Skip to content
/ Vesuki-Polymorphic-Control-Flow-Obfuscator Public

Defensive Rust control-flow obfuscation and anti-analysis tooling for x86_64 binaries

License

View license
2 stars 0 forks Branches Tags Activity
Star
Notifications You must be signed in to change notification settings

TITAN-Softwork-Solutions/Vesuki-Polymorphic-Control-Flow-Obfuscator

BranchesTags

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

2 Commits
.cargo
.cargo
 
 
Diagram
Diagram
 
 
Vesuki Macros
Vesuki Macros
 
 
Vesuki
Vesuki
 
 
__VSK_TESTING
__VSK_TESTING
 
 
.gitignore
.gitignore
 
 
LICENSE
LICENSE
 
 
README.md
README.md
 
 

Repository files navigation

Vesuki

Vesuki is a Rust x86_64 control-flow hardening and obfuscation toolkit built for authorized anti-tamper and defensive software protection. It provides a proc-macro attribute that rewrites annotated functions into a dispatcher-style execution form and injects per-build randomized “noise blocks” (entropy mixing, opaque branching, disassembly decoys) to raise the cost of static analysis and signature-based reversing.

Use responsibly: Vesuki is intended for defensive research and protecting software you own or explicitly control. Do not deploy it to conceal malware or evade monitoring in unauthorized environments.

What's Included

This repository is a small workspace with three pieces:

  • Vesuki runtime (vesuki)

    • Core runtime functions, entropy sources, state evolution, and generated per-build block wrappers.
    • vesuki_call!() macro for injecting per-site noise.

  • Vesuki proc-macro (vesuki_macros)

    • #[VESUKI] attribute for functions and methods.
    • Rewrites bodies into an obfuscated dispatcher shape and inserts Vesuki noise calls.

  • Test suite (test_suite)

    • Minimal example program demonstrating the attribute macro on functions + methods.

High-Level Capabilities

IDA BN2

  • Attribute-based function transformation via #[VESUKI]

  • Per-callsite noise injection via vesuki_call!()

  • Per-build randomized code generation (build script emits a generated module into OUT_DIR)

  • Multiple “intensity” drivers:

    • vesuki_light(), vesuki_medium(), vesuki_heavy()

  • Entropy seeding using CPU facilities (RDSEED when available, serialized TSC fallback)

  • Control-flow noise primitives:

    • opaque predicates and gated execution
    • state-driven block selection
    • inline asm nops and disassembly decoys
    • randomized thunk banks for indirect execution variance

  • Custom section placement for generated wrappers to reduce layout predictability

How It Works

Compile-Time (Proc Macro)

#[VESUKI] performs a structural rewrite of the target function:

  • Computes a stable hash from the signature + body tokens
  • Hoists let bindings into a stable “setup” region
  • Executes remaining statements through a dispatcher loop seeded from per-build constants
  • Captures return values (when present) into an internal Option<T> slot

This transformation is designed to preserve behavior for typical “leaf” functions and tight routines, while making the resulting control flow less directly readable.

Build-Time (Generated Runtime)

build.rs generates a per-build Rust module that contains:

  • build-specific constants and seeds
  • randomized execution orders for light/medium/heavy paths
  • wrapper functions around “block” primitives with randomized skins/sections
  • thunk banks used to introduce additional indirection and variance

The generated module is included at compile time via:

include!(concat!(env!("OUT_DIR"), "/vesuki_gen.rs"));

Runtime (Noise Injection)

The runtime provides:

  • vesuki_call!() for per-site injection (salted by file:line:col)
  • vesuki_inline::<SALT, CFG>() and intensity drivers for chaining blocks
  • state advancement routines that mix entropy and evolve control-flow selection

Requirements

  • Architecture: x86_64 only (the runtime uses inline assembly and x86_64 arch intrinsics)
  • Rust toolchain: stable Rust (proc-macro + build script + inline asm)

Quick Start

1) Build the workspace

cargo build --locked

2) Run the example

cd test_suite
cargo run --release --locked

Usage

Annotate a function

use vesuki_macros::VESUKI;

#[VESUKI]
fn fib(mut n: u64) -> u64 {
    let (mut a, mut b) = (0_u64, 1_u64);
    while n > 0 {
        let t = a.wrapping_add(b);
        a = b;
        b = t;
        n -= 1;
    }
    a
}

Inject noise at a callsite

use vesuki::vesuki_call;

#[cfg(target_arch="x86_64")]
{
    vesuki_call!();
    vesuki::vesuki_light();
}

Practical Guidance

Vesuki is most effective when applied to:

  • small, high-value routines (checks, gates, token validation, licensing, policy decisions)
  • leaf functions or methods where the body is relatively compact
  • code paths where additional instructions and branching noise are acceptable

To avoid surprising behavior:

  • Prefer wrapping tightly-ordered sequences into a single block/loop statement when possible.
  • Treat Vesuki as anti-analysis friction, not as a semantic optimizer or a security boundary.

Threat Model Fit

Vesuki helps with:

  • raising static reversing cost (especially for signature-based or pattern-driven analysis)
  • increasing per-build variance to reduce “one bypass fits all builds”
  • adding execution noise around sensitive control points

About

Defensive Rust control-flow obfuscation and anti-analysis tooling for x86_64 binaries

Topics

security obfuscation reverse-engineering control-flow binary-analysis polymorphism re software-protection defensive-security anti-tamper

Resources

Readme

License

View license
Activity
Custom properties

Stars

2 stars

Watchers

0 watching

Forks

0 forks
Report repository

Releases

No releases published

Packages

No packages published

Languages