Permutation of opcode values for application program obfuscation
First Claim
1. A method for executing an obfuscated application program, the method comprising:
- receiving an obfuscated application program, said obfuscated application program comprising at least one instruction opcode value encoded using one of a plurality of instruction set opcode value encoding schemes;
determining a dispatch table associated with said application program, said dispatch table corresponding to said one of a plurality of instruction set opcode value encoding schemes; and
executing said application program using said associated dispatch table.
2 Assignments
0 Petitions
Accused Products
Abstract
Obfuscating an application program comprises reading an application program comprising code, transforming the application program code into transformed application program code that uses one of multiple opcode value encoding schemes of a dispatch table associated with the application program, and sending the transformed application program code. Executing an obfuscated application program comprises receiving an obfuscated application program comprising at least one instruction opcode value encoded using one of multiple instruction set opcode value encoding schemes, determining a dispatch table associated with the application program, and executing the application program using the associated dispatch table. The dispatch table corresponds to the one of multiple instruction set opcode value encoding schemes.
111 Citations
63 Claims
-
1. A method for executing an obfuscated application program, the method comprising:
-
receiving an obfuscated application program, said obfuscated application program comprising at least one instruction opcode value encoded using one of a plurality of instruction set opcode value encoding schemes;
determining a dispatch table associated with said application program, said dispatch table corresponding to said one of a plurality of instruction set opcode value encoding schemes; and
executing said application program using said associated dispatch table. - View Dependent Claims (2, 3)
-
-
4. A method for executing an obfuscated application program, the method comprising:
-
receiving an obfuscated application program, said obfuscated application program comprising at least one instruction opcode value encoded using one of a plurality of non-standard instruction set opcode value encoding schemes;
determining an instruction set opcode value encoding scheme associated with said obfuscated application program;
rewriting said application program using a standard opcode value encoding scheme if said received application program is not encoded using said standard opcode value encoding scheme; and
executing said application program using a dispatch table associated with said standard opcode value encoding scheme.
-
-
5. A method for application program obfuscation, the method comprising:
-
reading an application program comprising code;
transforming said application program code into transformed application program code that uses one of a plurality of opcode value encoding schemes of a dispatch table associated with said application program; and
sending said transformed application program code. - View Dependent Claims (6, 7)
-
-
8. A method for creating an opcode value encoding scheme for an instruction set, the method comprising:
-
creating a series of numbers using a randomized process;
filtering said series to remove duplicate numbers; and
creating a one-to-one mapping between instruction implementation methods in an instruction set and said numbers.
-
-
9. A method for creating an opcode value encoding scheme for an instruction set, the method comprising:
-
selecting a seed and a cryptographic key;
creating a series of numbers based at least in part on said seed and said cryptographic key, said seed having a size that is less than the size of said series;
filtering said series to remove duplicate numbers; and
creating a one-to-one mapping between instruction implementation methods in an instruction set and said numbers. - View Dependent Claims (10, 11, 12, 13, 14, 15)
-
-
16. A program storage device readable by a machine, embodying a program of instructions executable by the machine to perform a method for executing an obfuscated application program, the method comprising:
-
receiving an obfuscated application program, said obfuscated application program comprising at least one instruction opcode value encoded using one of a plurality of instruction set opcode value encoding schemes;
determining a dispatch table associated with said application program, said dispatch table corresponding to said one of a plurality of instruction set opcode value encoding schemes; and
executing said application program using said associated dispatch table. - View Dependent Claims (17, 18)
-
-
19. A program storage device readable by a machine, embodying a program of instructions executable by the machine to perform a method for executing an obfuscated application program, the method comprising:
-
receiving an obfuscated application program, said obfuscated application program comprising at least one instruction opcode value encoded using one of a plurality of non-standard instruction set opcode value encoding schemes;
determining an instruction set opcode value encoding scheme associated with said obfuscated application program;
rewriting said application program using a standard opcode value encoding scheme if said received application program is not encoded using said standard opcode value encoding scheme; and
executing said application program using a dispatch table associated with said standard opcode value encoding scheme.
-
-
20. A program storage device readable by a machine, embodying a program of instructions executable by the machine to perform a method for application program obfuscation, the method comprising:
-
reading an application program comprising code;
transforming said application program code into transformed application program code that uses one of a plurality of opcode value encoding schemes of a dispatch table associated with said application program; and
sending said transformed application program code. - View Dependent Claims (21, 22)
-
-
23. A program storage device readable by a machine, embodying a program of instructions executable by the machine to perform a method for creating an opcode value encoding scheme for an instruction set, the method comprising:
-
creating a series of numbers using a randomized process;
filtering said series to remove duplicate numbers; and
creating a one-to-one mapping between instruction implementation methods in an instruction set and said numbers.
