best Practices in Qt Quick/QML - Part IBest Practices in Qt Quick/QML - Part I
Best Practices in Qt Quick/QML - Part IICS
 
G1 Garbage Collector: Details and Tuning
G1 Garbage Collector: Details and TuningG1 Garbage Collector: Details and Tuning
G1 Garbage Collector: Details and TuningSimone Bordet
 
An Introduction to CMake
An Introduction to CMakeAn Introduction to CMake
An Introduction to CMakeICS
 
Introduction to Git and GitHub
Introduction to Git and GitHubIntroduction to Git and GitHub
Introduction to Git and GitHubBioinformatics and Computational Biosciences Branch
 
Kotlin coroutines 톺아보기
Kotlin coroutines 톺아보기Kotlin coroutines 톺아보기
Kotlin coroutines 톺아보기Taewoo Kim
 
Svelte as a Reactive Web Framework
Svelte as a Reactive Web FrameworkSvelte as a Reactive Web Framework
Svelte as a Reactive Web FrameworkUniversity of Moratuwa, Katubedda, Sri Lanka
 
qmake入門
qmake入門qmake入門
qmake入門hermit4 Ishida
 
Netty & Apache Camel
Netty & Apache CamelNetty & Apache Camel
Netty & Apache Camelssogabe
 
ClickHouse Keeper
ClickHouse KeeperClickHouse Keeper
ClickHouse KeeperAltinity Ltd
 
ClickHouse Mark Cache, by Mik Kocikowski, Cloudflare
ClickHouse Mark Cache, by Mik Kocikowski, CloudflareClickHouse Mark Cache, by Mik Kocikowski, Cloudflare
ClickHouse Mark Cache, by Mik Kocikowski, CloudflareAltinity Ltd
 
Sql query patterns, optimized
Sql query patterns, optimizedSql query patterns, optimized
Sql query patterns, optimizedKarwin Software Solutions LLC
 
MongoDB Replica Sets
MongoDB Replica SetsMongoDB Replica Sets
MongoDB Replica SetsMongoDB
 
Reverse of DPAPI - BlackHat DC 2010
Reverse of DPAPI - BlackHat DC 2010Reverse of DPAPI - BlackHat DC 2010
Reverse of DPAPI - BlackHat DC 2010jmichel.p
 
Graal in GraalVM - A New JIT Compiler
Graal in GraalVM - A New JIT CompilerGraal in GraalVM - A New JIT Compiler
Graal in GraalVM - A New JIT CompilerKoichi Sakata
 
Git and Github
Git and GithubGit and Github
Git and GithubWen-Tien Chang
 
Altinity Quickstart for ClickHouse
Altinity Quickstart for ClickHouseAltinity Quickstart for ClickHouse
Altinity Quickstart for ClickHouseAltinity Ltd
 
Garbage First Garbage Collector (G1 GC) - Migration to, Expectations and Adva...
Garbage First Garbage Collector (G1 GC) - Migration to, Expectations and Adva...Garbage First Garbage Collector (G1 GC) - Migration to, Expectations and Adva...
Garbage First Garbage Collector (G1 GC) - Migration to, Expectations and Adva...Monica Beckwith
 
Better than you think: Handling JSON data in ClickHouse
Better than you think: Handling JSON data in ClickHouseBetter than you think: Handling JSON data in ClickHouse
Better than you think: Handling JSON data in ClickHouseAltinity Ltd
 
Getting Git Right
Getting Git RightGetting Git Right
Getting Git RightSven Peters
 
svn 능력자를 위한 git 개념 가이드
svn 능력자를 위한 git 개념 가이드svn 능력자를 위한 git 개념 가이드
svn 능력자를 위한 git 개념 가이드Insub Lee
 
Kamailio on Docker
Kamailio on DockerKamailio on Docker
Kamailio on DockerChien Cheng Wu
 
Dangerous on ClickHouse in 30 minutes, by Robert Hodges, Altinity CEO
Dangerous on ClickHouse in 30 minutes, by Robert Hodges, Altinity CEODangerous on ClickHouse in 30 minutes, by Robert Hodges, Altinity CEO
Dangerous on ClickHouse in 30 minutes, by Robert Hodges, Altinity CEOAltinity Ltd
 
Leveraging Envoy Proxy and GraphQL to Lower the Risk of Monolith to Microserv...
Leveraging Envoy Proxy and GraphQL to Lower the Risk of Monolith to Microserv...Leveraging Envoy Proxy and GraphQL to Lower the Risk of Monolith to Microserv...
Leveraging Envoy Proxy and GraphQL to Lower the Risk of Monolith to Microserv...Christian Posta
 
MongoDB - Aggregation Pipeline
MongoDB - Aggregation PipelineMongoDB - Aggregation Pipeline
MongoDB - Aggregation PipelineJason Terpko
 
How I make a podcast website using serverless technology in 2023
How I make a podcast website using serverless technology in 2023How I make a podcast website using serverless technology in 2023
How I make a podcast website using serverless technology in 2023Shengyou Fan
 
Advanced iOS Debbuging (Reloaded)
Advanced iOS Debbuging (Reloaded)Advanced iOS Debbuging (Reloaded)
Advanced iOS Debbuging (Reloaded)Massimo Oliviero
 
Serverless, The Middy Way - Workshop
Serverless, The Middy Way - WorkshopServerless, The Middy Way - Workshop
Serverless, The Middy Way - WorkshopLuciano Mammino
 

More Related Content

What's hot

Netty & Apache Camel
Netty & Apache CamelNetty & Apache Camel
Netty & Apache Camelssogabe
 
ClickHouse Mark Cache, by Mik Kocikowski, Cloudflare
ClickHouse Mark Cache, by Mik Kocikowski, CloudflareClickHouse Mark Cache, by Mik Kocikowski, Cloudflare
ClickHouse Mark Cache, by Mik Kocikowski, CloudflareAltinity Ltd
 
MongoDB Replica Sets
MongoDB Replica SetsMongoDB Replica Sets
MongoDB Replica SetsMongoDB
 
Reverse of DPAPI - BlackHat DC 2010
Reverse of DPAPI - BlackHat DC 2010Reverse of DPAPI - BlackHat DC 2010
Reverse of DPAPI - BlackHat DC 2010jmichel.p
 
Graal in GraalVM - A New JIT Compiler
Graal in GraalVM - A New JIT CompilerGraal in GraalVM - A New JIT Compiler
Graal in GraalVM - A New JIT CompilerKoichi Sakata
 
Altinity Quickstart for ClickHouse
Altinity Quickstart for ClickHouseAltinity Quickstart for ClickHouse
Altinity Quickstart for ClickHouseAltinity Ltd
 
Garbage First Garbage Collector (G1 GC) - Migration to, Expectations and Adva...
Garbage First Garbage Collector (G1 GC) - Migration to, Expectations and Adva...Garbage First Garbage Collector (G1 GC) - Migration to, Expectations and Adva...
Garbage First Garbage Collector (G1 GC) - Migration to, Expectations and Adva...Monica Beckwith
 
Better than you think: Handling JSON data in ClickHouse
Better than you think: Handling JSON data in ClickHouseBetter than you think: Handling JSON data in ClickHouse
Better than you think: Handling JSON data in ClickHouseAltinity Ltd
 
Getting Git Right
Getting Git RightGetting Git Right
Getting Git RightSven Peters
 
svn 능력자를 위한 git 개념 가이드
svn 능력자를 위한 git 개념 가이드svn 능력자를 위한 git 개념 가이드
svn 능력자를 위한 git 개념 가이드Insub Lee
 
Dangerous on ClickHouse in 30 minutes, by Robert Hodges, Altinity CEO
Dangerous on ClickHouse in 30 minutes, by Robert Hodges, Altinity CEODangerous on ClickHouse in 30 minutes, by Robert Hodges, Altinity CEO
Dangerous on ClickHouse in 30 minutes, by Robert Hodges, Altinity CEOAltinity Ltd
 
Leveraging Envoy Proxy and GraphQL to Lower the Risk of Monolith to Microserv...
Leveraging Envoy Proxy and GraphQL to Lower the Risk of Monolith to Microserv...Leveraging Envoy Proxy and GraphQL to Lower the Risk of Monolith to Microserv...
Leveraging Envoy Proxy and GraphQL to Lower the Risk of Monolith to Microserv...Christian Posta
 
MongoDB - Aggregation Pipeline
MongoDB - Aggregation PipelineMongoDB - Aggregation Pipeline
MongoDB - Aggregation PipelineJason Terpko
 
How I make a podcast website using serverless technology in 2023
How I make a podcast website using serverless technology in 2023How I make a podcast website using serverless technology in 2023
How I make a podcast website using serverless technology in 2023Shengyou Fan
 

What's hot (20)

Svelte as a Reactive Web Framework
Svelte as a Reactive Web FrameworkSvelte as a Reactive Web Framework
Svelte as a Reactive Web Framework
 
qmake入門
qmake入門qmake入門
qmake入門
 
Netty & Apache Camel
Netty & Apache CamelNetty & Apache Camel
Netty & Apache Camel
 
