Skip to content

Dendim0n/LLVMObfuscator

BranchesTags
 
 

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

82 Commits
assets
assets
 
 
clang
clang
 
 
llvm
llvm
 
 
test
test
 
 
.gitignore
.gitignore
 
 
LICENSE
LICENSE
 
 
README.md
README.md
 
 
TrapAngr.md
TrapAngr.md
 
 
build.sh
build.sh
 
 
build_macos.sh
build_macos.sh
 
 
check.sh
check.sh
 
 
fast-check.sh
fast-check.sh
 
 

Repository files navigation

Pluto-Obfuscator

Pluto is an obfuscator based on LLVM 12.0.1, mainly developed by 34r7h4mn.

Pluto is a dwarf planet in the Kuiper belt, a ring of bodies beyond the orbit of Neptune.

Environment

This project was developed and tested on the following environment:

  • Ubuntu 20.04.3 LTS
  • Clang/LLVM 12.0.1
  • CMake 3.16.3
  • Ninja 1.10.0

You can also build this project on Windows and MacOS, or even embed it in Android NDK toolchain (need some adjustment, tested on Android NDK r23).

Features

  • Control Flow Flattening
  • Bogus Control Flow
  • Instruction Substitution
  • Random Control Flow
  • Variable Substitution
  • String Encryption
  • Globals Encryption
  • Trap Angr (Experimental)
  • MBA Obfuscation

Usage

Building on Linux/Windows

The following commands work on both Linux and Windows:

cd build
cmake -G "Ninja" -DLLVM_ENABLE_PROJECTS="clang" \
    -DCMAKE_BUILD_TYPE=Release -DLLVM_TARGETS_TO_BUILD="X86" \
    -DBUILD_SHARED_LIBS=On ../llvm
ninja

Building on MacOS

mkdir -p build
cd build
cmake -G "Ninja" -DLLVM_ENABLE_PROJECTS="clang" \
    -DCMAKE_BUILD_TYPE=Release \
    -DDEFAULT_SYSROOT=$(xcrun --show-sdk-path) \
    -DCMAKE_OSX_SYSROOT=/Library/Developer/CommandLineTools/SDKs/MacOSX11.3.sdk \
    -DCMAKE_OSX_ARCHITECTURES="arm64;x86_64" \
    ../llvm
ninja

Test

Fast test on AES

Run a test case of AES to check out buggy code quickly and roughly.

See fast-check.sh and test/aes.

Full test on libsecp256k1

We have a full test on a crypto library named libsecp256k1 from bitcoin-core/secp256k1, to insure our passes work fine in most cases.

Passed:

  • Flattening: -O2 -mllvm -fla
  • BogusControlFlow: -O2 -mllvm -bcf
  • Substitution: -O2 -mllvm -sub
  • GlobalsEncryption: -O2 -mllvm -gle
  • MBAObfuscation: -O2 -mllvm -mba -mllvm -mba-prob=100
  • FullProtection (HIGHLY RECOMMENDED): -mllvm -mba -mllvm -mba-prob=100 -mllvm -fla -mllvm -gle

See check.sh and test/secp256k1.

About

Obfuscator based on LLVM 12.0.1

Resources

Readme

License

MIT license
Activity

Stars

0 stars

Watchers

0 watching

Forks

0 forks
Report repository

Releases

No releases published

Packages

No packages published

Languages

  • LLVM 47.7%
  • C++ 32.9%
  • Assembly 10.9%
  • C 6.5%
  • Objective-C 0.7%
  • Python 0.4%
  • Other 0.9%