KR102430337B1 - Source Code Reconstruction and Optimization Method and Device Therefor - Google Patents

Abstract

The present invention provides a method for reconstructing and optimizing source code, comprising: checking a source code structure to which an obfuscation technique is applied; reconstructing the code blocks loaded in the identified source code structure according to the execution order; and performing source code optimization according to the control flow of the reconstructed code block, and provides a source code reconstruction and optimization apparatus for this.

Description

Source Code Reconstruction and Optimization Method and Device Therefor

The present invention relates to a source code reconstruction and optimization method and an apparatus therefor, and more specifically, when a control flow obfuscation technique is applied at the source code level, the source code reconstruction and optimization are performed before compiling it. It relates to an optimization method and apparatus.

Obfuscation technology is a technique of modifying data structure and control flow while maintaining software functionality in order to protect intellectual property rights of software. This obfuscation technique may be applied to the source code level before compilation is performed, or may be applied to the binary level after compilation is performed. In the process of compiling in the compiler, an optimization technique is applied to the source code, and when the optimization technique is applied, the obfuscated part is removed. Therefore, when obfuscation is performed at the source code level, the protection effect by the obfuscation technique may be greatly reduced. For this reason, it is generally preferred to apply the obfuscation technique at the binary level, after compilation is performed. Therefore, when the software manufacturer applies the obfuscation technology to protect the software produced by the company, unless it is necessary to provide the source code, the obfuscation technology is applied and distributed at the binary level. And the dislike of obfuscation at the source code level is one of the reasons why obfuscation techniques at the source code level are not studied much.

Obfuscation technology includes partition obfuscation (variable/function name change, comment removal, etc.), data obfuscation (variable value transformation, data structure transformation, etc.), control flow obfuscation (control flow modification, unnecessary code insertion, etc.) and prevention obfuscation It can be classified into four categories of fire (debugging detection, virtual machine detection, etc.). Conventional commercial obfuscation tools at the source code level were mainly to change the variable name/function name, remove comments in the source code, or modify the variable value. In other words, at the source code level, distribution is the goal in most cases, so partition obfuscation and data obfuscation techniques are mainly applied. At the binary level, partition obfuscation, data obfuscation, control flow obfuscation, and prevention obfuscation techniques can all be applied, but at the source code level, it is difficult to design/implement obfuscation because it does not have detailed address information or assembly language. There was technology.

However, as described above, partition obfuscation and data obfuscation are types of obfuscation techniques that are optimized and disabled in the process of compiling by the compiler. Therefore, since partition obfuscation and data obfuscation techniques are mainly applied at the source code level, the optimization technique is used as a technique to deobfuscate the obfuscation technique at the source code level.

On the other hand, in recent research, control flow obfuscation technology applicable at the source code level has been designed and implemented, and is being loaded into commercial obfuscation tools. Unlike the previous block obfuscation and data obfuscation techniques, the control flow obfuscation technique is not optimized with an optimizer inside the compiler. This means that the control flow obfuscation technology strongly deforms the internal structure of the source code, and the readability can be expected to increase through optimization only by reconstructing the modified part first. Therefore, in order to cope with the control flow obfuscation technology at the source code level, research is being conducted on the reconstruction technology.

The problem to be solved by this embodiment is to optimize the source code to which the control flow obfuscation technology has been applied, after reconstruction of the control flow at the source code level, and thus a very high optimization rate even if the compiler optimization option is not applied at all during the compilation process. It is to provide a method and apparatus for reconstructing and optimizing source code that provides and readability.

The technical problems to be achieved by the present embodiment are not limited to the technical problems described above, and other technical problems may be inferred from the following embodiments.

A source code reconstruction and optimization method according to an embodiment includes: checking a source code structure to which a control flow obfuscation technique is applied; reconstructing the code blocks loaded in the identified source code structure according to the execution order; and performing source code optimization according to the control flow of the reconstructed code block.

The apparatus for reconstructing and optimizing source code according to an embodiment checks the source code structure to which the control flow obfuscation technology is applied through the extraction unit, and executes the code block loaded in the identified source code structure through the reconstruction unit Source code optimization may be performed according to the control flow of the reconstructed code block through the reconstruction in the order and through the optimization unit.