ClickHouse Keeper
ClickHouse KeeperClickHouse Keeper
ClickHouse Keeper
 
ClickHouse Mark Cache, by Mik Kocikowski, Cloudflare
ClickHouse Mark Cache, by Mik Kocikowski, CloudflareClickHouse Mark Cache, by Mik Kocikowski, Cloudflare
ClickHouse Mark Cache, by Mik Kocikowski, Cloudflare
 
Sql query patterns, optimized
Sql query patterns, optimizedSql query patterns, optimized
Sql query patterns, optimized
 
MongoDB Replica Sets
MongoDB Replica SetsMongoDB Replica Sets
MongoDB Replica Sets
 
Reverse of DPAPI - BlackHat DC 2010
Reverse of DPAPI - BlackHat DC 2010Reverse of DPAPI - BlackHat DC 2010
Reverse of DPAPI - BlackHat DC 2010
 
Graal in GraalVM - A New JIT Compiler
Graal in GraalVM - A New JIT CompilerGraal in GraalVM - A New JIT Compiler
Graal in GraalVM - A New JIT Compiler
 
Git and Github
Git and GithubGit and Github
Git and Github
 
Altinity Quickstart for ClickHouse
Altinity Quickstart for ClickHouseAltinity Quickstart for ClickHouse
Altinity Quickstart for ClickHouse
 
Garbage First Garbage Collector (G1 GC) - Migration to, Expectations and Adva...
Garbage First Garbage Collector (G1 GC) - Migration to, Expectations and Adva...Garbage First Garbage Collector (G1 GC) - Migration to, Expectations and Adva...
Garbage First Garbage Collector (G1 GC) - Migration to, Expectations and Adva...
 
Better than you think: Handling JSON data in ClickHouse
Better than you think: Handling JSON data in ClickHouseBetter than you think: Handling JSON data in ClickHouse
Better than you think: Handling JSON data in ClickHouse
 
Getting Git Right
Getting Git RightGetting Git Right
Getting Git Right
 
svn 능력자를 위한 git 개념 가이드
svn 능력자를 위한 git 개념 가이드svn 능력자를 위한 git 개념 가이드
svn 능력자를 위한 git 개념 가이드
 
Kamailio on Docker
Kamailio on DockerKamailio on Docker
Kamailio on Docker
 
Dangerous on ClickHouse in 30 minutes, by Robert Hodges, Altinity CEO
Dangerous on ClickHouse in 30 minutes, by Robert Hodges, Altinity CEODangerous on ClickHouse in 30 minutes, by Robert Hodges, Altinity CEO
Dangerous on ClickHouse in 30 minutes, by Robert Hodges, Altinity CEO
 
Leveraging Envoy Proxy and GraphQL to Lower the Risk of Monolith to Microserv...
Leveraging Envoy Proxy and GraphQL to Lower the Risk of Monolith to Microserv...Leveraging Envoy Proxy and GraphQL to Lower the Risk of Monolith to Microserv...
Leveraging Envoy Proxy and GraphQL to Lower the Risk of Monolith to Microserv...
 
MongoDB - Aggregation Pipeline
MongoDB - Aggregation PipelineMongoDB - Aggregation Pipeline
MongoDB - Aggregation Pipeline
 
How I make a podcast website using serverless technology in 2023
How I make a podcast website using serverless technology in 2023How I make a podcast website using serverless technology in 2023
How I make a podcast website using serverless technology in 2023
 

Similar to [CB20] DeClang: Anti-hacking compiler by Mengyuan Wan

Advanced iOS Debbuging (Reloaded)
Advanced iOS Debbuging (Reloaded)Advanced iOS Debbuging (Reloaded)
Advanced iOS Debbuging (Reloaded)Massimo Oliviero
 
Serverless, The Middy Way - Workshop
Serverless, The Middy Way - WorkshopServerless, The Middy Way - Workshop
Serverless, The Middy Way - WorkshopLuciano Mammino
 
NanoSec Conference 2019: Code Execution Analysis in Mobile Apps - Abdullah Jo...
NanoSec Conference 2019: Code Execution Analysis in Mobile Apps - Abdullah Jo...NanoSec Conference 2019: Code Execution Analysis in Mobile Apps - Abdullah Jo...
NanoSec Conference 2019: Code Execution Analysis in Mobile Apps - Abdullah Jo...Hafez Kamal
 
Part II: LLVM Intermediate Representation
Part II: LLVM Intermediate RepresentationPart II: LLVM Intermediate Representation
Part II: LLVM Intermediate RepresentationWei-Ren Chen
 
不深不淺,帶你認識 LLVM (Found LLVM in your life)
不深不淺,帶你認識 LLVM (Found LLVM in your life)不深不淺,帶你認識 LLVM (Found LLVM in your life)
不深不淺,帶你認識 LLVM (Found LLVM in your life)Douglas Chen
 
Middy.js - A powerful Node.js middleware framework for your lambdas​
Middy.js - A powerful Node.js middleware framework for your lambdas​ Middy.js - A powerful Node.js middleware framework for your lambdas​
Middy.js - A powerful Node.js middleware framework for your lambdas​ Luciano Mammino
 
Adding a BOLT pass
Adding a BOLT passAdding a BOLT pass
Adding a BOLT passAmir42407
 
Write once on silicon
Write once on siliconWrite once on silicon
Write once on siliconSandip Ray
 
HKG15-207: Advanced Toolchain Usage Part 3
HKG15-207: Advanced Toolchain Usage Part 3HKG15-207: Advanced Toolchain Usage Part 3
HKG15-207: Advanced Toolchain Usage Part 3Linaro
 
HKG15-211: Advanced Toolchain Usage Part 4
HKG15-211: Advanced Toolchain Usage Part 4HKG15-211: Advanced Toolchain Usage Part 4
HKG15-211: Advanced Toolchain Usage Part 4Linaro
 
ENCOR SA Scenario Especifica o algoritmo de hashing de senha a ser usado, nes...
ENCOR SA Scenario Especifica o algoritmo de hashing de senha a ser usado, nes...ENCOR SA Scenario Especifica o algoritmo de hashing de senha a ser usado, nes...
ENCOR SA Scenario Especifica o algoritmo de hashing de senha a ser usado, nes...SilvioDias29
 
Writing Metasploit Plugins
Writing Metasploit PluginsWriting Metasploit Plugins
Writing Metasploit Pluginsamiable_indian
 
Linux+sensor+device-tree+shell=IoT !
Linux+sensor+device-tree+shell=IoT !Linux+sensor+device-tree+shell=IoT !
Linux+sensor+device-tree+shell=IoT !Dobrica Pavlinušić
 
Arduino by bishal bhattarai IOE, Pashchimanchal Campus Pokhara, Nepal
Arduino by bishal bhattarai IOE, Pashchimanchal Campus Pokhara, NepalArduino by bishal bhattarai IOE, Pashchimanchal Campus Pokhara, Nepal
Arduino by bishal bhattarai IOE, Pashchimanchal Campus Pokhara, Nepalbishal bhattarai
 
HKG15-300: Art's Quick Compiler: An unofficial overview
HKG15-300: Art's Quick Compiler: An unofficial overviewHKG15-300: Art's Quick Compiler: An unofficial overview
HKG15-300: Art's Quick Compiler: An unofficial overviewLinaro
 
[HES2013] Hacking apple accessories to pown iDevices – Wake up Neo! Your phon...
[HES2013] Hacking apple accessories to pown iDevices – Wake up Neo! Your phon...[HES2013] Hacking apple accessories to pown iDevices – Wake up Neo! Your phon...
[HES2013] Hacking apple accessories to pown iDevices – Wake up Neo! Your phon...Hackito Ergo Sum
 
Consequences of using the Copy-Paste method in C++ programming and how to dea...
Consequences of using the Copy-Paste method in C++ programming and how to dea...Consequences of using the Copy-Paste method in C++ programming and how to dea...
Consequences of using the Copy-Paste method in C++ programming and how to dea...Andrey Karpov
 
Build 2016 - B880 - Top 6 Reasons to Move Your C++ Code to Visual Studio 2015
Build 2016 - B880 - Top 6 Reasons to Move Your C++ Code to Visual Studio 2015Build 2016 - B880 - Top 6 Reasons to Move Your C++ Code to Visual Studio 2015
Build 2016 - B880 - Top 6 Reasons to Move Your C++ Code to Visual Studio 2015Windows Developer
 
The bytecode gobbledygook
The bytecode gobbledygookThe bytecode gobbledygook
The bytecode gobbledygookRaimon Ràfols
 

Similar to [CB20] DeClang: Anti-hacking compiler by Mengyuan Wan (20)

Advanced iOS Debbuging (Reloaded)
Advanced iOS Debbuging (Reloaded)Advanced iOS Debbuging (Reloaded)
Advanced iOS Debbuging (Reloaded)
 
Serverless, The Middy Way - Workshop
Serverless, The Middy Way - WorkshopServerless, The Middy Way - Workshop
Serverless, The Middy Way - Workshop
 
NanoSec Conference 2019: Code Execution Analysis in Mobile Apps - Abdullah Jo...
NanoSec Conference 2019: Code Execution Analysis in Mobile Apps - Abdullah Jo...NanoSec Conference 2019: Code Execution Analysis in Mobile Apps - Abdullah Jo...
NanoSec Conference 2019: Code Execution Analysis in Mobile Apps - Abdullah Jo...
 
