change

NelsonBigHead · Jan 3, 2023 · 88f92f0 · 88f92f0
1 parent 0f479df
commit 88f92f0
Show file tree

Hide file tree

Showing 4 changed files with 13 additions and 17 deletions.
diff --git a/Alcatraz/obfuscator/obfuscator.cpp b/Alcatraz/obfuscator/obfuscator.cpp
@@ -516,20 +516,20 @@ void obfuscator::run(PIMAGE_SECTION_HEADER new_section) {
 	for (auto func = functions.begin(); func != functions.end(); func++) {
 
 		//Obfuscate control flow
-		//this->flatten_control_flow(func);
+		this->flatten_control_flow(func);
 
 		for (auto instruction = func->instructions.begin(); instruction != func->instructions.end(); instruction++) {
 
 
-			/*
+
 			//Obfuscate IAT
 			if (instruction->isjmpcall && instruction->relative.target_inst_id == -1)
 				this->obfuscate_iat_call(func, instruction);
 
 
 			//Obfuscate 0xFF instructions to throw off disassemblers
-			if (instruction->raw_bytes.data()[0] == 0xFF)
-				this->obfuscate_ff(func, instruction);
+			//if (instruction->raw_bytes.data()[0] == 0xFF)
+				//this->obfuscate_ff(func, instruction);
 
 			//Obfuscate ADD
 			if (instruction->zyinstr.mnemonic == ZYDIS_MNEMONIC_ADD)
@@ -549,17 +549,12 @@ void obfuscator::run(PIMAGE_SECTION_HEADER new_section) {
 					i++;
 				}
 			}	
-			*/
-
+
 			int randval = rand() % 20 + 1;
-			this->add_junk(func, instruction);
+
 			if (randval == 1) {
-
-			}
-			else if (randval == 2) {
-
+				//this->add_junk(func, instruction);
 			}
-
 		}
 
 	}

diff --git a/Alcatraz/obfuscator/passes/antidisassembly.cpp b/Alcatraz/obfuscator/passes/antidisassembly.cpp
@@ -20,8 +20,6 @@ bool obfuscator::add_junk(std::vector<obfuscator::function_t>::iterator& functio
 	instruction = function->instructions.insert(instruction + 1, jnz);
 	instruction = function->instructions.insert(instruction + 1, garbage);
 
-	printf("%i %i %x\n", (instruction - 1)->isjmpcall, (instruction - 2)->isjmpcall, *(BYTE*)&instruction->raw_bytes.data()[0]);
-
 	(instruction - 2)->relative.target_func_id = function->func_id;
 	(instruction - 1)->relative.target_func_id = function->func_id;
 

diff --git a/README.md b/README.md
@@ -10,14 +10,13 @@ Alcatraz is a x64 binary obfuscator that is able to obfuscate various different
     + [Obfuscation of immediate moves](#obfuscation-of-immediate-moves)
     + [Control flow flattening](#control-flow-flattening)
     + [ADD mutation](#add-mutation)
+    + [Entrypoint obfuscation](#entrypoint-obfuscation)
+    + [Lea obfuscation](#lea-obfuscation)
     + [Anti disassembly](#anti-disassembly)
     + [Import obfuscation](#import-obfuscation)
-    + [Opaque predicates](#opaque-predicates)
-    + [Mixed boolean arithmetic](#mixed-boolean-arithmetic)
 
 <small><i><a href='http://ecotrust-canada.github.io/markdown-toc/'>Table of contents generated with markdown-toc</a></i></small>
 
-
 # Features
 In the following showcase all features (besides the one being showcased) are disabled.
 ### Obfuscation of immediate moves
@@ -82,3 +81,7 @@ IDA will try to decode the 0xE8 (call) but won't have any success:
 ### Import obfuscation
 There is no "proper" IAT obfuscation at the moment. The 0xFF anti disassembly trick takes care of it for now. Proper implementation is planned here:  
 [iat.cpp](Alcatraz/obfuscator/misc/iat.cpp)
+
+###Final result
+This is a snippet of our `main` function with everything except anti disassembly enabled (so IDA can create a function):  
+![imgfinal](images/final.PNG)  
diff --git a/images/final.PNG b/images/final.PNG