As a computer-readable non-transitory recording medium recording a program for executing the source code reconstruction and optimization method in a computer according to an embodiment, the source code reconstruction and optimization method includes a source code structure to which a control flow obfuscation technique is applied to confirm; reconstructing the code blocks loaded in the identified source code structure according to the execution order; and performing source code optimization according to the control flow of the reconstructed code block.

According to the present disclosure, since the source code reconstruction and optimization method applies a form of dynamic analysis that cannot be applied to the compiler optimizer, a more accurate form of control flow reconstruction is possible.

In addition, since the source code reconstruction and optimization method of the present disclosure performs control flow reconstruction and thereby additionally generates an optimizable pattern, it is possible to provide a very high optimization rate and readability even if the compiler optimization option is not applied at all during the compilation process. .

In addition, since the source code reconstruction and optimization method of the present disclosure is source-to-source transformation, it is somewhat familiar to a general code analyst, and the readability of the generated result is higher than when the optimization technique of the compiler is applied.

Effects of the invention are not limited to the effects mentioned above, and other effects not mentioned will be clearly understood by those skilled in the art from the description of the claims.

1 is a flowchart of a source code reconstruction and optimization method according to an embodiment.
2A is the original source code before the control flow flattening technique is applied.
2B is a control flow graph before the control flow flattening technique is applied.
2C is a sequence of source code execution before the control flow flattening technique is applied.
3A is a source code to which a control flow flattening technique is applied.
3B is a control flow graph to which a control flow flattening technique is applied.
3C is a source code execution sequence to which a control flow flattening technique is applied.
4 is a structural diagram of a source code reconstruction and optimization method according to an embodiment.
5 is a flowchart of an algorithm of a source code reconstruction and optimization method according to an embodiment.
6 is a conceptual diagram illustrating control flow reconstruction according to an embodiment.
7 is a block diagram of a source code reconstruction and optimization apparatus according to an embodiment.

Terms used in the embodiments are selected as currently widely used general terms as possible while considering functions in the present disclosure, but may vary depending on intentions or precedents of those of ordinary skill in the art, emergence of new technologies, and the like. In addition, in certain cases, there are also terms arbitrarily selected by the applicant, and in this case, the meaning will be described in detail in the corresponding description. Therefore, the terms used in the present disclosure should be defined based on the meaning of the term and the contents of the present disclosure, rather than the simple name of the term.

In the entire specification, when a part "includes" a certain component, it means that other components may be further included, rather than excluding other components, unless otherwise stated. In addition, terms such as "...unit" and "...module" described in the specification mean a unit that processes at least one function or operation, which is implemented as hardware or software, or a combination of hardware and software. can be

The expression "at least one of a, b, and c" described throughout the specification means 'a alone', 'b alone', 'c alone', 'a and b', 'a and c', 'b and c ', or 'all a, b, and c'.

The "terminal" referred to below may be implemented as a computer or a portable terminal capable of accessing a server or other terminal through a network. Here, the computer includes, for example, a laptop, a desktop, and a laptop equipped with a web browser (WEB Browser), and the portable terminal is, for example, a wireless communication device that ensures portability and mobility. , IMT (International Mobile Telecommunication), CDMA (Code Division Multiple Access), W-CDMA (W-Code Division Multiple Access), LTE (Long Term Evolution) and other communication-based terminals, smartphones, tablet PCs, etc. It may include a handheld-based wireless communication device.

Hereinafter, with reference to the accompanying drawings, embodiments of the present disclosure will be described in detail so that those of ordinary skill in the art to which the present disclosure pertains can easily implement them. However, the present disclosure may be implemented in several different forms and is not limited to the embodiments described herein. Hereinafter, embodiments of the present disclosure will be described in detail with reference to the drawings.

1 is a flowchart of a source code reconstruction and optimization method according to an embodiment.

In step S101, it is possible to check the source code structure to which the control flow flattening technique is applied from the obfuscated source code. At this time, the obfuscated source code may be a source code to which a control flow obfuscation technique is applied, and the control flow obfuscation technique may be a control-flow flattening technique. This technique transforms the control flow of software, which is generally in a vertical relationship, into a horizontal relationship, and a more detailed description will be described with reference to FIGS. 2 and 3 . According to an embodiment, checking the source code structure to which the control flow flattening technology is applied may mean extracting the location of the flattening structure to be reconstructed and optimized by analyzing the inside of the obfuscated source code.

