Enhanced branch obfuscation based on exception handling and encrypted mapping table

Abstract

Reverse analysis will lead to the problems of software crack, theft and tamper, where the control flow analysis will reveal the program execution logic. The conditional jump instruction contains the branch conditions and targets, and as the breaking point of control flow analysis, it will easily expose some significant branch information of the program. Based on the exception handling mechanism and encrypted mapping table, this paper proposes a enhanced branch obfuscation, which first introduces the exception code to replace the conditional jump instructions and then constructs the exception handlers to restore execution according to the mapping relation between the branch conditions and targets. Furthermore as supplement and perfect, the method rearranges the basic blocks and inserts some redundant blocks to increase the difficulty against reverse analysis. The method is evaluated from three aspects of validity, space cost and time cost. Finally the experiment results show that the branch obfuscation has a good protection performance and can resist static and dynamic analysis, and also it has an acceptable performance of space and time cost.