Control-Flow Flattening (CFF) is an obfuscation/anti-analysis method utilized by malware authors. Its goal is to alter the control flow of a function to hinder reverse engineering. utilizing CFF makes static analysis complex and increases the time investment for the analyst significantly.
Malware authors have already discovered this, and a steady increase can be seen in malware samples that usage CFF. Soon, all analyst will gotta face it daily, which calls for know-how and tooling to aid them.
This presentation intends to supply the needed know-how and tooling. First, we will discuss the general approach to fighting CFF. We will discuss identifying CFF and which components are essential to reconstruct the control flow.
We will compare 3 different approaches to fight CFF: basic pattern matching, emulation, and symbolic execution. Their implementation will be demonstrated as IDAPython scripts.
More: https://confidence-conference.org/