Part II: LLVM Intermediate Representation
Part II: LLVM Intermediate RepresentationPart II: LLVM Intermediate Representation
Part II: LLVM Intermediate Representation
 
How to build the Web
How to build the WebHow to build the Web
How to build the Web
 
不深不淺,帶你認識 LLVM (Found LLVM in your life)
不深不淺,帶你認識 LLVM (Found LLVM in your life)不深不淺,帶你認識 LLVM (Found LLVM in your life)
不深不淺,帶你認識 LLVM (Found LLVM in your life)
 
Middy.js - A powerful Node.js middleware framework for your lambdas​
Middy.js - A powerful Node.js middleware framework for your lambdas​ Middy.js - A powerful Node.js middleware framework for your lambdas​
Middy.js - A powerful Node.js middleware framework for your lambdas​
 
Adding a BOLT pass
Adding a BOLT passAdding a BOLT pass
Adding a BOLT pass
 
Write once on silicon
Write once on siliconWrite once on silicon
Write once on silicon
 
HKG15-207: Advanced Toolchain Usage Part 3
HKG15-207: Advanced Toolchain Usage Part 3HKG15-207: Advanced Toolchain Usage Part 3
HKG15-207: Advanced Toolchain Usage Part 3
 
HKG15-211: Advanced Toolchain Usage Part 4
HKG15-211: Advanced Toolchain Usage Part 4HKG15-211: Advanced Toolchain Usage Part 4
HKG15-211: Advanced Toolchain Usage Part 4
 
ENCOR SA Scenario Especifica o algoritmo de hashing de senha a ser usado, nes...
ENCOR SA Scenario Especifica o algoritmo de hashing de senha a ser usado, nes...ENCOR SA Scenario Especifica o algoritmo de hashing de senha a ser usado, nes...
ENCOR SA Scenario Especifica o algoritmo de hashing de senha a ser usado, nes...
 
Writing Metasploit Plugins
Writing Metasploit PluginsWriting Metasploit Plugins
Writing Metasploit Plugins
 
Linux+sensor+device-tree+shell=IoT !
Linux+sensor+device-tree+shell=IoT !Linux+sensor+device-tree+shell=IoT !
Linux+sensor+device-tree+shell=IoT !
 
Arduino by bishal bhattarai IOE, Pashchimanchal Campus Pokhara, Nepal
Arduino by bishal bhattarai IOE, Pashchimanchal Campus Pokhara, NepalArduino by bishal bhattarai IOE, Pashchimanchal Campus Pokhara, Nepal
Arduino by bishal bhattarai IOE, Pashchimanchal Campus Pokhara, Nepal
 
HKG15-300: Art's Quick Compiler: An unofficial overview
HKG15-300: Art's Quick Compiler: An unofficial overviewHKG15-300: Art's Quick Compiler: An unofficial overview
HKG15-300: Art's Quick Compiler: An unofficial overview
 
[HES2013] Hacking apple accessories to pown iDevices – Wake up Neo! Your phon...
[HES2013] Hacking apple accessories to pown iDevices – Wake up Neo! Your phon...[HES2013] Hacking apple accessories to pown iDevices – Wake up Neo! Your phon...
[HES2013] Hacking apple accessories to pown iDevices – Wake up Neo! Your phon...
 
Consequences of using the Copy-Paste method in C++ programming and how to dea...
Consequences of using the Copy-Paste method in C++ programming and how to dea...Consequences of using the Copy-Paste method in C++ programming and how to dea...
Consequences of using the Copy-Paste method in C++ programming and how to dea...
 
Build 2016 - B880 - Top 6 Reasons to Move Your C++ Code to Visual Studio 2015
Build 2016 - B880 - Top 6 Reasons to Move Your C++ Code to Visual Studio 2015Build 2016 - B880 - Top 6 Reasons to Move Your C++ Code to Visual Studio 2015
Build 2016 - B880 - Top 6 Reasons to Move Your C++ Code to Visual Studio 2015
 
The bytecode gobbledygook
The bytecode gobbledygookThe bytecode gobbledygook
The bytecode gobbledygook
 

More from CODE BLUE

[cb22] Hayabusa Threat Hunting and Fast Forensics in Windows environments fo...
[cb22] Hayabusa Threat Hunting and Fast Forensics in Windows environments fo...[cb22] Hayabusa Threat Hunting and Fast Forensics in Windows environments fo...
[cb22] Hayabusa Threat Hunting and Fast Forensics in Windows environments fo...CODE BLUE
 
[cb22] Tales of 5G hacking by Karsten Nohl
[cb22] Tales of 5G hacking by Karsten Nohl[cb22] Tales of 5G hacking by Karsten Nohl
[cb22] Tales of 5G hacking by Karsten NohlCODE BLUE
 
[cb22] Your Printer is not your Printer ! - Hacking Printers at Pwn2Own by A...
[cb22] Your Printer is not your Printer ! - Hacking Printers at Pwn2Own by A...[cb22] Your Printer is not your Printer ! - Hacking Printers at Pwn2Own by A...
[cb22] Your Printer is not your Printer ! - Hacking Printers at Pwn2Own by A...CODE BLUE
 
[cb22] "The Present and Future of Coordinated Vulnerability Disclosure" Inter...
[cb22] "The Present and Future of Coordinated Vulnerability Disclosure" Inter...[cb22] "The Present and Future of Coordinated Vulnerability Disclosure" Inter...
[cb22] "The Present and Future of Coordinated Vulnerability Disclosure" Inter...CODE BLUE
 
[cb22] 「協調された脆弱性開示の現在と未来」国際的なパネルディスカッション(4) by 板橋 博之
[cb22] 「協調された脆弱性開示の現在と未来」国際的なパネルディスカッション(4) by 板橋 博之[cb22] 「協調された脆弱性開示の現在と未来」国際的なパネルディスカッション(4) by 板橋 博之
[cb22] 「協調された脆弱性開示の現在と未来」国際的なパネルディスカッション(4) by 板橋 博之CODE BLUE
 
[cb22] "The Present and Future of Coordinated Vulnerability Disclosure" Inter...
[cb22] "The Present and Future of Coordinated Vulnerability Disclosure" Inter...[cb22] "The Present and Future of Coordinated Vulnerability Disclosure" Inter...
[cb22] "The Present and Future of Coordinated Vulnerability Disclosure" Inter...CODE BLUE
 
[cb22] 「協調された脆弱性開示の現在と未来」国際的なパネルディスカッション(3) by Lorenzo Pupillo
[cb22] 「協調された脆弱性開示の現在と未来」国際的なパネルディスカッション(3) by Lorenzo Pupillo[cb22] 「協調された脆弱性開示の現在と未来」国際的なパネルディスカッション(3) by Lorenzo Pupillo
[cb22] 「協調された脆弱性開示の現在と未来」国際的なパネルディスカッション(3) by Lorenzo PupilloCODE BLUE
 
[cb22] ”The Present and Future of Coordinated Vulnerability Disclosure” Inte...
[cb22] ”The Present and Future of Coordinated Vulnerability Disclosure” Inte...[cb22] ”The Present and Future of Coordinated Vulnerability Disclosure” Inte...
[cb22] ”The Present and Future of Coordinated Vulnerability Disclosure” Inte...CODE BLUE
 
[cb22] 「協調された脆弱性開示の現在と未来」国際的なパネルディスカッション(2)by Allan Friedman
[cb22] 「協調された脆弱性開示の現在と未来」国際的なパネルディスカッション(2)by Allan Friedman [cb22] 「協調された脆弱性開示の現在と未来」国際的なパネルディスカッション(2)by Allan Friedman
[cb22] 「協調された脆弱性開示の現在と未来」国際的なパネルディスカッション(2)by Allan Friedman CODE BLUE
 
[cb22] "The Present and Future of Coordinated Vulnerability Disclosure" Inter...
[cb22] "The Present and Future of Coordinated Vulnerability Disclosure" Inter...[cb22] "The Present and Future of Coordinated Vulnerability Disclosure" Inter...
[cb22] "The Present and Future of Coordinated Vulnerability Disclosure" Inter...CODE BLUE
 
[cb22] 「協調された脆弱性開示の現在と未来」国際的なパネルディスカッション (1)by 高橋 郁夫
[cb22] 「協調された脆弱性開示の現在と未来」国際的なパネルディスカッション (1)by 高橋 郁夫[cb22] 「協調された脆弱性開示の現在と未来」国際的なパネルディスカッション (1)by 高橋 郁夫
[cb22] 「協調された脆弱性開示の現在と未来」国際的なパネルディスカッション (1)by 高橋 郁夫CODE BLUE
 
[cb22] Are Embedded Devices Ready for ROP Attacks? -ROP verification for low-...
[cb22] Are Embedded Devices Ready for ROP Attacks? -ROP verification for low-...[cb22] Are Embedded Devices Ready for ROP Attacks? -ROP verification for low-...
[cb22] Are Embedded Devices Ready for ROP Attacks? -ROP verification for low-...CODE BLUE
 
