{"id":2838,"date":"2021-02-24T19:08:12","date_gmt":"2021-02-24T18:08:12","guid":{"rendered":"https:\/\/andreas-klingler.de\/infosec\/?p=2838"},"modified":"2021-10-11T16:20:13","modified_gmt":"2021-10-11T14:20:13","slug":"linux-binary-protection","status":"publish","type":"post","link":"https:\/\/infosec.andreas-klingler.de\/?p=2838","title":{"rendered":"Linux Binary protection"},"content":{"rendered":"\n<h2 class=\"wp-block-heading\">Simple protection<\/h2>\n\n\n\n<p class=\"wp-block-paragraph\">A <strong>pack\u00ader<\/strong> can be used to \u201copti\u00admize\u201d \/ \u201ccom\u00adpress\u201d a bina\u00adry which on the oth\u00ader hand also makes it hard\u00ader to debug. A pack\u00ader removes une\u00adses\u00adsary infor\u00adma\u00adtion and the mini\u00adfi\u00adca\u00adtion can lead also to obfus\u00adca\u00adtion to some extend.<\/p>\n\n\n\n<p class=\"wp-block-paragraph\">A stan\u00addard tool is <a href=\"https:\/\/upx.github.io\/\"><span class=\"caps\">UPX<\/span><\/a>. Min\u00adi\u00admize a bina\u00adry with <code>upx -9 bin.elf<\/code>.<\/p>\n\n\n\n<h2 class=\"wp-block-heading\">Advanced protection<\/h2>\n\n\n\n<p class=\"wp-block-paragraph\">Obfus\u00adca\u00adtion tools usu\u00adal\u00adly con\u00adsist of two&nbsp;parts:<\/p>\n\n\n\n<ul class=\"wp-block-list\"><li><em>Pro\u00adtec\u00adtion code<\/em>: A pro\u00adgram con\u00adverts a source bina\u00adry into an obfus\u00adcat\u00aded form and adds a deob\u00adfus\u00adca\u00adtion run\u00adtime into&nbsp;it.<\/li><li><em>Deob\u00adfus\u00adca\u00adtion run\u00adtime<\/em>: When the pro\u00adgram starts, the inject\u00aded deob\u00adfus\u00adca\u00adtion run\u00adtime starts, loads the deob\u00adfus\u00adcat\u00aded bina\u00adry into the mem\u00ado\u00adry and exe\u00adcutes&nbsp;it.<\/li><\/ul>\n\n\n\n<p class=\"wp-block-paragraph\">Some obfus\u00adca\u00adtors&nbsp;are:<\/p>\n\n\n\n<ul class=\"wp-block-list\"><li>Grugq<\/li><li>Bur\u00adn\u00adeye<\/li><li>Shi\u00adva<\/li><li>Maya\u2019s Veil<\/li><li><a href=\"https:\/\/github.com\/tokyoneon\/Chimera\">Chimera<\/a><\/li><\/ul>\n","protected":false},"excerpt":{"rendered":"<p>Sim\u00adple pro\u00adtec\u00adtion A pack\u00ader can be used to \u201copti\u00admize\u201d \/ \u201ccom\u00adpress\u201d a bina\u00adry which on the oth\u00ader hand also makes it hard\u00ader to debug. A pack\u00ader removes une\u00adses\u00adsary infor\u00adma\u00adtion and the mini\u00adfi\u00adca\u00adtion can lead also to obfus\u00adca\u00adtion to some extend. A stan\u00addard tool is <span class=\"caps\">UPX<\/span>. Min\u00adi\u00admize a bina\u00adry with upx \u20119 bin.elf. Advanced pro\u00adtec\u00adtion Obfuscation&nbsp;[\u2026]<\/p>\n","protected":false},"author":1,"featured_media":0,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"wp_typography_post_enhancements_disabled":false,"footnotes":""},"categories":[355],"tags":[362,363,364],"class_list":["post-2838","post","type-post","status-publish","format-standard","hentry","category-reverse-engineering","tag-binary-protection","tag-packer","tag-upx"],"_links":{"self":[{"href":"https:\/\/infosec.andreas-klingler.de\/index.php?rest_route=\/wp\/v2\/posts\/2838","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/infosec.andreas-klingler.de\/index.php?rest_route=\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/infosec.andreas-klingler.de\/index.php?rest_route=\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/infosec.andreas-klingler.de\/index.php?rest_route=\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/infosec.andreas-klingler.de\/index.php?rest_route=%2Fwp%2Fv2%2Fcomments&post=2838"}],"version-history":[{"count":4,"href":"https:\/\/infosec.andreas-klingler.de\/index.php?rest_route=\/wp\/v2\/posts\/2838\/revisions"}],"predecessor-version":[{"id":3462,"href":"https:\/\/infosec.andreas-klingler.de\/index.php?rest_route=\/wp\/v2\/posts\/2838\/revisions\/3462"}],"wp:attachment":[{"href":"https:\/\/infosec.andreas-klingler.de\/index.php?rest_route=%2Fwp%2Fv2%2Fmedia&parent=2838"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/infosec.andreas-klingler.de\/index.php?rest_route=%2Fwp%2Fv2%2Fcategories&post=2838"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/infosec.andreas-klingler.de\/index.php?rest_route=%2Fwp%2Fv2%2Ftags&post=2838"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}