In step S102, the code blocks loaded inside the source code structure identified in S101 may be reconstructed according to the execution order. According to an embodiment, the reconstruction of the code block outputs the code block index by checking the position of the label in each of the loaded code blocks, and inserting and executing an interface for outputting the code block index at the bottom of the label. process may be included. In this case, the code block index may be output in the order of execution for actually executed code blocks among the loaded code blocks. According to an embodiment, the code block corresponding to the output code block index may be arranged in the execution order while the label and the code block move statement are deleted from within the block. In addition, the control flow reconstruction can be completed by removing the dispatcher block from the deployed code block.

In step S103, source code optimization may be performed according to the control flow of the code block reconstructed in S102. According to an embodiment, the step of removing and optimizing the source code of the reconstructed code block may be repeated until there is no more source code to be removed and optimized.

According to an embodiment, analysis may be performed on the optimized source code. Through analysis, it is possible to know how readable the source code is and how much optimization has been performed compared to the obfuscated source code. In addition, the source code that has been optimized can be compiled and distributed through a compiler.

On the other hand, there are not many commercial obfuscation tools applicable to the source code level, and among them, there are even fewer commercial obfuscation tools that can apply the control flow obfuscation technology. Control flow flattening technology is almost the only commercialized technology among control flow obfuscation technologies that can be applied at the source code level. Therefore, most of the source code level commercial obfuscation tools that can apply the control flow obfuscation technology provide the control flow flattening technology as an option. This control flow flattening technique will be described with reference to FIGS. 2 and 3 below.

First, FIG. 2A is the original source code before the control flow flattening technique is applied, FIG. 2B is a control flow graph before the control flow flattening technique is applied, and FIG. 2C is the source code execution sequence before the control flow flattening technique is applied .

Before the control flow flattening technique is applied, the control flow is generally vertical. The original source code of FIG. 2A is a relatively simple source code written as an example, and is a source code for outputting "Hello" and "World". The source code of such a vertical structure, with reference to FIG. 2B, has a control flow consisting of one node. Therefore, when the corresponding source code is compiled, it is sequentially executed inside one code block consisting of "Hello" and "World" Exit (ie, code block escape).

As a control flow obfuscation technique applied at the source code level, there is a control flow flattening technique, and when this technique is applied to the source code, the control flow is transformed into a horizontal relationship. In this regard, FIG. 3A is a source code to which the control flow flattening technique is applied, FIG. 3B is a control flow graph to which the control flow flattening technique is applied, and FIG. 3C is a source code execution sequence to which the control flow flattening technique is applied.

First, components of the source code to which the control flow flattening technology is applied may include a dispatcher, a dispatcher variable, a code block, a code block index, and a label.

The dispatcher is a selector that selects a block of code to be compiled and executed. For example, the Switch-Case statement in FIG. 3A may correspond to the dispatcher. A dispatcher variable is a variable used to select a code block to be compiled and executed. For example, in FIG. 3A , SwVar may correspond to a dispatcher variable.

A code block represents a block divided into functional units, and can be viewed as a concept similar to a basic block. For example, in FIG. 3C, from Label_#k to the Goto Switch statement may be referred to as a k-th code block. The code block index represents the number (or name) of the code block. For example, it corresponds to #k in FIG. 3C, and k in this embodiment is 1, 2, and 3. A label can be used as a moving target address within a code block. For example, the Goto Label_#2 statement may indicate to move to the code block with index 2. The label corresponds to Label_#k in FIG. 3C.

Referring back to FIG. 3 based on this, the control flow to which the control flow flattening technique is applied is transformed into a horizontal relationship composed of several code blocks. 3A is a source code to which a control flow flattening technique is applied to the original source code of FIG. 2A, and the source code for outputting "Hello" and "World" is divided into two code blocks, switch case 0 and switch case 1. can be checked That is, the code block to be executed is determined according to the dispatcher variable, starting with the execution of the dispatcher. When the execution of the corresponding code block is completed, the dispatcher variable is changed to a different value, which will be the process of calculating the index of the code block to be executed next.