-
-
24. A program storage device readable by a machine, embodying a program of instructions executable by the machine to perform a method for creating an opcode value encoding scheme for an instruction set, the method comprising:
-
selecting a seed and a cryptographic key;
creating a series of numbers based at least in part on said seed and said cryptographic key, said seed having a size that is less than the size of said series;
filtering said series to remove duplicate numbers; and
creating a one-to-one mapping between instruction implementation methods in an instruction set and said numbers. - View Dependent Claims (25, 26, 27, 28, 29, 30)
-
-
31. An apparatus for executing an obfuscated application program, the apparatus comprising:
-
means for receiving an obfuscated application program, said obfuscated application program comprising at least one instruction opcode value encoded using one of a plurality of instruction set opcode value encoding schemes;
means for determining a dispatch table associated with said application program, said dispatch table corresponding to said one of a plurality of instruction set opcode value encoding schemes; and
means for executing said application program using said associated dispatch table. - View Dependent Claims (32, 33)
-
-
34. An apparatus for executing an obfuscated application program, the apparatus comprising:
-
means for receiving an obfuscated application program, said obfuscated application program comprising at least one instruction opcode value encoded using one of a plurality of non-standard instruction set opcode value encoding schemes;
means for determining an instruction set opcode value encoding scheme associated with said obfuscated application program;
means for rewriting said application program using a standard opcode value encoding scheme if said received application program is not encoded using said standard opcode value encoding scheme; and
means for executing said application program using a dispatch table associated with said standard opcode value encoding scheme.
-
-
35. An apparatus for application program obfuscation, the apparatus comprising:
-
means for reading an application program comprising code;
means for transforming said application program code into transformed application program code that uses one of a plurality of opcode value encoding schemes of a dispatch table associated with said application program; and
means for sending said transformed application program code. - View Dependent Claims (36, 37)
-
-
38. An apparatus for creating an opcode value encoding scheme for an instruction set, the apparatus comprising:
-
means for creating a series of numbers using a randomized process;
means for filtering said series to remove duplicate numbers; and
means for creating a one-to-one mapping between instruction implementation methods in an instruction set and said numbers.
-
-
39. An apparatus for creating an opcode value encoding scheme for an instruction set, the apparatus comprising:
-
means for selecting a seed and a cryptographic key;
means for creating a series of numbers based at least in part on said seed and said cryptographic key, said seed having a size that is less than the size of said series;
means for filtering said series to remove duplicate numbers; and
means for creating a one-to-one mapping between instruction implementation methods in an instruction set and said numbers. - View Dependent Claims (40, 41, 42, 43, 44, 45)
-
-
46. An apparatus for executing an obfuscated application program, the apparatus comprising a user device configured to:
-
receive an obfuscated application program, said obfuscated application program comprising at least one instruction opcode value encoded using one of a plurality of instruction set opcode value encoding schemes;
determine a dispatch table associated with said application program, said dispatch table corresponding to said one of a plurality of instruction set opcode value encoding schemes; and
execute said application program using said associated dispatch table. - View Dependent Claims (47, 48)
-
-
49. An apparatus for executing an obfuscated application program, the apparatus comprising a user device configured to:
-
receive an obfuscated application program, said obfuscated application program comprising at least one instruction opcode value encoded using one of a plurality of non-standard instruction set opcode value encoding schemes;
determine an instruction set opcode value encoding scheme associated with said obfuscated application program;
rewrite said application program using a standard opcode value encoding scheme if said received application program is not encoded using said standard opcode value encoding scheme; and
execute said application program using a dispatch table associated with said standard opcode value encoding scheme.
-
-
50. An apparatus for application program obfuscation, the apparatus comprising an application program provider configured to:
-
read an application program comprising code;
transform said application program code into transformed application program code that uses one of a plurality of opcode value encoding schemes of a dispatch table associated with said application program; and
send said transformed application program code. - View Dependent Claims (51, 52)
-
-
53. An apparatus for creating an opcode value encoding scheme for an instruction set, the apparatus comprising an application program provider configured to:
-
create a series of numbers using a randomized process;
filter said series to remove duplicate numbers; and
create a one-to-one mapping between instruction implementation methods in an instruction set and said numbers.
-
-
54. An apparatus for creating an opcode value encoding scheme for an instruction set, the apparatus comprising an application program provider configured to:
-
select a seed and a cryptographic key;
create a series of numbers based at least in part on said seed and said cryptographic key, said seed having a size that is less than the size of said series;
filter said series to remove duplicate numbers; and
create a one-to-one mapping between instruction implementation methods in an instruction set and said numbers. - View Dependent Claims (55, 56, 57, 58, 59, 60)
-
-
61. A memory for storing data for access by an application program being executed on a data processing system, comprising:
a data structure stored in said memory, said data structure including information used by said application program execute an obfuscated application program, said data structure an obfuscated application program comprising at least one instruction opcode value encoded using one of a plurality of instruction set opcode value encoding schemes. - View Dependent Claims (62, 63)
Specification