HitB2012AMS: SSEXY: Binary Obfuscation the SSE WayFrank Breedijk
The SSE Instruction Set is a special instruction set provided by the CPU for heavy math operations, it performs really well for 3D graphics (such as used in games and rendering engines) and bruteforcing hashes (md5 etc.)
Since a lot of security tools (e.g. Anti-Virus) is based on pattern recognition, replacing normal x86 instruction with SSE instructions can alter the pattern of the file and thus fool these security tools.
Jurriaan wrote a tool called SSEXY, that converts a normal PE executable to an obfuscated executable. The tool takes a PE binary as input, disassembles it, modifies the source and then uses gcc to create a new binary.
In his talk Jurriaan highlighter how he created this tool and some obstacles that had to be overcome.
SSEXY will be available soon in Jurriaans Github space
Presentation materials available from http://conference.hitb.org/hitbsecconf2012ams/materials/
ABOUT JURRIAAN BREMER
Jurriaan is an independent security researcher from the Netherlands who has been interested in the development and analysis of low-level software, their algorithms and new ways to bypass existing security measures. He is also a member of “De Eindbazen” (a dutch team that plays CTFs) and one of the people behind the HITB.nl CTF.