Global Cyber Security Company

Ariadne´s Thread: Group-IB presents its first automated universal deobfuscator

December 16, 2011

MOSCOW - Group-IB, the first Russian company providing comprehensive investigation of IT security incidents and breaches of information security, is announcing the release of Ariadne, a unique deobfuscator. This tool is unprecedented, allowing reverse-engineering experts to quickly and effectively investigate software algorithms that have been protected against analysis.

Ariadne is a versatile set of tools, a framework that contributes to significant time saving during investigations of the operating principles of various software. By using Ariadne, one can read and modify executable files, translate their machine code into symbolic notation, and even convert parts of the code into an intermediate representation, convenient for analysis. The new framework is very simple to use, and can be easily integrated into other products. For instance, a plugin for IDA, a popular disassembler, is already available.

However, the main feature of Ariadne is having a number of proprietary optimization algorithms, using which can greatly simplify the code being protected by means of obfuscation. AIR Wave Deobfuscation Technology, a unique technology not based on any structural code templates, allows for flushing out of useless sets of instructions and variables used by the program´s creators for the purposes of source code obfuscation. This ensures the high level of deobfuscation without resorting to prohibitive computational resources. The code unraveling technology was developed specifically with regard to the need for practical application on varied PC configurations.

Thus, the Ariadne framework incorporates several tools, enabling reverse-engineering professionals to rapidly analyze operational algorithms of the programs being investigated. Ariadne can also be used in creating new software solutions or software protections.

«Until today, the market lacked a widely available universal deobfuscator,» says Ilya Sachkov, CEO of Group-IB. «The Ariadne framework was created as an advanced software to be used for research in computer forensics. This is the first phase of our innovations of forensic software. I hope that Ariadne will indeed be that thread, which leads Group-IB´s other software and hardware solutions onto the market.»

«During our ongoing research of the functionalities of malware, we are constantly confronted with the fact that the virus writers use a variety of methods to protect the code against analysis,» notes Alexander Matrosov, Director of ESET´s Center for Virus Research and Analytics. «Therefore, one used to be forced to apply an individualized approach in every case, or resort to developing new internal tools. With the advent of Ariadne, the code deobfuscation issues can be resolved more efficiently, and the framework can easily be integrated with the internal infrastructures of forensic and antivirus laboratories.»

To receive more information about this product and to see examples of its deobfuscation capabilities, please visit Ariadne´s official site at ariadne.group-ib.ru.

About Group-IB

Group-IB is the first company in Russia and the CIS working professionally and comprehensively in cybercrime investigation. As part of the company, a computer forensics lab provides independent computer forensic investigations, including for Russian law enforcement agencies. Created on the basis of Group-IB, CERT-GIB operates as the first private computer emergency response team in Russia. Group-IB is part of LETA Group.

For additional information contact Bogdan Vovchenko, Group-IB´s PR Manager, at +7 (495) 661-55-38, or vovchenko@group-ib.ru.

Contact Us:

+1 917 809-47-41
help@group-ib.com

More information