Referring to FIG. 3B , the source code of such a horizontal structure has a control flow composed of a plurality of nodes. Accordingly, when the corresponding source code is compiled, there are three selectable code blocks based on the Switch-Case block 301 that is the dispatcher, a block 302 for outputting “World”, and a block 303 for outputting “Hello”. ) and a block 304 for escaping the while statement are listed. Referring to FIG. 3C , it can be seen that the remaining blocks 302 , 303 , and 304 are horizontally arranged except for the dispatcher. This means that the execution order of code blocks cannot be known unless actually compiled with source code transformed into a horizontal structure. Although this embodiment is a relatively simple source code, the structure of the source code actually used will be very complicated, so unless you actually run the source code to which the control flow flattening technology is applied, it is difficult to understand the code block that is actually executed and the order of execution. difficult. In other words, it is difficult to statically grasp the execution order of code blocks in the source code to which the control flow flattening technology is applied.

In Figure 3a, the code block index has the same value as the dispatcher variable (both have only a value of 0 or 1), but a commercial obfuscation tool with a high level of obfuscation transformation cannot determine the correlation between the code block index and the dispatcher variable. . In addition, in the embodiment of FIG. 3 , the initial value (int SwVar = 0) of the dispatcher variable can be easily obtained, and the operation process thereof (SwVar = 1) is also not complicated, so the execution order of the code block can be easily grasped statically. It is possible, but in commercial obfuscation tools, the initial value and the operation process are also configured to be difficult to understand statically.

In addition, in the high-level control flow flattening technique, a number of code blocks and code block indexes that are not actually used are inserted in order to further complicate the analysis. For example, if the dispatcher variable in any code block does not indicate a specific code block index, the corresponding code block index may not be output and the code block may not be executed. Alternatively, the operation of the index within the code block is block sequentially a=a+1; a=a-1; There may be blocks of code that retain the same functionality when executed as if they were written as . For this reason, from the analyst's point of view, there is a problem that the analysis of the dispatcher variable must precede the analysis of whether or not a specific code block is actually executed. Therefore, in order to analyze the source code to which the high-level control flow flattening technology is applied, the process of extracting the execution order of the code block through dynamic analysis must be preceded. Since this process cannot be performed by the compiler optimizer, it is difficult to increase the readability of the source code to which the control flow obfuscation is applied using only the existing compiler optimizer.

Therefore, in the present invention, in order to increase the readability of the source code to which the control flow obfuscation is applied, a method of reconstructing the structure at the source code level before optimization is proposed.

4 is a structural diagram of a source code reconstruction and optimization method according to an embodiment, and FIG. 5 is a flowchart of an algorithm of a source code reconstruction and optimization method according to an embodiment.

4 and 5, the obfuscated source code may be converted into an optimized source code by the source code reconstruction and optimization apparatus 400 according to the present invention. First, it is possible to read and analyze the inside of the obfuscated source code through the obfuscated source code parsing module 410 in step S501. And in step S502, through the regular expression module (Regular Expression Module) 420, it is possible to identify and extract the location of the flattening structure to which the control flow flattening technology is applied in the source code. For example, a developer can insert a marker in the source code to indicate which function to apply the obfuscation technique to. In this case, the function name is changed due to the insertion of the marker, and the SwitchCase statement located within the function generally corresponds to a flattened structure.

Since the source code reconstruction algorithm is performed once before the optimization process to identify and reconstruct the flattened structure, it is performed by checking the round of the algorithm. The round is set to an initial value of 0, and accordingly, for source code that has not undergone source code reconstruction, the round does not increase and continues to be 0. In step S503, it may be checked whether this round is 0. That is, it can be checked whether the target source code structure is the reconstructed source code in step S503.

If "Yes" in step S503, that is, in the case of source code that has never been reconstructed, in step S504 for outputting a label to the code block loaded in the flattened structure through the Label Extraction Module 430 You can insert each interface and run that code block. In this case, the interface means an API (Application Programming Interface). The label extraction module 430 is a module that can extract the code blocks loaded in the flattening structure in the order of execution. By applying dynamic analysis, the label extraction module 430 finds the position of the label inside the flattening structure, and sets the code block index under the label. You can insert an interface for output. In this case, the regular expression module 420 may be used together to check the position of the label.

According to an embodiment, the API for outputting the code block index may be a Print statement such as Print("#3"). If an interface for outputting a label is inserted in a code block and executed after compiling, only the code block index for the code block that is actually executed is output in the order of execution of the code block. For example, in the example of FIG. 3C , it is assumed that code blocks having code block indexes 4 and 5 exist, and these code blocks are code blocks that are not actually executed. In this case, when the flattening structure in which the API is inserted is executed, #2 Hello #1 World #3 is output according to the execution order, and #4 and #5, which are indices of code blocks that are not executed, will not be output.

