May 26, 2015

Compact Binaries with UPX

The Ultimate Packer for Executables (UPX), is a multiplataform tool, free and open-source that can compress executable binaries, like Windows/Linux libraries and executables. The tool can help since reduce the binary size to just hide its static strings for example. Here you can see how use it.

Why would I use a tool like UPX? if you work with embedded systems for example, soon or later you will have an obstacle, small memory/flash. Sometimes you need run a binary that compiled with all optimizations has 300 Kbytes, but your system has just 200 Kbytes free, and now? that's where UPX can help!

How it works? In brief, the tool compacts the original binary file in another, smaller, so when you run the smaller, it self extract the original file in memory and execute it, this is all done at runtime. Now let's use the "vdir" binary as example, it's a system binary present in "/bin" directory of Linux:

ls -lh vdir 
-rwxr-xr-x 1 root root 103K Nov 19  2012 vdir

vdir --version
vdir (GNU coreutils) 8.13
Copyright (C) 2011 Free Software Foundation, Inc.
License GPLv3+: GNU GPL version 3 or later <>.
This is free software: you are free to change and redistribute it.
There is NO WARRANTY, to the extent permitted by law.

Written by Richard M. Stallman and David MacKenzie.

The file has 103 Kbytes and some static strings like the authors names, which could be easily replaced by any hex editor for others names for example. Let's compact with UPX and see what happens, the syntax for maximum compression is this:

upx --ultra-brute vdir -o vdir_upx

                       Ultimate Packer for eXecutables
                          Copyright (C) 1996 - 2013
UPX 3.91        Markus Oberhumer, Laszlo Molnar & John Reiser   Sep 30th 2013

        File size         Ratio      Format      Name
   --------------------   ------   -----------   -----------
    104512 ->     44456   42.54%  linux/elf386   vdir_upx                      

Packed 1 file.


ls -lh vdir vdir_upx 
-rwxr-xr-x 1 root root 103K Nov 19  2012 vdir
-rwxr-xr-x 1 root root  44K Nov 19  2012 vdir_upx

The file isn't just smaller, but the static strings cannot be replaced or seen. Of course, an UPX file can be "spotted" by its binary signature, and the original file extracted by anyone. That's all! enjoy and test by yourself!

About the versions
  • Linux Ubuntu 12.04
  • UPX 3.91

0 comentários :

Post a Comment