Enhancing Binary Analysis through Cognitive Load Theory
- Author (aut): Smits, Sean
- Thesis advisor (ths): Wang, Ruoyu
- Thesis advisor (ths): Shoshitaishvili, Yan
- Committee member: Doupe, Adam
- Publisher (pbl): Arizona State University
A proposed solution for the decompilation of binaries that include Intel Advanced Vector Extension instruction sets is presented, along with an explanation of the methodology and an overview of the difficulties encountered with the current decompilation process. A simple approach was made to convert vector operations into scalar operations reflected in new assembly code. This new code overwrites instructions using AVX registers so that all available decompilation software is able to properly decompile binaries using these registers. The results show that this approach is functional and successful at resolving the decompilation problem. However, there may be a way to optimize the performance of the output. In conclusion, our theoretical work can easily be extended and applied to a wider range of instructions and instruction sets to further resolve related decompilation issues with binaries utilizing external instructions.
Cryptojacking is a process in which a program utilizes a user’s CPU to mine cryptocurrencies unknown to the user. Since cryptojacking is a relatively new problem and its impact is still limited, very little has been done to combat it. Multiple studies have been conducted where a cryptojacking detection system is implemented, but none of these systems have truly solved the problem. This thesis surveys existing studies and provides a classification and evaluation of each detection system with the aim of determining their pros and cons. The result of the evaluation indicates that it might be possible to bypass detection of existing systems by modifying the cryptojacking code. In addition to this classification, I developed an automatic code instrumentation program that replaces specific instructions with functionally similar sequences as a way to show how easy it is to implement simple obfuscation to bypass detection by existing systems.