Skip to content

Ylarod/Pluto-Obfuscator

 
 

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

88 Commits
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 

Repository files navigation

Pluto-Obfuscator

Pluto is an obfuscator based on LLVM 12.0.1, mainly developed by 34r7h4mn.

Pluto is a dwarf planet in the Kuiper belt, a ring of bodies beyond the orbit of Neptune.

Environment

This project was developed and tested on the following environment:

  • Ubuntu 20.04.3 LTS
  • Clang/LLVM 12.0.1
  • CMake 3.16.3
  • Ninja 1.10.0

You can also build this project on Windows and MacOS, or even embed it in Android NDK toolchain (need some adjustment, tested on Android NDK r23).

Features

  • Control Flow Flattening
  • Bogus Control Flow
  • Instruction Substitution
  • Random Control Flow
  • Variable Substitution
  • String Encryption
  • Globals Encryption
  • Trap Angr (Experimental)
  • MBA Obfuscation

Usage

Building on Linux/Windows

The following commands work on both Linux and Windows:

cd build
cmake -G "Ninja" -DLLVM_ENABLE_PROJECTS="clang" \
    -DCMAKE_BUILD_TYPE=Release -DLLVM_TARGETS_TO_BUILD="X86" \
    -DBUILD_SHARED_LIBS=On ../llvm
ninja

Building on MacOS

mkdir -p build
cd build
cmake -G "Ninja" -DLLVM_ENABLE_PROJECTS="clang" \
    -DCMAKE_BUILD_TYPE=Release \
    -DDEFAULT_SYSROOT=$(xcrun --show-sdk-path) \
    -DCMAKE_OSX_SYSROOT=/Library/Developer/CommandLineTools/SDKs/MacOSX11.3.sdk \
    -DCMAKE_OSX_ARCHITECTURES="arm64;x86_64" \
    ../llvm
ninja

Test

Fast test on AES

Run a test case of AES to check out buggy code quickly and roughly.

See fast-check.sh and test/aes.

Full test on libsecp256k1

We have a full test on a crypto library named libsecp256k1 from bitcoin-core/secp256k1, to insure our passes work fine in most cases.

Passed:

  • Flattening: -O2 -mllvm -fla
  • BogusControlFlow: -O2 -mllvm -bcf
  • Substitution: -O2 -mllvm -sub
  • GlobalsEncryption: -O2 -mllvm -gle
  • MBAObfuscation: -O2 -mllvm -mba -mllvm -mba-prob=100
  • FullProtection (HIGHLY RECOMMENDED): -mllvm -mba -mllvm -mba-prob=100 -mllvm -fla -mllvm -gle

See check.sh and test/secp256k1.

About

Obfuscator based on LLVM 12.0.1

Resources

License

Stars

Watchers

Forks

Releases

No releases published

Packages

No packages published

Languages

  • LLVM 47.7%
  • C++ 32.9%
  • Assembly 10.9%
  • C 6.5%
  • Objective-C 0.7%
  • Python 0.4%
  • Other 0.9%