Skip navigation.

Shmoocon 2008: Malware Software Armoring Circumvention

Val and I will be speaking at Shmoocon 2008 showing off our malware unpacking techniques. The talk is Sunday at 10am during the "Break It!" session. If you can't make it but are in the area let us know, we'll be around for the entire weekend. This talk will be similar to the one we gave at Blackhat USA 2007 however we'll also be talking about building an effective hardware based analysis system.


Software armoring techniques have increasingly created problems for reverse engineers and software security analysts. As protections such as packers, run-time obfuscators, virtual machine and debugger detectors become common, newer methods must be developed to cope with them. In this talk we will present our forensically sound debugging platform named Saffron. Saffron is based upon dynamic instrumentation techniques as well as a page fault assisted debugger. We show that the combination of these two techniques is effective in removing armoring from most software armoring systems.