[cb22] Wslinkのマルチレイヤーな仮想環境について by Vladislav Hrčka
[cb22] Wslinkのマルチレイヤーな仮想環境について by Vladislav Hrčka [cb22] Wslinkのマルチレイヤーな仮想環境について by Vladislav Hrčka
[cb22] Wslinkのマルチレイヤーな仮想環境について by Vladislav Hrčka CODE BLUE
 
[cb22] Under the hood of Wslink’s multilayered virtual machine en by Vladisla...
[cb22] Under the hood of Wslink’s multilayered virtual machine en by Vladisla...[cb22] Under the hood of Wslink’s multilayered virtual machine en by Vladisla...
[cb22] Under the hood of Wslink’s multilayered virtual machine en by Vladisla...CODE BLUE
 
[cb22] CloudDragon’s Credential Factory is Powering Up Its Espionage Activiti...
[cb22] CloudDragon’s Credential Factory is Powering Up Its Espionage Activiti...[cb22] CloudDragon’s Credential Factory is Powering Up Its Espionage Activiti...
[cb22] CloudDragon’s Credential Factory is Powering Up Its Espionage Activiti...CODE BLUE
 
[cb22] From Parroting to Echoing: The Evolution of China’s Bots-Driven Info...
[cb22] From Parroting to Echoing: The Evolution of China’s Bots-Driven Info...[cb22] From Parroting to Echoing: The Evolution of China’s Bots-Driven Info...
[cb22] From Parroting to Echoing: The Evolution of China’s Bots-Driven Info...CODE BLUE
 
[cb22] Who is the Mal-Gopher? - Implementation and Evaluation of “gimpfuzzy”...
[cb22] Who is the Mal-Gopher? - Implementation and Evaluation of “gimpfuzzy”...[cb22] Who is the Mal-Gopher? - Implementation and Evaluation of “gimpfuzzy”...
[cb22] Who is the Mal-Gopher? - Implementation and Evaluation of “gimpfuzzy”...CODE BLUE
 
[cb22] Mal-gopherとは?Go系マルウェアの分類のためのgimpfuzzy実装と評価 by 澤部 祐太, 甘粕 伸幸, 野村 和也
[cb22] Mal-gopherとは?Go系マルウェアの分類のためのgimpfuzzy実装と評価 by 澤部 祐太, 甘粕 伸幸, 野村 和也[cb22] Mal-gopherとは?Go系マルウェアの分類のためのgimpfuzzy実装と評価 by 澤部 祐太, 甘粕 伸幸, 野村 和也
[cb22] Mal-gopherとは?Go系マルウェアの分類のためのgimpfuzzy実装と評価 by 澤部 祐太, 甘粕 伸幸, 野村 和也CODE BLUE
 
[cb22] Tracking the Entire Iceberg - Long-term APT Malware C2 Protocol Emulat...
[cb22] Tracking the Entire Iceberg - Long-term APT Malware C2 Protocol Emulat...[cb22] Tracking the Entire Iceberg - Long-term APT Malware C2 Protocol Emulat...
[cb22] Tracking the Entire Iceberg - Long-term APT Malware C2 Protocol Emulat...CODE BLUE
 
[cb22] Fight Against Malware Development Life Cycle by Shusei Tomonaga and Yu...
[cb22] Fight Against Malware Development Life Cycle by Shusei Tomonaga and Yu...[cb22] Fight Against Malware Development Life Cycle by Shusei Tomonaga and Yu...
[cb22] Fight Against Malware Development Life Cycle by Shusei Tomonaga and Yu...CODE BLUE
 

More from CODE BLUE (20)

[cb22] Hayabusa Threat Hunting and Fast Forensics in Windows environments fo...
[cb22] Hayabusa Threat Hunting and Fast Forensics in Windows environments fo...[cb22] Hayabusa Threat Hunting and Fast Forensics in Windows environments fo...
[cb22] Hayabusa Threat Hunting and Fast Forensics in Windows environments fo...
 
[cb22] Tales of 5G hacking by Karsten Nohl
[cb22] Tales of 5G hacking by Karsten Nohl[cb22] Tales of 5G hacking by Karsten Nohl
[cb22] Tales of 5G hacking by Karsten Nohl
 
[cb22] Your Printer is not your Printer ! - Hacking Printers at Pwn2Own by A...
[cb22] Your Printer is not your Printer ! - Hacking Printers at Pwn2Own by A...[cb22] Your Printer is not your Printer ! - Hacking Printers at Pwn2Own by A...
[cb22] Your Printer is not your Printer ! - Hacking Printers at Pwn2Own by A...
 
[cb22] "The Present and Future of Coordinated Vulnerability Disclosure" Inter...
[cb22] "The Present and Future of Coordinated Vulnerability Disclosure" Inter...[cb22] "The Present and Future of Coordinated Vulnerability Disclosure" Inter...
[cb22] "The Present and Future of Coordinated Vulnerability Disclosure" Inter...
 
[cb22] 「協調された脆弱性開示の現在と未来」国際的なパネルディスカッション(4) by 板橋 博之
[cb22] 「協調された脆弱性開示の現在と未来」国際的なパネルディスカッション(4) by 板橋 博之[cb22] 「協調された脆弱性開示の現在と未来」国際的なパネルディスカッション(4) by 板橋 博之
[cb22] 「協調された脆弱性開示の現在と未来」国際的なパネルディスカッション(4) by 板橋 博之
 
[cb22] "The Present and Future of Coordinated Vulnerability Disclosure" Inter...
[cb22] "The Present and Future of Coordinated Vulnerability Disclosure" Inter...[cb22] "The Present and Future of Coordinated Vulnerability Disclosure" Inter...
[cb22] "The Present and Future of Coordinated Vulnerability Disclosure" Inter...
 
[cb22] 「協調された脆弱性開示の現在と未来」国際的なパネルディスカッション(3) by Lorenzo Pupillo
[cb22] 「協調された脆弱性開示の現在と未来」国際的なパネルディスカッション(3) by Lorenzo Pupillo[cb22] 「協調された脆弱性開示の現在と未来」国際的なパネルディスカッション(3) by Lorenzo Pupillo
[cb22] 「協調された脆弱性開示の現在と未来」国際的なパネルディスカッション(3) by Lorenzo Pupillo
 
[cb22] ”The Present and Future of Coordinated Vulnerability Disclosure” Inte...
[cb22] ”The Present and Future of Coordinated Vulnerability Disclosure” Inte...[cb22] ”The Present and Future of Coordinated Vulnerability Disclosure” Inte...
[cb22] ”The Present and Future of Coordinated Vulnerability Disclosure” Inte...
 
[cb22] 「協調された脆弱性開示の現在と未来」国際的なパネルディスカッション(2)by Allan Friedman
[cb22] 「協調された脆弱性開示の現在と未来」国際的なパネルディスカッション(2)by Allan Friedman [cb22] 「協調された脆弱性開示の現在と未来」国際的なパネルディスカッション(2)by Allan Friedman
[cb22] 「協調された脆弱性開示の現在と未来」国際的なパネルディスカッション(2)by Allan Friedman
 
[cb22] "The Present and Future of Coordinated Vulnerability Disclosure" Inter...
[cb22] "The Present and Future of Coordinated Vulnerability Disclosure" Inter...[cb22] "The Present and Future of Coordinated Vulnerability Disclosure" Inter...
[cb22] "The Present and Future of Coordinated Vulnerability Disclosure" Inter...
 
[cb22] 「協調された脆弱性開示の現在と未来」国際的なパネルディスカッション (1)by 高橋 郁夫
[cb22] 「協調された脆弱性開示の現在と未来」国際的なパネルディスカッション (1)by 高橋 郁夫[cb22] 「協調された脆弱性開示の現在と未来」国際的なパネルディスカッション (1)by 高橋 郁夫
[cb22] 「協調された脆弱性開示の現在と未来」国際的なパネルディスカッション (1)by 高橋 郁夫
 
[cb22] Are Embedded Devices Ready for ROP Attacks? -ROP verification for low-...
[cb22] Are Embedded Devices Ready for ROP Attacks? -ROP verification for low-...[cb22] Are Embedded Devices Ready for ROP Attacks? -ROP verification for low-...
[cb22] Are Embedded Devices Ready for ROP Attacks? -ROP verification for low-...
 
[cb22] Wslinkのマルチレイヤーな仮想環境について by Vladislav Hrčka
[cb22] Wslinkのマルチレイヤーな仮想環境について by Vladislav Hrčka [cb22] Wslinkのマルチレイヤーな仮想環境について by Vladislav Hrčka
[cb22] Wslinkのマルチレイヤーな仮想環境について by Vladislav Hrčka
 
[cb22] Under the hood of Wslink’s multilayered virtual machine en by Vladisla...
[cb22] Under the hood of Wslink’s multilayered virtual machine en by Vladisla...[cb22] Under the hood of Wslink’s multilayered virtual machine en by Vladisla...
[cb22] Under the hood of Wslink’s multilayered virtual machine en by Vladisla...
 