After the code block index is output in the order of execution for actually executed code blocks among the loaded code blocks, the source code reconstruction process of steps S505 to S508 is performed. First, through the control-flow reconstruction module (Control-Flow Reconstruction Module) 440 in step S505, it is possible to reconstruct the branch statement. In other words, code blocks corresponding to the code block index output in step S504 may be arranged in the execution order.

And in step S506, the label of the code block arranged in the execution order may be analyzed and the dispatcher may be removed. Specifically, the code block(s) may be placed after removing the label on the top line and the code block move statement on the bottom line (eg, Goto statement) in the block. For example, in the example of Figure 3c, code block 302 has Label_#1: and Goto Switch statements removed, leaving only "World" in the code block, and code block 303 has Label_#2: and Goto Switch statements. removed and only "Hello" is left in the code block, the code block 304 has the Label_#3: removed and only the Exit statement remains, the execution order of the code block 303, code block 302, code block 304 will be placed in order. More specifically, the dispatcher 301, the code block 303, the dispatcher 301, the code block 302, the dispatcher 301, the code block 304 will be arranged in the order.

Thereafter, the dispatcher (or dispatcher block) may be removed from the disposed code block. As described above with reference to FIG. 3 , the dispatcher may mean a SwitchCase statement or the like as a selection block for selecting a code block to be executed from among the code blocks loaded in the planarization structure. After all of the dispatcher blocks are removed, the code block rearrangement is completed (step S507).

After the code blocks are rearranged, the round of the algorithm is incremented by one in step S508. This is to return to step S503 again, and it is determined that the case is "No", so as to inform that the source code is the source code that has been reconstructed.

Next, the reconstructed obfuscated source code is subjected to the source code optimization step of steps S509 to S512. According to one embodiment, the source code elimination module (Source Code Elimination Module) 450 and the source code optimization module (Source Code Optimization Module) 460 are the optimization techniques implemented in the intermediate language applicable to the existing compiler optimizer. It can be implemented so that it can be applied to the source code level as well.

First, the variable DeletedCode indicating the number of deleted codes and the variable OptimizedCode indicating the number of optimized codes are set to an initial value of 0 (S509). And through the source code removal module 450 in step S510, it is possible to identify and delete a pattern that can be deleted from the reconstructed source code. According to an embodiment, the deleteable pattern may mean a source code that does not change its functionality when compiling a code block even if it is deleted. For example, 'A = 3; If there are two lines of source code such as A = 8;', variable A will be saved as 3 and then as 8 again. There is no change in saving as 8. Therefore, in this case, the source code 'A = 3;' will be a deleteable pattern. Conversely, 'A = 3; B = A + 6; If there are three lines of source code like A = 8;', variable A is assigned to 3 and then used to calculate the value of B. In this case, when 'A = 3;' is deleted and the source code is executed, the value of B may be different from 9, which is the result of compilation where 'A = 3;' exists, so the functionality of the code block is changed. . Therefore, 'A = 3;' in this case will not be a deleteable code.

Next, through the source code optimization module 460 in step S511, it is possible to identify and optimize an optimizable pattern in the reconstructed source code. As such source code removal and optimization are performed, in step S512, DeletedCode increases by the number of deleted patterns and OptimizedCode increases by the number of optimized patterns, and since source code optimization is performed once, the round is also increased by 1.

According to an embodiment, the source code optimization step may repeat the process of removing and optimizing the source code of the reconstructed code block until there is no more source code to be removed and optimized. In step S513, it may be determined whether the sum of DeletedCode and OptimizedCode is 0, in order to check whether there is any more removed or optimized source code. Therefore, if "No" in step S513, it is not confirmed whether there is still source code to be removed or optimized or whether there is no source code to be removed or optimized anymore. Therefore, the process returns to step S509 to repeat the source code optimization process. Conversely, if "Yes" in step S513, the source code has been removed and optimized until there is no more source code to be removed and optimized, and thus the process proceeds to the next step.

