The Ultimate Packer for Executables (UPX), is a multiplataform tool, free and open-source that can compress executable binaries, like Windows/Linux libraries and executables. The tool can help since reduce the binary size to just hide its static strings for example. Here you can see how use it.
Why would I use a tool like UPX? if you work with embedded systems for example, soon or later you will have an obstacle, small memory/flash. Sometimes you need run a binary that compiled with all optimizations has 300 Kbytes, but your system has just 200 Kbytes free, and now? that's where UPX can help!
How it works? In brief, the tool compacts the original binary file in another, smaller, so when you run the smaller, it self extract the original file in memory and execute it, this is all done at runtime. Now let's use the "vdir" binary as example, it's a system binary present in "/bin" directory of Linux:
ls -lh vdir -rwxr-xr-x 1 root root 103K Nov 19 2012 vdir vdir --version vdir (GNU coreutils) 8.13 Copyright (C) 2011 Free Software Foundation, Inc. License GPLv3+: GNU GPL version 3 or later <http://gnu.org/licenses/gpl.html>. This is free software: you are free to change and redistribute it. There is NO WARRANTY, to the extent permitted by law. Written by Richard M. Stallman and David MacKenzie.
The file has 103 Kbytes and some static strings like the authors names, which could be easily replaced by any hex editor for others names for example. Let's compact with UPX and see what happens, the syntax for maximum compression is this:
upx --ultra-brute vdir -o vdir_upx Ultimate Packer for eXecutables Copyright (C) 1996 - 2013 UPX 3.91 Markus Oberhumer, Laszlo Molnar & John Reiser Sep 30th 2013 File size Ratio Format Name -------------------- ------ ----------- ----------- 104512 -> 44456 42.54% linux/elf386 vdir_upx Packed 1 file.
ls -lh vdir vdir_upx -rwxr-xr-x 1 root root 103K Nov 19 2012 vdir -rwxr-xr-x 1 root root 44K Nov 19 2012 vdir_upx
The file isn't just smaller, but the static strings cannot be replaced or seen. Of course, an UPX file can be "spotted" by its binary signature, and the original file extracted by anyone. That's all! enjoy and test by yourself!
About the versions
- Linux Ubuntu 12.04
- UPX 3.91