[cb22] CloudDragon’s Credential Factory is Powering Up Its Espionage Activiti...
[cb22] CloudDragon’s Credential Factory is Powering Up Its Espionage Activiti...[cb22] CloudDragon’s Credential Factory is Powering Up Its Espionage Activiti...
[cb22] CloudDragon’s Credential Factory is Powering Up Its Espionage Activiti...
 
[cb22] From Parroting to Echoing: The Evolution of China’s Bots-Driven Info...
[cb22] From Parroting to Echoing: The Evolution of China’s Bots-Driven Info...[cb22] From Parroting to Echoing: The Evolution of China’s Bots-Driven Info...
[cb22] From Parroting to Echoing: The Evolution of China’s Bots-Driven Info...
 
[cb22] Who is the Mal-Gopher? - Implementation and Evaluation of “gimpfuzzy”...
[cb22] Who is the Mal-Gopher? - Implementation and Evaluation of “gimpfuzzy”...[cb22] Who is the Mal-Gopher? - Implementation and Evaluation of “gimpfuzzy”...
[cb22] Who is the Mal-Gopher? - Implementation and Evaluation of “gimpfuzzy”...
 
[cb22] Mal-gopherとは?Go系マルウェアの分類のためのgimpfuzzy実装と評価 by 澤部 祐太, 甘粕 伸幸, 野村 和也
[cb22] Mal-gopherとは?Go系マルウェアの分類のためのgimpfuzzy実装と評価 by 澤部 祐太, 甘粕 伸幸, 野村 和也[cb22] Mal-gopherとは?Go系マルウェアの分類のためのgimpfuzzy実装と評価 by 澤部 祐太, 甘粕 伸幸, 野村 和也
[cb22] Mal-gopherとは?Go系マルウェアの分類のためのgimpfuzzy実装と評価 by 澤部 祐太, 甘粕 伸幸, 野村 和也
 
[cb22] Tracking the Entire Iceberg - Long-term APT Malware C2 Protocol Emulat...
[cb22] Tracking the Entire Iceberg - Long-term APT Malware C2 Protocol Emulat...[cb22] Tracking the Entire Iceberg - Long-term APT Malware C2 Protocol Emulat...
[cb22] Tracking the Entire Iceberg - Long-term APT Malware C2 Protocol Emulat...
 
[cb22] Fight Against Malware Development Life Cycle by Shusei Tomonaga and Yu...
[cb22] Fight Against Malware Development Life Cycle by Shusei Tomonaga and Yu...[cb22] Fight Against Malware Development Life Cycle by Shusei Tomonaga and Yu...
[cb22] Fight Against Malware Development Life Cycle by Shusei Tomonaga and Yu...
 

Recently uploaded

Microsoft Copilot AI for Everyone - created by AI
Microsoft Copilot AI for Everyone - created by AIMicrosoft Copilot AI for Everyone - created by AI
Microsoft Copilot AI for Everyone - created by AITatiana Gurgel
 
No Advance 8868886958 Chandigarh Call Girls , Indian Call Girls For Full Nigh...
No Advance 8868886958 Chandigarh Call Girls , Indian Call Girls For Full Nigh...No Advance 8868886958 Chandigarh Call Girls , Indian Call Girls For Full Nigh...
No Advance 8868886958 Chandigarh Call Girls , Indian Call Girls For Full Nigh...Sheetaleventcompany
 
Genesis part 2 Isaiah Scudder 04-24-2024.pptx
Genesis part 2 Isaiah Scudder 04-24-2024.pptxGenesis part 2 Isaiah Scudder 04-24-2024.pptx
Genesis part 2 Isaiah Scudder 04-24-2024.pptxFamilyWorshipCenterD
 
OSCamp Kubernetes 2024 | Zero-Touch OS-Infrastruktur für Container und Kubern...
OSCamp Kubernetes 2024 | Zero-Touch OS-Infrastruktur für Container und Kubern...OSCamp Kubernetes 2024 | Zero-Touch OS-Infrastruktur für Container und Kubern...
OSCamp Kubernetes 2024 | Zero-Touch OS-Infrastruktur für Container und Kubern...NETWAYS
 
Philippine History cavite Mutiny Report.ppt
Philippine History cavite Mutiny Report.pptPhilippine History cavite Mutiny Report.ppt
Philippine History cavite Mutiny Report.pptssuser319dad
 
Open Source Strategy in Logistics 2015_Henrik Hankedvz-d-nl-log-conference.pdf
Open Source Strategy in Logistics 2015_Henrik Hankedvz-d-nl-log-conference.pdfOpen Source Strategy in Logistics 2015_Henrik Hankedvz-d-nl-log-conference.pdf
Open Source Strategy in Logistics 2015_Henrik Hankedvz-d-nl-log-conference.pdfhenrik385807
 
George Lever - eCommerce Day Chile 2024
George Lever - eCommerce Day Chile 2024George Lever - eCommerce Day Chile 2024
George Lever - eCommerce Day Chile 2024eCommerce Institute
 
ANCHORING SCRIPT FOR A CULTURAL EVENT.docx
ANCHORING SCRIPT FOR A CULTURAL EVENT.docxANCHORING SCRIPT FOR A CULTURAL EVENT.docx
ANCHORING SCRIPT FOR A CULTURAL EVENT.docxNikitaBankoti2
 
OSCamp Kubernetes 2024 | SRE Challenges in Monolith to Microservices Shift at...
OSCamp Kubernetes 2024 | SRE Challenges in Monolith to Microservices Shift at...OSCamp Kubernetes 2024 | SRE Challenges in Monolith to Microservices Shift at...
OSCamp Kubernetes 2024 | SRE Challenges in Monolith to Microservices Shift at...NETWAYS
 
Call Girl Number in Khar Mumbai📲 9892124323 💞 Full Night Enjoy
Call Girl Number in Khar Mumbai📲 9892124323 💞 Full Night EnjoyCall Girl Number in Khar Mumbai📲 9892124323 💞 Full Night Enjoy
Call Girl Number in Khar Mumbai📲 9892124323 💞 Full Night EnjoyPooja Nehwal
 
Andrés Ramírez Gossler, Facundo Schinnea - eCommerce Day Chile 2024
Andrés Ramírez Gossler, Facundo Schinnea - eCommerce Day Chile 2024Andrés Ramírez Gossler, Facundo Schinnea - eCommerce Day Chile 2024
Andrés Ramírez Gossler, Facundo Schinnea - eCommerce Day Chile 2024eCommerce Institute
 
OSCamp Kubernetes 2024 | A Tester's Guide to CI_CD as an Automated Quality Co...
OSCamp Kubernetes 2024 | A Tester's Guide to CI_CD as an Automated Quality Co...OSCamp Kubernetes 2024 | A Tester's Guide to CI_CD as an Automated Quality Co...
OSCamp Kubernetes 2024 | A Tester's Guide to CI_CD as an Automated Quality Co...NETWAYS
 
Re-membering the Bard: Revisiting The Compleat Wrks of Wllm Shkspr (Abridged)...
Re-membering the Bard: Revisiting The Compleat Wrks of Wllm Shkspr (Abridged)...Re-membering the Bard: Revisiting The Compleat Wrks of Wllm Shkspr (Abridged)...
Re-membering the Bard: Revisiting The Compleat Wrks of Wllm Shkspr (Abridged)...Hasting Chen
 
Motivation and Theory Maslow and Murray pdf
Motivation and Theory Maslow and Murray pdfMotivation and Theory Maslow and Murray pdf
Motivation and Theory Maslow and Murray pdfakankshagupta7348026
 
CTAC 2024 Valencia - Sven Zoelle - Most Crucial Invest to Digitalisation_slid...
CTAC 2024 Valencia - Sven Zoelle - Most Crucial Invest to Digitalisation_slid...CTAC 2024 Valencia - Sven Zoelle - Most Crucial Invest to Digitalisation_slid...
CTAC 2024 Valencia - Sven Zoelle - Most Crucial Invest to Digitalisation_slid...henrik385807
 
CTAC 2024 Valencia - Henrik Hanke - Reduce to the max - slideshare.pdf
CTAC 2024 Valencia - Henrik Hanke - Reduce to the max - slideshare.pdfCTAC 2024 Valencia - Henrik Hanke - Reduce to the max - slideshare.pdf
CTAC 2024 Valencia - Henrik Hanke - Reduce to the max - slideshare.pdfhenrik385807
 
Presentation for the Strategic Dialogue on the Future of Agriculture, Brussel...
Presentation for the Strategic Dialogue on the Future of Agriculture, Brussel...Presentation for the Strategic Dialogue on the Future of Agriculture, Brussel...
Presentation for the Strategic Dialogue on the Future of Agriculture, Brussel...Krijn Poppe
 
Open Source Camp Kubernetes 2024 | Monitoring Kubernetes With Icinga by Eric ...
Open Source Camp Kubernetes 2024 | Monitoring Kubernetes With Icinga by Eric ...Open Source Camp Kubernetes 2024 | Monitoring Kubernetes With Icinga by Eric ...
Open Source Camp Kubernetes 2024 | Monitoring Kubernetes With Icinga by Eric ...NETWAYS
 
Night 7k Call Girls Noida Sector 128 Call Me: 8448380779
Night 7k Call Girls Noida Sector 128 Call Me: 8448380779Night 7k Call Girls Noida Sector 128 Call Me: 8448380779
Night 7k Call Girls Noida Sector 128 Call Me: 8448380779Delhi Call girls
 
Russian Call Girls in Kolkata Vaishnavi 🤌 8250192130 🚀 Vip Call Girls Kolkata
Russian Call Girls in Kolkata Vaishnavi 🤌 8250192130 🚀 Vip Call Girls KolkataRussian Call Girls in Kolkata Vaishnavi 🤌 8250192130 🚀 Vip Call Girls Kolkata
Russian Call Girls in Kolkata Vaishnavi 🤌 8250192130 🚀 Vip Call Girls Kolkataanamikaraghav4
 

Recently uploaded (20)

Microsoft Copilot AI for Everyone - created by AI
Microsoft Copilot AI for Everyone - created by AIMicrosoft Copilot AI for Everyone - created by AI
Microsoft Copilot AI for Everyone - created by AI
 
No Advance 8868886958 Chandigarh Call Girls , Indian Call Girls For Full Nigh...
No Advance 8868886958 Chandigarh Call Girls , Indian Call Girls For Full Nigh...No Advance 8868886958 Chandigarh Call Girls , Indian Call Girls For Full Nigh...
No Advance 8868886958 Chandigarh Call Girls , Indian Call Girls For Full Nigh...
 