When the source code optimization is completed, the optimized source code may be written through the optimized source code generation module 470 in step S514 . Users will be able to analyze the source code that has undergone such source code reconstruction and optimization process, compile it, and then run it.

Since the source code reconstruction and optimization method according to an embodiment of the present invention applies a form of dynamic analysis that cannot be applied to the compiler optimizer, a more accurate form of control flow reconstruction is possible. 6 is a conceptual diagram illustrating control flow reconstruction according to an embodiment. 6, it can be confirmed that the source code to which the control flow flattening technology is applied can accurately reconstruct the control flow through dynamic analysis.

According to an embodiment, the execution order of the program may be the ABAABC order, but in the block diagram 610 of the source code to which the control flow flattening technology is applied, the execution order cannot be known unless the program is compiled. Therefore, it is possible to arrange the code blocks in the order of execution as shown in the block diagram 620 of the source code to which the reconstruction technique is applied through the steps S504 to S508 of FIG. 5 .

Specifically, it is possible to insert an API that outputs the code block index under the label by locating the label and executes it. In this case, only the code block indexes that are actually executed will be output in the execution order, and the code blocks can be sorted in the order of the output indexes. You can also rearrange code blocks by removing labels and Goto statements within the code block, and removing the dispatcher block. After the source code of the flattened structure undergoes such a control flow reconstruction process, the code blocks will be arranged in the ABAABC order, which is the actual program execution order ( 620 ).

Applying the source code level optimization technique after the reconstruction of the control flow at the source code level provides a higher optimization rate and readability compared to the case where the control flow reconstruction is preceded and the compiler optimization option is not applied at all. can Also, the case where control flow reconstruction is preceded at the source code level provides higher readability compared to the case where the control flow reconstruction is not preceded and the compiler optimization option is applied during the compilation process. In other words, when compiling source code with control flow obfuscation technology in other compilers (eg, Visual C++ Compiler, Intel C++ Compiler, GNU Compiler, Collection (GCC), Clang, etc.), the compiler optimization option is applied to the maximum. A case in which control flow reconstruction and optimization at the source code level is preceded can show clearly improved results.

On the other hand, the effect of the present invention as described above means that there is an optimizable pattern that is additionally generated by performing control flow reconstruction according to an embodiment. Therefore, it can be seen that more optimization is performed in the source code in which the control flow reconstruction is performed and optimization is performed than in the source code in which the control flow reconstruction is not performed and the optimization is performed.

Since the source code reconstruction and optimization method according to an embodiment of the present invention also converts between source codes, the readability of the generated result may be higher than when the optimization technique of the compiler is applied. That is, since the compiler optimization technology is applied at the intermediate language (IP) level rather than the source code, the generated result itself corresponds to an intermediate language or binary, which may be unfamiliar to general analysts. On the other hand, the source code reconstruction and optimization method according to an embodiment of the present invention may have a contribution to the existing optimization technology in that it is somewhat familiar to a general analyst because the generated result is an optimized source code.

7 is a block diagram of a source code reconstruction and optimization apparatus according to an embodiment. Each of the steps in the flowcharts such as FIGS. 1 and 5 may be performed by the apparatus 700 for reconstructing and optimizing the source code of the present invention. The source code reconstruction and optimization apparatus 700 according to an embodiment may include an extraction unit 710 , a reconstruction unit 720 , and an optimization unit 730 .

The extractor 710 may check the source code structure to which the control flow flattening technique is applied from the obfuscated source code. In more detail, the extraction unit 710 may read and analyze the inside of the obfuscated source code, identify and extract the location of the flattening structure to which the control flow flattening technology is applied within the source code. The extractor 710 according to an embodiment may include an obfuscated source code parsing module 410 and a regular expression module 420 .

The reconstruction unit 720 may reconstruct the code blocks loaded in the identified source code structure according to the execution order. In more detail, the reconstruction unit 720 may apply dynamic analysis to determine the position of the label inside the planarization structure, and insert an interface for outputting the code block index under the label. In addition, the reconstruction unit 720 may execute the source code and arrange the code blocks corresponding to the output code block indexes in the execution order. At this point, labels and code block move statements are removed within the code block, and the dispatcher is removed so that the code blocks can be arranged in execution order. The reconstruction unit 720 according to an embodiment may include a label extraction module 430 and a control flow reconstruction module 440 .

