Efficient Deobfuscation of Linear Mixed Boolean-Arithmetic Expressions

TL;DR

This paper introduces SiMBA, a simple and efficient algorithm that outperforms previous methods in deobfuscating linear Mixed Boolean-Arithmetic expressions, simplifying complex obfuscations faster and more reliably.

Contribution

The paper presents SiMBA, a novel algorithm that fully deobfuscates linear MBAs more efficiently than existing tools, with improved accuracy and speed.

Findings

SiMBA deobfuscates all linear MBAs.

SiMBA is faster than previous algorithms.

SiMBA reliably finds simple solutions.

Abstract

Mixed Boolean-Arithmetic (MBA) expressions are frequently used for obfuscation. As they combine arithmetic as well as Boolean operations, neither arithmetic laws nor transformation rules for logical formulas can be applied to suitably complex expressions, making MBAs hard to simplify and solve. In 2019, Liu et al. demystified linear MBAs, leveraging a transformation between the set $B=\{0,1\}$ of bit values and the set $B^n$ of words of length $n\in\mathbb{N}$ for linear MBAs, originally introduced by Zhou et al. in 2007. With their MBA-Blast and MBA-Solver algorithms, they outperform existing tools noticably in terms of performance as well as ability to simplify of such MBAs. We propose a surprisingly simple algorithm called SiMBA that improves upon MBA-Blast and MBA-Solver in that it can deobfuscate all linear MBAs, does not miss particularly simple solutions and takes only a fraction of their runtime.