What is a packer?
A packer is a tool used to encapsulate executables. It serves to complicate both static and dynamic analysis of a binary. The goal is to protect the program while ensuring its normal execution and minimizing its impact on performance. This is achieved through several techniques, such as compression and encryption, as well as the implementation of various anti-debugging methods.
Many packer projects exist and are easily accessible online ( https://github.com/packing-box/awesome-executable-packing ).
Example: UPX
UPX (Ultimate Packer for eXecutables) is one of the most well-known packers. It is used to compress executable files across multiple operating systems.
How it works:
Another well-known packer: Themida
Unlike UPX, which is simple, free, and primarily designed for data compression, Themida provides advanced protection features such as:
Another example: VMProtect
VMProtect is an advanced packer mainly used to protect software from reverse engineering, piracy, and cracking.
The difference between Themida and VMProtect lies in their use cases: VMProtect is designed for software requiring maximum protection, such as critical programs or confidential algorithms.
We aim to develop a packer for ELF executables. This idea stems from our interest in cybersecurity, particularly reverse engineering. Our passion for this field has driven us to create such a tool.
Rust was chosen as the programming language for this project because it significantly complicates reverse engineering attempts. Rust’s compiler generates highly optimized machine code that is difficult to analyze, thanks to techniques such as:
In summary, a packer written in Rust offers strong protection against reverse engineering while maintaining good performance for the executable.
We are 4 EPITA students, making this project for EPITA.
Louis BEAUCAMPS (chef de projet)
Arthur WAMBST
Marcus POIROT
Gabriel TONGBOONNAK
To fully understand how this works, check this diagram !
Download the first dev report here (pdf)