The optimizer 730 may perform source code optimization according to the control flow of the reconstructed code block. In more detail, the optimizer 730 may identify, delete, and optimize a deleterable or optimizable pattern in the reconstructed source code. This can be repeated until there is no more source code to remove and optimize. The optimizer 730 according to an embodiment may include a source code removal module 450 and a source code optimization module 460 .

7 shows only the extraction unit 710, the reconstruction unit 720, and the optimization unit 730 for convenience, this is only an example, and the source code reconstruction and optimization apparatus 700 according to an embodiment has other components. may further include.

The device according to the above-described embodiments includes a processor, a memory for storing and executing program data, a permanent storage such as a disk drive, a communication port for communicating with an external device, a touch panel, a key, a button, etc. user interface devices, and the like. Methods implemented as software modules or algorithms may be stored on a computer-readable recording medium as computer-readable codes or program instructions executable on the processor. Here, the computer-readable recording medium includes a magnetic storage medium (eg, read-only memory (ROM), random-access memory (RAM), floppy disk, hard disk, etc.) and an optically readable medium (eg, CD-ROM). ), DVD (Digital Versatile Disc), and the like. The computer-readable recording medium is distributed among network-connected computer systems, so that the computer-readable code can be stored and executed in a distributed manner. The medium may be readable by a computer, stored in a memory, and executed on a processor.

This embodiment may be represented by functional block configurations and various processing steps. These functional blocks may be implemented in any number of hardware and/or software configurations that perform specific functions. For example, an embodiment may be an integrated circuit configuration, such as memory, processing, logic, look-up table, etc., capable of executing various functions by the control of one or more microprocessors or other control devices. can be hired Similar to how components may be implemented as software programming or software components, this embodiment includes various algorithms implemented in a combination of data structures, processes, routines or other programming constructs, including C, C++, Java ( Java), assembler, etc. may be implemented in a programming or scripting language. Functional aspects may be implemented in an algorithm running on one or more processors. In addition, the present embodiment may employ the prior art for electronic environment setting, signal processing, and/or data processing. Terms such as “mechanism”, “element”, “means” and “configuration” may be used broadly and are not limited to mechanical and physical configurations. The term may include the meaning of a series of routines of software in connection with a processor or the like.

The above-described embodiments are merely examples, and other embodiments may be implemented within the scope of the claims to be described later.

Claims (10)

In the source code reconstruction and optimization method,
Checking the source code structure to which the obfuscation technology for flattening the control flow (Control-Flow) is applied;
reconstructing the code blocks loaded in the identified source code structure according to the execution order based on the code block index; and
and performing source code optimization according to the control flow of the reconstructed code block. According to claim 1,
The rebuilding step is
identifying a position of a label in each of the loaded code blocks;
inserting an interface for outputting the code block index under the label; and
and outputting the code block index by executing the code block into which the interface is inserted. 3. The method of claim 2,
In the outputting step, the code block index is output in the order of execution for the code blocks that are actually executed among the loaded code blocks. 4. The method of claim 3,
The method further comprising the step of arranging the code block corresponding to the output code block index in the execution order. 5. The method of claim 4,
wherein the placed code block is disposed with the label and the code block move statement deleted within the block. 5. The method of claim 4,
Further comprising the step of removing a dispatcher (dispatcher) block from the deployed code block,
wherein the dispatcher block is a selection block for selecting one of the loaded code blocks to execute. According to claim 1,
The step of optimizing the source code comprises:
iterating removing and optimizing the source code of the reconstructed code block until there is no more source code to remove and optimize. According to claim 1,
The method further comprising the step of analyzing and compiling the source code on which the optimization has been performed. In the source code reconstruction and optimization apparatus,
Through the extraction unit, the source code structure to which the obfuscation technology to flatten the control flow is applied,
Through the reconstruction unit, the code blocks loaded inside the identified source code structure are reconstructed according to the execution order based on the code block index,
An apparatus for performing source code optimization according to the control flow of the reconstructed code block through the optimization unit. As a computer-readable non-transitory recording medium recording a program for executing a source code reconstruction and optimization method on a computer,
The source code reconstruction and optimization method is,
Checking the source code structure to which the obfuscation technology for flattening the control flow is applied;
reconstructing the code blocks loaded in the identified source code structure according to the execution order based on the code block index; and
and performing source code optimization according to the control flow of the reconstructed code block.

Images