Code Transposition

Created the Saturday 23 March 2019. Updated 6 months, 2 weeks ago.

Code transposition is a technique used by malware authors to evade detection and analysis by rearranging the instructions of a piece of code without changing its behavior. This technique is used to make the code more difficult to read and understand for disassemblers and reverse engineers, as well as to hide the true intent of the code.

There are two main methods of implementing code transposition. The first method involves the use of a random number generator to randomly rearrange the instructions of the code. This makes it difficult for analysts to determine the original order of the instructions, and can make the code difficult to follow and understand.

The second method of code transposition involves the use of a mathematical function to rearrange the instructions in a predictable and consistent manner. This allows the code to be easily transposed back to its original form if necessary, but still makes it difficult for analysts to follow and understand the code.

Overall, code transposition is a technique used by malware authors to make their code more difficult to analyze and understand, and to evade detection by security tools and analysts.

Technique Identifier

U0202

Technique Tags

Instruction reordering Anti-disassembling Obfuscation Code rearrangement Random number generator Mathematical function Code complexity

Code Snippets

Description

This code snippet defines a vector of instructions, which are simply integer values from 1 to 10 in this example. The instructions are then shuffled using a random number generator, and the instructions are executed in the rearranged order.

This code demonstrates how code transposition can be used to rearrange the instructions of a piece of code in a random manner, making it more difficult to follow and understand. In a real-world scenario, the instructions would be more complex and would likely have a different impact on the behavior of the code.

#include <iostream>
#include <random>
#include <vector>

int main()
{
    std::vector<int> instructions = { 1, 2, 3, 4, 5, 6, 7, 8, 9, 10 };

    // Use a random number generator to shuffle the instructions
    std::random_device rd;
    std::mt19937 g(rd());
    std::shuffle(instructions.begin(), instructions.end(), g);

    // Execute the instructions in the rearranged order
    for (int instruction : instructions)
    {
        std::cout << instruction << std::endl;
    }

    return 0;
}

Additional Resources

External Links

The resources provided below are associated links that will give you even more detailed information and research on current evasion technique. It is important to note that, while these resources may be helpful, it is important to exercise caution when following external links. As always, be careful when clicking on links from unknown sources, as they may lead to malicious content.

https://sensorstechforum.com/advanced-obfuscation-techniques-malware/