Genesis part 2 Isaiah Scudder 04-24-2024.pptx
Genesis part 2 Isaiah Scudder 04-24-2024.pptxGenesis part 2 Isaiah Scudder 04-24-2024.pptx
Genesis part 2 Isaiah Scudder 04-24-2024.pptx
 
OSCamp Kubernetes 2024 | Zero-Touch OS-Infrastruktur für Container und Kubern...
OSCamp Kubernetes 2024 | Zero-Touch OS-Infrastruktur für Container und Kubern...OSCamp Kubernetes 2024 | Zero-Touch OS-Infrastruktur für Container und Kubern...
OSCamp Kubernetes 2024 | Zero-Touch OS-Infrastruktur für Container und Kubern...
 
Philippine History cavite Mutiny Report.ppt
Philippine History cavite Mutiny Report.pptPhilippine History cavite Mutiny Report.ppt
Philippine History cavite Mutiny Report.ppt
 
Open Source Strategy in Logistics 2015_Henrik Hankedvz-d-nl-log-conference.pdf
Open Source Strategy in Logistics 2015_Henrik Hankedvz-d-nl-log-conference.pdfOpen Source Strategy in Logistics 2015_Henrik Hankedvz-d-nl-log-conference.pdf
Open Source Strategy in Logistics 2015_Henrik Hankedvz-d-nl-log-conference.pdf
 
George Lever - eCommerce Day Chile 2024
George Lever - eCommerce Day Chile 2024George Lever - eCommerce Day Chile 2024
George Lever - eCommerce Day Chile 2024
 
ANCHORING SCRIPT FOR A CULTURAL EVENT.docx
ANCHORING SCRIPT FOR A CULTURAL EVENT.docxANCHORING SCRIPT FOR A CULTURAL EVENT.docx
ANCHORING SCRIPT FOR A CULTURAL EVENT.docx
 
OSCamp Kubernetes 2024 | SRE Challenges in Monolith to Microservices Shift at...
OSCamp Kubernetes 2024 | SRE Challenges in Monolith to Microservices Shift at...OSCamp Kubernetes 2024 | SRE Challenges in Monolith to Microservices Shift at...
OSCamp Kubernetes 2024 | SRE Challenges in Monolith to Microservices Shift at...
 
Call Girl Number in Khar Mumbai📲 9892124323 💞 Full Night Enjoy
Call Girl Number in Khar Mumbai📲 9892124323 💞 Full Night EnjoyCall Girl Number in Khar Mumbai📲 9892124323 💞 Full Night Enjoy
Call Girl Number in Khar Mumbai📲 9892124323 💞 Full Night Enjoy
 
Andrés Ramírez Gossler, Facundo Schinnea - eCommerce Day Chile 2024
Andrés Ramírez Gossler, Facundo Schinnea - eCommerce Day Chile 2024Andrés Ramírez Gossler, Facundo Schinnea - eCommerce Day Chile 2024
Andrés Ramírez Gossler, Facundo Schinnea - eCommerce Day Chile 2024
 
OSCamp Kubernetes 2024 | A Tester's Guide to CI_CD as an Automated Quality Co...
OSCamp Kubernetes 2024 | A Tester's Guide to CI_CD as an Automated Quality Co...OSCamp Kubernetes 2024 | A Tester's Guide to CI_CD as an Automated Quality Co...
OSCamp Kubernetes 2024 | A Tester's Guide to CI_CD as an Automated Quality Co...
 
Re-membering the Bard: Revisiting The Compleat Wrks of Wllm Shkspr (Abridged)...
Re-membering the Bard: Revisiting The Compleat Wrks of Wllm Shkspr (Abridged)...Re-membering the Bard: Revisiting The Compleat Wrks of Wllm Shkspr (Abridged)...
Re-membering the Bard: Revisiting The Compleat Wrks of Wllm Shkspr (Abridged)...
 
Motivation and Theory Maslow and Murray pdf
Motivation and Theory Maslow and Murray pdfMotivation and Theory Maslow and Murray pdf
Motivation and Theory Maslow and Murray pdf
 
CTAC 2024 Valencia - Sven Zoelle - Most Crucial Invest to Digitalisation_slid...
CTAC 2024 Valencia - Sven Zoelle - Most Crucial Invest to Digitalisation_slid...CTAC 2024 Valencia - Sven Zoelle - Most Crucial Invest to Digitalisation_slid...
CTAC 2024 Valencia - Sven Zoelle - Most Crucial Invest to Digitalisation_slid...
 
CTAC 2024 Valencia - Henrik Hanke - Reduce to the max - slideshare.pdf
CTAC 2024 Valencia - Henrik Hanke - Reduce to the max - slideshare.pdfCTAC 2024 Valencia - Henrik Hanke - Reduce to the max - slideshare.pdf
CTAC 2024 Valencia - Henrik Hanke - Reduce to the max - slideshare.pdf
 
Presentation for the Strategic Dialogue on the Future of Agriculture, Brussel...
Presentation for the Strategic Dialogue on the Future of Agriculture, Brussel...Presentation for the Strategic Dialogue on the Future of Agriculture, Brussel...
Presentation for the Strategic Dialogue on the Future of Agriculture, Brussel...
 
Open Source Camp Kubernetes 2024 | Monitoring Kubernetes With Icinga by Eric ...
Open Source Camp Kubernetes 2024 | Monitoring Kubernetes With Icinga by Eric ...Open Source Camp Kubernetes 2024 | Monitoring Kubernetes With Icinga by Eric ...
Open Source Camp Kubernetes 2024 | Monitoring Kubernetes With Icinga by Eric ...
 
Night 7k Call Girls Noida Sector 128 Call Me: 8448380779
Night 7k Call Girls Noida Sector 128 Call Me: 8448380779Night 7k Call Girls Noida Sector 128 Call Me: 8448380779
Night 7k Call Girls Noida Sector 128 Call Me: 8448380779
 
Russian Call Girls in Kolkata Vaishnavi 🤌 8250192130 🚀 Vip Call Girls Kolkata
Russian Call Girls in Kolkata Vaishnavi 🤌 8250192130 🚀 Vip Call Girls KolkataRussian Call Girls in Kolkata Vaishnavi 🤌 8250192130 🚀 Vip Call Girls Kolkata
Russian Call Girls in Kolkata Vaishnavi 🤌 8250192130 🚀 Vip Call Girls Kolkata
 

