GitPlanet

Cheap and reliable Node.js hosting starts at $3/month, and $1/month static HTML hosting

Created with love in Canada, visit hostnodejs.com today

Feel like to post an Ad? Learn Details
All Projects → meme → Hellscape

meme / Hellscape

Licence: gpl-3.0
GIMPLE obfuscator for C, C++, Go, ... all supported GCC targets and front-ends that use GIMPLE.

Labels

gcccompilersobfuscator

Projects that are alternatives of or similar to Hellscape

Osx Gcc Installer
GCC Installer for OSX! Without Xcode!
Stars: ✭ 3,078 (+932.89%)
Mutual labels:  gcc, compilers
Std Simd
std::experimental::simd for GCC [ISO/IEC TS 19570:2018]
Stars: ✭ 275 (-7.72%)
Mutual labels:  gcc
bleeding-edge-toolchain
All-in-one script to build bleeding-edge-toolchain for ARM microcontrollers
Stars: ✭ 60 (-79.87%)
Mutual labels:  gcc
real-world-idris
Malfunction backend for Idris with a FFI to OCaml
Stars: ✭ 26 (-91.28%)
Mutual labels:  compilers
awesome-internals
A curated list of awesome resources and learning materials in the field of X internals
Stars: ✭ 78 (-73.83%)
Mutual labels:  compilers
Compilingtheory
My course design for compiler theory (Visualization).
Stars: ✭ 257 (-13.76%)
Mutual labels:  compilers
sus
A now actually pretty good amogus themed javascript obfuscator lol
Stars: ✭ 23 (-92.28%)
Mutual labels:  obfuscator
Devito
Code generation framework for automated finite difference computation
Stars: ✭ 285 (-4.36%)
Mutual labels:  compilers
Efifs
EFI FileSystem drivers
Stars: ✭ 272 (-8.72%)
Mutual labels:  gcc
gcc-builder
A collection of scripts for building GCC on Linux
Stars: ✭ 36 (-87.92%)
Mutual labels:  gcc
cs-resources
Curated Computer Science and Programming Resource Guide
Stars: ✭ 42 (-85.91%)
Mutual labels:  compilers
SharpLoader
🔮 [C#] Source code randomizer and compiler
Stars: ✭ 36 (-87.92%)
Mutual labels:  obfuscator
Boomerang
Boomerang Decompiler - Fighting the code-rot :)
Stars: ✭ 265 (-11.07%)
Mutual labels:  gcc
scuti
scuti java obfuscator repository
Stars: ✭ 46 (-84.56%)
Mutual labels:  obfuscator
Gcc termux
Gcc for termux with fortran scipy etc... Use apt for newest updates instructions in README.txt
Stars: ✭ 276 (-7.38%)
Mutual labels:  gcc
ciforth
A generic system for creating i86 implementations of the language Forth.
Stars: ✭ 38 (-87.25%)
Mutual labels:  compilers
Phpfuck
PHPFuck: ([+.^]) / Using only 7 different characters to write and execute php.
Stars: ✭ 249 (-16.44%)
Mutual labels:  obfuscator
python-obfuscator
I got tired of writing good code so I made good code to make bad code
Stars: ✭ 52 (-82.55%)
Mutual labels:  obfuscator
Usrefl
Header-only, tiny (99 lines) and powerful C++20 static reflection library.
Stars: ✭ 287 (-3.69%)
Mutual labels:  gcc
Raspberry Pi Cross Compilers
Latest GCC Cross Compiler & Native (ARM & ARM64) CI generated precompiled standalone toolchains for all Raspberry Pis. 🍇
Stars: ✭ 261 (-12.42%)
Mutual labels:  gcc
View All Similar Projects ➔

hellscape

GIMPLE obfuscator for C, C++, Go, ... all supported GCC targets and front-ends that use GIMPLE.

Inspired by the seminal paper by Pascal Junod and co.: Obfuscator-LLVM -- Software Protection for the Masses.

Table of Contents
Original Substitution Bogus Control Flow Flattening

Installation

Currently building on Linux is supported, you may find some luck on macOS (PRs are welcomed).

You need CMake, gcc (with plugins enabled) and (optionally) ninja.

GCC >= 9.3.0 is required, GCC 10.1.0 is tested and working.

$ mkdir build
$ cd build
$ cmake ..
$ cmake --build .

