https://github.com/apachecn-archive/pluto-obfuscator

https://github.com/apachecn-archive/pluto-obfuscator

Science Score: 13.0%

This score indicates how likely this project is to be science-related based on various indicators:

  • CITATION.cff file
  • codemeta.json file
    Found codemeta.json file
  • .zenodo.json file
  • DOI references
  • Academic publication links
  • Academic email domains
  • Institutional organization owner
  • JOSS paper metadata
  • Scientific vocabulary similarity
    Low similarity (8.5%) to scientific vocabulary
Last synced: 10 months ago · JSON representation

Repository

Basic Info
  • Host: GitHub
  • Owner: apachecn-archive
  • License: mit
  • Language: LLVM
  • Default Branch: main
  • Size: 105 MB
Statistics
  • Stars: 0
  • Watchers: 1
  • Forks: 0
  • Open Issues: 0
  • Releases: 0
Created about 3 years ago · Last pushed about 3 years ago
Metadata Files
Readme License

README.md

Pluto-Obfuscator

Pluto is an obfuscator based on LLVM 12.0.1, mainly developed by 34r7h4mn and za233.

Pluto is a dwarf planet in the Kuiper belt, a ring of bodies beyond the orbit of Neptune.

Environment

This project was developed and tested on the following environment: - Ubuntu 20.04.3 LTS - Clang/LLVM 12.0.1 - CMake 3.16.3 - Ninja 1.10.0

You can also build this project on Windows and MacOS, or even merge it into Android NDK toolchain (tested on Android NDK r23).

Features

  • Control Flow Flattening
  • Bogus Control Flow
  • Instruction Substitution
  • Random Control Flow
  • Variable Substitution
  • String Encryption
  • Globals Encryption
  • Trap Angr (Experimental)
  • MBA Obfuscation

Usage

Build on Linux/Windows

The following commands work on both Linux and Windows: shell cd build cmake -G "Ninja" -DLLVM_ENABLE_PROJECTS="clang" \ -DCMAKE_BUILD_TYPE=Release -DLLVM_TARGETS_TO_BUILD="X86" \ -DBUILD_SHARED_LIBS=On ../llvm ninja ninja install # Comment it out if you already have another version of LLVM installed on your machine

Build on MacOS

shell mkdir -p build cd build cmake -G "Ninja" -DLLVM_ENABLE_PROJECTS="clang" \ -DCMAKE_BUILD_TYPE=Release \ -DDEFAULT_SYSROOT=$(xcrun --show-sdk-path) \ -DCMAKE_OSX_SYSROOT=/Library/Developer/CommandLineTools/SDKs/MacOSX11.3.sdk \ -DCMAKE_OSX_ARCHITECTURES="arm64;x86_64" \ ../llvm ninja ninja install # Comment it out if you already have another version of LLVM installed on your machine

Filter Mode

In case you just want to obfuscate specific functions, Pluto-Obfuscator also provides a filter mechanism using annotation, to help you specify which functions should or should not be obfuscated.

To enable this mechanism, you should pass -mllvm -filter-mode=include or -mllvm -filter-mode=exclude to clang as an argument.

  • -filter-mode=include: only those functions with "include" annotation will be obfuscated.
  • -filter-mode=exclude: ignore those functions with "exclude" annotation.
  • -filter-mode=none: all functions will be processed. (by defualt)

For example: shell clang++ TestFilter.cpp -mllvm -fla -mllvm -filter-mode=include -o TestFilter_include # include mode clang++ TestFilter.cpp -mllvm -fla -mllvm -filter-mode=exclude -o TestFilter_include # exclude mode clang++ TestFilter.cpp -mllvm -fla -mllvm -o TestFilter_include # default mode

Following is a self-explanatory snippet showing how to annonate functions. In this case, only foo1 will be obfuscated in include mode. Only foo2 will be ignored in exclude mode. And foo3 will always be obfuscated: ```cpp

define FUNCINCLUDE _attribute__((annotate("include")))

define FUNCEXCLUDE _attribute__((annotate("exclude")))

FUNC_INCLUDE void foo1(){ }

FUNC_EXCLUDE void foo2(){ }

void foo3(){ }

int main(){ foo1(); foo2(); foo3(); } ```

Test

Quick Test on AES

If you are developing your own passes based on this project, you can simply check your passes using ./fast-check [your-passes] (e.g., ./fast-check.sh gle mba mba-prob=40).

See fast-check.sh and test/aes.

Test on libsecp256k1

You can also utilize the crypto library libsecp256k1 as a test suite to insure your passes work well in most cases before releasing. Use ./check [your-passes] (e.g., ./check.sh -s -mllvm -mba -mllvm -mba-prob=50 -mllvm -fla-ex -mllvm -gle) to perform the test. Generally, it will cost several minutes to be done.

Passed Parameters: - Flattening: -O2 -mllvm -fla - FlatteningEnhanced: -O2 -mllvm -fla-ex - BogusControlFlow: -O2 -mllvm -bcf - Substitution: -O2 -mllvm -sub - GlobalsEncryption: -O2 -mllvm -gle - MBAObfuscation: -O2 -mllvm -mba -mllvm -mba-prob=100 - FullProtection (HIGHLY RECOMMENDED): -s -mllvm -mba -mllvm -mba-prob=50 -mllvm -fla-ex -mllvm -gle

See check.sh and test/secp256k1.

Owner

  • Name: ApacheCN 归档
  • Login: apachecn-archive
  • Kind: organization
  • Email: wizard.z@qq.com

防止重要项目丢失而设立的归档

GitHub Events

Total
Last Year