[CB20] DeClang: Anti-hacking compiler by Mengyuan Wan

  • 1. CODE BLUE 2020 DeClang : Anti-hacking Compiler Mengyuan Wan 万萌遠
  • 2. CODE BLUE 2020 Self Introduction ≫ Security Engineer at DeNA Co., Ltd. ≫ Reverse Engineering / Developing / SOC / Application Pentesting / Cloud Security etc. ≫ CISSP ≫ Contacts − GitHub: https://www.github.com/nevermoe − Twitter: @nevermoecom 2
  • 3. CODE BLUE 2020 Agenda ≫ Motivation ≫ DeClang Introduction & Features ≫ An O-LLVM Bug & Fix ≫ Conclusion 3
  • 4. CODE BLUE 2020 Motivation ≫ Game cheating, app hacking is everywhere − Memory Hacking − Time Hacking − Network Traffic Tampering − Binary Tampering − Hooking − Assets dumping − etc. 4
  • 5. CODE BLUE 2020 Motivation ≫ Commercial anti-hacking solutions are expensive − Packer − Anti-hacking Library − Obfuscation Compiler 5
  • 6. CODE BLUE 2020 Motivation ≫ Can we create a free, open sourced anti-hacking solution? − You can’t open source a packer or an anti-hacking library. − But you can open source an obfuscation compiler partly. 6 * Other reasons: https://www.slideshare.net/dena_tech/declang-clang-dena-techcon-2020
  • 7. CODE BLUE 2020 Motivation ≫ That is DeClang − An anti-hacking compiler partly open sourced. − Based on LLVM project and extended Obfuscator-LLVM: https://github.com/obfuscator-llvm/obfuscator − Free to secure your apps and games. (Apache License 2.0) − https://github.com/DeNA/DeClang 7
  • 8. CODE BLUE 2020 Motivation ≫ Why DeClang? − Compatible with Unity build flow, mobile apps build flow. − Cross-platform • Host ➢ Windows / OSX / Linux • Target ➢ X86 / X64 / ARM / AArch64 ➢ Elf / Mach-O / PE ➢ Windows / OSX / Linux / Android / iOS • Build Flow ➢ Unity / Cocos2d / NDK / Xcode / Make / Visual Studio 8
  • 9. CODE BLUE 2020 DeClang Introduction ≫ Take Unity for example 9
  • 10. CODE BLUE 2020 DeClang Introduction ≫ Unity build flow Unity C# C++ IL2CPP iOS APK Apple Clang (Xcode) NDK Clang IPA 10 Android
  • 11. CODE BLUE 2020 DeClang Introduction ≫ How to integrate with DeClang? Unity C# C++ IL2CPP iOS APK Apple Clang (Xcode) NDK Clang IPA 11 Android
  • 12. CODE BLUE 2020 DeClang Introduction ≫ Simply replace official Clang with DeClang! − For Android, replace the Clang binary. − For iOS, set the CC and CXX environment variable. Unity C# C++ IL2CPP iOS APK DeClang (Xcode) NDK DeClang IPA Android 12
  • 13. CODE BLUE 2020 DeClang Introduction ≫ How to pass config parameters to compiler? − Pass -mllvm -fla to compiler − Add __attribute((__annotate__(("fla")))) to functions in source file 13
  • 14. CODE BLUE 2020 DeClang Introduction ≫ How to pass config parameters to compiler? − Pass -mllvm -fla to compiler − Add __attribute((__annotate__(("fla")))) to functions in source file ≫ You cannot control parameters passed to NDK in Unity build flow ≫ It’s difficult to modify C++ files generated by IL2CPP every time 😕 14
  • 15. CODE BLUE 2020 DeClang Introduction ≫ How to pass config parameters to compiler? − Set environment variable DECLANG_HOME & pass parameters by $DECLANG_HOME/.DeClang/config.json − Flexible: All the setup can be done in shell / powershell scripts. So it’s easy to integrate DeClang into CI. 15
  • 16. CODE BLUE 2020 ≫ Control Flow Flattening & Split Basic Blocks (Originated from O-LLVM) DeClang’s Feature "flatten": [ { "name": "PlayerShooting_Shoot_m", "split_level": 2 }, { "name": "^is_jailbroken$" } ] //config.json: 16
  • 17. CODE BLUE 2020 DeClang’s Feature ≫ Control Flow Flattening & Split Basic Blocks (Originated from O-LLVM) 17
  • 18. CODE BLUE 2020 ≫ Control Flow Flattening & Split Basic Blocks (Originated from O-LLVM) DeClang’s Feature 18
  • 19. CODE BLUE 2020 DeClang’s Feature { "overall_obfuscation": 100 // obfuscation percentage } //config.json: ≫ Indirect Branch (Original Feature) − It is globally applied so you don’t bother selecting target functions. − However it is weaker. 19
  • 20. CODE BLUE 2020 DeClang’s Feature ≫ Indirect Branch (Original Feature) – These code blocks belong to a single function but IDA recognizes them as different functions. – As a result, IDA fails to decompile these codes. 20
  • 21. CODE BLUE 2020 DeClang’s Feature 21 ≫ Other O-LLVM features can be ported to DeClang easily − Instruction Substitution − Bogus Control Flow
  • 22. CODE BLUE 2020 DeClang’s Feature 22 ≫ Features that are not open sourced − Function-level anti-tamper − Global anti-tamper − Root / Jailbreak / Emulator detection − global-metadata encryption
  • 23. CODE BLUE 2020 ≫ Function-level anti-tamper DeClang’s Feature foo bar 23
  • 24. CODE BLUE 2020 ≫ Insert tamper detection at the beginning of the function DeClang’s Feature foo bar tamper detecttamper detection 24
  • 25. CODE BLUE 2020 ≫ Detecting tamper mutually DeClang’s Feature foo bar tamper detection tamper detect tamper detect tamper detection 25
  • 26. CODE BLUE 2020 ≫ Detecting tamper mutually DeClang’s Feature baz tamper detect tamper detect tam perdetect tam perdetect tamper detection tamper detection foo tamper detection bar tamper detection 26
  • 27. CODE BLUE 2020 ≫ Detecting tamper mutually DeClang’s Feature baz tamper detect tamper detect tam perdetect tam perdetect tamper detection tamper detection foo tamper detection bar tamper detection Hacker have to remove all tamper detection at once! 27
  • 28. CODE BLUE 2020 ≫ Without Flattening uint32_t foo() { uint32_t V_0 = 0; goto LBL3; LBL1: if (V_0 == 1) { printf("2n"); goto LBL2; } else goto LBL3; LBL2: printf("3n"); goto LBL3; LBL3: printf("1n"); V_0 = getNum(); //getNum() {return first_time_called ? 1 : 0;} if (V_0) goto LBL1; else { printf("4n"); return V_0; } } An O-LLVM Bug 1 2 3 1 4 Output: 28
  • 29. CODE BLUE 2020 ≫ Flattened uint32_t foo() { uint32_t V_0 = 0; goto LBL3; LBL1: if (V_0 == 1) { printf("2n"); goto LBL2; } else goto LBL3; LBL2: printf("3n"); goto LBL3; LBL3: printf("1n"); V_0 = getNum(); //getNum() {return first_time_called ? 1 : 0;} if (V_0) goto LBL1; else { printf("4n"); return V_0; } } An O-LLVM Bug 2 3 1 2 3 1 4 LBL1 executed first?! Output: 29
  • 30. CODE BLUE 2020 ≫ Flattening Logic ①: bb1 ends with “br bb2” An O-LLVM Bug https://github.com/obfuscator-llvm/obfuscator/blob/llvm-4.0/lib/Transforms/Obfuscation/Flattening.cpp bb1 (prologue) bb2 bb3 bb4 (epilogue) bb1 (prologue) switchVar = 0x1 bb2 switchVar = 0x2 bb3 switchVar = 0x3 switch bb bb4 (epilogue) if switchVar == 0x1 if switchVar == 0x2 if switchVar == 0x3 30
  • 31. CODE BLUE 2020 ≫ Flattening Logic ②: bb1 ends with conditional branch An O-LLVM Bug https://github.com/obfuscator-llvm/obfuscator/blob/llvm-4.0/lib/Transforms/Obfuscation/Flattening.cpp#L100 bb1 (prologue) bb2 bb3 bb4 (epilogue) 31
  • 32. CODE BLUE 2020 ≫ Flattening Logic ②: bb1 ends with conditional branch An O-LLVM Bug https://github.com/obfuscator-llvm/obfuscator/blob/llvm-4.0/lib/Transforms/Obfuscation/Flattening.cpp bb1 (prologue) bb2 bb3 bb4 (epilogue) bb1.2 (cond br) bb2 bb3 bb4 (epilogue) bb1.1 (prologue) bb1.1 (prologue) bb2 bb3 switch bb bb4 (epilogue) bb1.2 (cond br) switch bb 32
  • 33. CODE BLUE 2020 ≫ Flattening Logic ③: What if bb1 ends with “br bb3”? An O-LLVM Bug bb1 (prologue) bb2 bb3 bb4 (epilogue) bb1 (prologue) switchVar = 0x1 bb2 switchVar = 0x3 bb3 switchVar = 0x1 switch bb bb4 (epilogue) if switchVar == 0x1 if switchVar == 0x2 if switchVar == 0x3 33
