Explore advanced C++11 metaprogramming techniques applied to software obfuscation in this Black Hat conference talk. Delve into the Turing-complete sub-language of C++ executed at compile time, and learn how to generate obfuscated code without external tools or compiler modifications. Discover methods for introducing randomness to create polymorphic code, with practical examples including string literal encryption and call obfuscation using finite state machines. Gain insights into type safety, optimization based on types, and the generation of pseudo-random numbers at compile time. Examine various implementations, including debugger detection and predicate-based obfuscation, while considering compiler support and real-world applications.
C++11 Metaprogramming Applied to Software Obfuscation
Overview
Syllabus
Intro
Reverse engineering
What is Obfuscation?
Without templates
With C++ templates
Type safety
Optimisation based on types
C++ metaprogramming
Strings literals obfuscation
1st implementation - Problem
2nd implementation - Usage
rd implementation
Generating (pseudo-) random numbers
Seed
th implementation
Without obfuscation
Application 2 - Obfuscate calls
Finite State Machine (simple example)
Boost Meta State Machine (MSM) library
FSM + Debugger Detection
More obfuscation
Predicate
Compilers support
White paper
Taught by
Black Hat
