Simplification of General Mixed Boolean-Arithmetic Expressions: GAMBA. (arXiv:2305.06763v1 [cs.CR])

Malware code often resorts to various self-protection techniques to
complicate analysis. One such technique is applying Mixed-Boolean Arithmetic
(MBA) expressions as a way to create opaque predicates and diversify and
obfuscate the data flow.

In this work we aim to provide tools for the simplification of nonlinear MBA
expressions in a very practical context to compete in the arms race between the
generation of hard, diverse MBAs and their analysis. The proposed algorithm
GAMBA employs algebraic rewriting at its core …

aim analysis code data flow general malware opaque protection techniques tools work