  • 34. CODE BLUE 2020 bb1 (prologue) switchVar = 0x1 bb2 switchVar = 0x3 bb3 switchVar = 0x1 switch bb bb4 (epilogue) if switchVar == 0x1 if switchVar == 0x2 if switchVar == 0x3 ≫ Flattening Logic ③: What if bb1 ends with “br bb3”? An O-LLVM Bug https://github.com/obfuscator-llvm/obfuscator/blob/llvm-4.0/lib/Transforms/Obfuscation/Flattening.cpp#L119-L122 bb1(prologue) bb2 bb3 bb4 (epilogue) bb4 (epilogue) O-LLVM always assume first bb (bb2) in switch will be executed first. 34
  • 35. CODE BLUE 2020 ≫ How could this happen? − Usually prologue will only branch to the bb indexed next to it (if the branch instruction is not conditional). An O-LLVM Bug bb1 (prologue) bb2 bb3 bb4 (epilogue) Normal Case 35
  • 36. CODE BLUE 2020 An O-LLVM Bug ≫ How could this happen? − However if you write a messy code with a lot of goto... 36 Abnormal Case bb1 (prologue) bb2 bb3 bb4 (epilogue)
  • 37. CODE BLUE 2020 ≫ How could this happen? uint32_t foo() { uint32_t V_0 = 0; goto LBL3; LBL1: if (V_0 == 1) { printf("2n"); goto LBL2; } else goto LBL3; LBL2: printf("3n"); goto LBL3; LBL3: printf("1n"); V_0 = getNum(); //getNum() {return first_time_called ? 1 : 0;} if (V_0) goto LBL1; else { printf("4n"); return V_0; } } An O-LLVM Bug LLVM IR (Without Flattening) define i32 @_Z3foov() local_unnamed_addr #1 { br label %5 ; <label>:1: ; preds = %5 %2 = tail call i32 @puts(i8* getelementptr inbounds ([2 x i8], [2 x i8]* @str.5, i64 0, i64 0)) %3 = tail call i32 @puts(i8* getelementptr inbounds ([2 x i8], [2 x i8]* @str.6, i64 0, i64 0)) br label %4 ; <label>:4: ; preds = %1, %5 br label %5 ; <label>:5: ; preds = %4, %0 %6 = tail call i32 @puts(i8* getelementptr inbounds ([2 x i8], [2 x i8]* @str, i64 0, i64 0)) %7 = tail call i32 @_Z6getNumv() switch i32 %7, label %4 [ i32 0, label %8 i32 1, label %1 ] ; <label>:8: ; preds = %5 %9 = tail call i32 @puts(i8* getelementptr inbounds ([2 x i8], [2 x i8]* @str.4, i64 0, i64 0)) ret i32 0 } 37
  • 38. CODE BLUE 2020 ≫ How could this happen? uint32_t foo() { uint32_t V_0 = 0; goto LBL3; LBL1: if (V_0 == 1) { printf("2n"); goto LBL2; } else goto LBL3; LBL2: printf("3n"); goto LBL3; LBL3: printf("1n"); V_0 = getNum(); //getNum() {return first_time_called ? 1 : 0;} if (V_0) goto LBL1; else { printf("4n"); return V_0; } } An O-LLVM Bug define i32 @_Z3foov() local_unnamed_addr #1 { %1 = alloca i32 %2 = alloca i32 %3 = bitcast i32 0 to i32 store i32 205249092, i32* %1 br label %4 ; <label>:4: ; preds = %0, %29 %5 = load i32, i32* %1 switch i32 %5, label %6 [ i32 205249092, label %7 i32 -1124873994, label %10 i32 -1130815655, label %11 i32 -1828373093, label %12 i32 192667987, label %15 i32 -599381087, label %19 i32 -786179519, label %23 i32 2098306815, label %27 ] ; <label>:6: ; preds = %4 br label %29 ; <label>:7: ; preds = %4 %8 = tail call i32 @puts(i8* getelementptr inbounds ([2 x i8], [2 x i8]* @str.5, i64 0, i64 0)) %9 = tail call i32 @puts(i8* getelementptr inbounds ([2 x i8], [2 x i8]* @str.6, i64 0, i64 0)) store i32 -1130815655, i32* %1 br label %29 … } first non-default bb is always executed first LLVM IR (Flattened by O-LLVM) 38
  • 39. CODE BLUE 2020 ≫ Fix − Simply always split first bb! An O-LLVM Bug // always split first BB if ((br != NULL /* && br->isConditional()*/ ) || insert -> getTerminator() -> getNumSuccessors() > 1) { BasicBlock::iterator i = insert -> end(); --i; if (insert -> size() > 1) { --i; } BasicBlock * tmpBB = insert -> splitBasicBlock(i, "first"); origBB.insert(origBB.begin(), tmpBB); } https://github.com/obfuscator-llvm/obfuscator/blob/llvm-4.0/lib/Transforms/Obfuscation/Flattening.cpp#L100 39
  • 40. CODE BLUE 2020 ≫ Fix uint32_t foo() { uint32_t V_0 = 0; goto LBL3; LBL1: if (V_0 == 1) { printf("2n"); goto LBL2; } else goto LBL3; LBL2: printf("3n"); goto LBL3; LBL3: printf("1n"); V_0 = getNum(); //getNum() {return first_time_called ? 1 : 0;} if (V_0) goto LBL1; else { printf("4n"); return V_0; } } An O-LLVM Bug LLVM IR (Flattened by DeClang) define i32 @_Z3foov() local_unnamed_addr #1 { br label %1 ; <label>:1: ; preds = %0 br label %7 ; <label>:2: ; preds = %12 %3 = tail call i32 @puts(i8* getelementptr inbounds ([2 x i8], [2 x i8]* @str.5, i64 0, i64 0)) %4 = tail call i32 @puts(i8* getelementptr inbounds ([2 x i8], [2 x i8]* @str.6, i64 0, i64 0)) br label %6 ; <label>:5: ; preds = %12, %14 br label %6 ; <label>:6: ; preds = %5, %2 br label %7 ; <label>:7: ; preds = %6, %1 %8 = tail call i32 @puts(i8* getelementptr inbounds ([2 x i8], [2 x i8]* @str, i64 0, i64 0)) %9 = tail call i32 @_Z6getNumv() br label %10 … } 40
  • 41. CODE BLUE 2020 ≫ Fix uint32_t foo() { uint32_t V_0 = 0; goto LBL3; LBL1: if (V_0 == 1) { printf("2n"); goto LBL2; } else goto LBL3; LBL2: printf("3n"); goto LBL3; LBL3: printf("1n"); V_0 = getNum(); //getNum() {return first_time_called ? 1 : 0;} if (V_0) goto LBL1; else { printf("4n"); return V_0; } } An O-LLVM Bug LLVM IR (Flattened by DeClang) define i32 @_Z3foov() local_unnamed_addr #1 { %1 = alloca i32 %2 = alloca i32 %3 = bitcast i32 0 to i32 store i32 205249092, i32* %1 br label %4 ; <label>:4: ; preds = %0, %30 %5 = load i32, i32* %1 switch i32 %5, label %6 [ i32 205249092, label %7 ... i32 192667987, label %13 ... ] ; <label>:6: ; preds = %4 br label %30 ; <label>:7: ; preds = %4 store i32 192667987, i32* %1 br label %30 ... ; <label>:13: ; preds = %4 %14 = tail call i32 @puts(i8* getelementptr inbounds ([2 x i8], [2 x i8]* @str, i64 0, i64 0)) %15 = tail call i32 @_Z6getNumv() store i32 %15, i32* %2 store i32 -599381087, i32* %1 br label %30 41
  • 42. CODE BLUE 2020 ≫ But who the hell writes this kind of messy code? An O-LLVM Bug uint32_t foo() { uint32_t V_0 = 0; goto LBL3; LBL1: if (V_0 == 1) { printf("2n"); goto LBL2; } else goto LBL3; LBL2: printf("3n"); goto LBL3; LBL3: printf("1n"); V_0 = getNum(); ///getNum() {return first_time_called ? 1 : 0;} if (V_0) goto LBL1; else { printf("4n"); return V_0; } } 42
  • 43. CODE BLUE 2020 ≫ But who the hell writes this kind of messy code? − Unity does! An O-LLVM Bug 43
  • 44. CODE BLUE 2020 ≫ C++ files generated by IL2CPP have a lot of “goto”! An O-LLVM Bug IL2CPP_EXTERN_C IL2CPP_METHOD_ATTR void TutorialInfo_ToggleShowAtLaunch_m3632B30A9CA1D2147A5A71C32AA605C54EBA1E37 (TutorialInfo_t32C32F28F3E107CDDA9A04D4A6B927D7CED565C6 * __this, const RuntimeMethod* method) { ... { ... if (L_3) { G_B2_0 = L_2; goto IL_0021; } } { G_B3_0 = 0; G_B3_1 = G_B1_0; goto IL_0022; } IL_0021: { G_B3_0 = 1; G_B3_1 = G_B2_0; } IL_0022: { ... return; } } 44
  • 45. CODE BLUE 2020 ≫ C++ files generated by IL2CPP have a lot of “goto”! An O-LLVM Bug IL2CPP_EXTERN_C IL2CPP_METHOD_ATTR void TutorialInfo_ToggleShowAtLaunch_m3632B30A9CA1D2147A5A71C32AA605C54EBA1E37 (TutorialInfo_t32C32F28F3E107CDDA9A04D4A6B927D7CED565C6 * __this, const RuntimeMethod* method) { ... { ... if (L_3) { G_B2_0 = L_2; goto IL_0021; } } { G_B3_0 = 0; G_B3_1 = G_B1_0; goto IL_0022; } IL_0021: { G_B3_0 = 1; G_B3_1 = G_B2_0; } IL_0022: { ... return; } } 45 To conclude: This is a bug triggered by GOTO campaign ?!
  • 46. CODE BLUE 2020 ≫ A demo of function-level anti-tamper feature − https://www.youtube.com/watch?v=Y-zkDt2e-pI&featur e=youtu.be Demo 46
  • 47. CODE BLUE 2020 ≫ DeClang motto − Cheaper: Everyone can secure their apps freely. − Easier: Everyone can integrate DeClang easily. − Stronger: Everyone can improve DeClang. Conclusion 47 https://github.com/DeNA/DeClang
  • 48. CODE BLUE 2020 Follow Twitter @DeNAxTech !