Tim Blazytko is a well-known binary security researcher and co-founder of emproof GmbH. After working on novel methods for code deobfuscation, fuzzing and root cause analysis during his PhD, Tim now builds code obfuscation schemes tailored to embedded devices. Moreover, he gives trainings on reverse engineering & code deobfuscation, analyzes malware and performs security audits.
Our talk first gives an overview of contemporary code obfuscation schemes, where we focus on the design & architecture of virtual machines. Then, we work out the weaknesses of well-established approaches and discuss how modern virtual machines can be broken in a (semi-)automated fashion. Afterward, we present the core design principles behind the next generation of virtual machines and highlight how they abuse inherent weaknesses of the deobfuscation techniques in order to provide long-lasting resilience. We conclude the talk by pointing out that such techniques will shape the landscape of modern obfuscation in the next few years; further, we outline required advances in code deobfuscation research to tackle such virtual machines.