Then place hellscape.so in a known directory, like ~/bin/hellscape.so and pass the correct path to GCC.

"Show me how to use it, dammit!"

Throughout this walk-through, we'll use the following function:

uint32_t target(uint32_t n) {
  uint32_t mod = n % 4;
  uint32_t result = 0;

  if (mod == 0) {
    result = (n | 0xBAAAD0BF) * (2 ^ n);
  } else if (mod == 1) {
    result = (n & 0xBAAAD0BF) * (3 + n);
  } else if (mod == 2) {
    result = (n ^ 0xBAAAD0BF) * (4 | n);
  } else {
    result = (n + 0xBAAAD0BF) * (5 & n);
  }

  return result;
}

(Adapted from here.)

The CFG produced by this function (including GIMPLE IR) is as follows:

The compiler plugin is easy to use; let's enable each pass one-by-one and look at the CFG, then at the end run all 3 passes together.

Instruction Substitution

For the first magic trick, instruction substitution. The command below,

  • Sets the RNG seed to 0xdeadbeef as to ensure binaries are reproducable. Outside of testing, you probably want to omit that flag to produce diverse binaries,
  • Enables the subsitution pass (note you can enable "looping", i.e.: running the pass over itself multiple times with -fplugin-arg-hellscape-subLoop=X.)
$ gcc -fPIC -fplugin=/path/to/hellscape.so -fplugin-arg-hellscape-seed=deadbeef -fplugin-arg-hellscape-sub target.c

Let's view the produced CFG with the Viz class:

Bogus Control Flow

Now for a smokescreen: bogus control flow. The command below,

  • Sets the RNG seed (see above),
  • Enables the bogus control flow pass which wraps every basic block in an opaque condition that always evaluates to true.
$ gcc -fPIC -fplugin=/path/to/hellscape.so -fplugin-arg-hellscape-seed=deadbeef -fplugin-arg-hellscape-bcf target.c

Again, viewing the CFG:

Flattening

The last trick (for now) is flattening. The command below,

  • Sets the RNG seed (see above),
  • Enables the flattening pass.
$ gcc -fPIC -fplugin=/path/to/hellscape.so -fplugin-arg-hellscape-seed=deadbeef -fplugin-arg-hellscape-fla target.c

Then, viewing the CFG:

All at once

Simply rolling all the above commands together, we get the following CFG (view in a browser):

$ gcc -fPIC -fplugin=/path/to/hellscape.so -fplugin-arg-hellscape-seed=deadbeef -fplugin-arg-hellscape-fla -fplugin-arg-hellscape-bcf -fplugin-arg-hellscape-sub target.c

And of course in IDA it is even worse due to switch lowering:

Adding a custom pass

If you ever get stuck, reference one of the existing passes, they're well documented. That being said, the general idea is as follows:

  1. Create a new pass class, e.g.: ExamplePass, under the file EX.cpp and EX.h,
  2. Copy the contents of SUB.h and re-name the pass data, name of the pass as well as the constructor,
  3. Create a function execute in the corresponding C++ file, and complete your pass,
  4. Register it under the PassManager by adding a new option, register_pass_info and register_callback, as necessary,
  5. Submit the pass for review.

Note that for as pass to be accepted upstream, it must compile for a gcc build that has --enable-checking=yes,rtl,tree added. (You will need to re-build gcc for your target architecture with --enable-checking.)

Additionally: If you experience crashes when developing your plug-in, you can debug them by passing -wrapper gdb,--args to gcc. (Run gcc in gdb, effectively.)

License

Hellscape is free software: you can redistribute it and/or modify it under the terms of the GNU General Public License as published by the Free Software Foundation, either version 3 of the License, or (at your option) any later version.

Hellscape is distributed in the hope that it will be useful, but WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License for more details.

To be clear: this software is GPLv3 because it uses GCC headers which are licensed as GPLv3, I could have went with a license that is compatible with the GPLv3 but that would still be inconsequential as to the requirements of distributing this software.

This also means that due to the nature of the GCC plugin system, it is close to impossible to build proprietary GCC plugins; please keep this in mind when you re-distribute this software.

As always, speak with your lawyer if you have any questions. This is not legal advice.

Note that the project description data, including the texts, logos, images, and/or trademarks, for each open source project belongs to its rightful owner. If you wish to add or remove any projects, please contact us at [email protected].