Automatic Disassembly Desynchronization Obfuscator

Overview

desync-cc --- Automatic Disassembly Desynchronization Obfuscator

desync-cc is designed as a drop-in replacement for gcc, which applies disassembly desynchronization during compilation.

The tool supports opaque predicates with both always-taken branches (where the fallthrough leads to desynchronization), and never-taken branches (with a fake jump into the middle of an instruction).

Prerequisites

For the Python scripts to run, the capstone and pyelftools modules needs to be installed. Can be installed with:

pip install capstone pyelftools

The C++ project requires the following packages to build and install:

  • CMake 3.12+
  • GCC 10+

Optional packages for development:

  • clang-tidy 11+
  • clang-format 11+

Building

The project uses third party code from Keystone, Capstone and SMHasher as git submodules. After cloning the repository, you need to also fetch the third party code by running (in the project directory):

git submodule init
git submodule update

To build, run the following commands in the project directory:

mkdir build && cd build     # Create build directory and change to it.
cmake ..                    # Configure the project.
cmake --build .             # Compile the project.

The result is written to build/desync-cc/bin. The default configuration directory is copied to build/desync-cc/share.

Building (Debug)

To build a debug version in a separate build tree, run the following:

mkdir build/Debug && cd build/Debug
cmake .. -D CMAKE_BUILD_TYPE=Debug
cmake --build .

Building (with static analysis)

Follow the steps for building above, but add the option -D DESYNC_USE_CLANG_TIDY:BOOL=ON when running cmake ..

Testing

Build the project as described above. Then, in the build directory, run the following command:

ctest

Installing

After building the project, in the build directory, run the following command with super user privileges:

cmake --install .

The desync-cc directory (containingbin and share) are by default installed to /usr/local. If you wish to install to a different directory, add the option -D CMAKE_INSTALL_PREFIX=<path> when running cmake ..

Running

To build a project using the obfuscator, simply use desync-cc instead of the default compiler. For example, for a makefile project, run

make clean
make CC=<install or build path>/desync-cc/bin/desync-cc

This will use the default configuration in <install or build path>/desync-cc/share. To use a custom configuration, set the DESYNC_CONFIG_BASE_DIR environment variable:

make clean
DESYNC_CONFIG_BASE_DIR=<path to config dir> make CC=<desync-cc path>

The following additional environment variable can be used to control the behavior of desync-cc:

DESYNC_LOG_FILE=<path>    # Print the predicate generator output to a file instead of stderr
DESYNC_JUNK_DEBUG=1       # Have the junk-byte generator print some debug info
DESYNC_JUNK_BENCHMARK=1    # Have the junk-byte generator print performance statistics

Compatibility

desync-cc should work with any program written in any language supported by gcc (it has been tested for C and C++), with one important exception: if the program uses hand-written assembly with hardcoded offsets, those offsets will likely be incorrect after desync-cc has added instructions to the assembly, which would often result in subtly faulty generated code. The tool makes some effort to detect this, but those checks are not complete!

You must make sure to not use the obfuscator on such programs, or to rewrite the assembly to use symbolic labels.

Configuration

The program accepts the following configuration strings in the config.cfg file:

  • log_file File to write printed info to
  • verbose If true will print for each of the print settings below, regardless of their value
  • print_config Print the used configuration (including any randomized seeds)
  • print_assembly Print the assembly file as they were first read by the program
  • print_cfg Print the control flow graph
  • print_result Print the modified assembly
  • print_stats Print the number of predicates inserted and the total number of instructions in the original assembly
  • dry_run If true the assembly will not be overwritten, leaving any processed files as they were originally
  • seed Accepts "random" for a random seed or a numeric value. Affects the used distributions
  • junk_length_distribution Type of distribution for deciding the length of junk-byte blocks to insert. Accepts "constant", "uniform" or "normal"
  • junk_length Value for constant distribution of junk-bytes length
  • junk_length_min Minimum value for uniform distribution of junk-bytes length
  • junk_length_max Maximum value for uniform distribution of junk-bytes length
  • junk_length_mean Mean value for normal distribution of junk-bytes length
  • junk_length_stddev Standard deviation for normal distribution of junk-bytes length
  • interval_distribution Type of distribution for deciding number of instructions to skip between each predicate. Accepts "constant", "uniform" or "normal"
  • interval Value for constant instruction interval
  • interval_min Minimum value for uniform distribution of instruction intervals
  • interval_max Maximum value for uniform distribution of instruction intervals
  • interval_mean Mean value for normal distribution of instruction intervals
  • interval_stddev Standard deviation for normal distribution of instruction intervals
  • instruction_pattern Regex to match what instructions to insert predicates before
  • predicate_file File containing predicate templates
  • predicate_pattern Regex to match what named predicates to use from the template file
  • predicate_distribution Type of distribution for deciding what predicate to use. Accepts "uniform" or "discrete"
  • predicate_weight Weight to use for discrete distribution of predicates. Can specify a weight for each predicate on each new line
  • use_spilling If true, attempt to use register spilling instead of simply giving up when there are not enough free registers to apply a predicate.
  • always_taken_fraction Fraction of predicates that should be always-taken branches (the rest being never-taken). Default: 0.5
  • debug_cfg If true every free register will be filled with constant -1 before every instruction in the assembly. Distributions will be ignored so every run will give the same result.
Owner
Ulf Kargén
Ulf Kargén
Windows 10 interface adjustment tool supports automatic switching of light and dark modes, automatic switching of themes and transparent setting of taskbar

win10_tools Windows 10 interface adjustment tool supports automatic switching of light and dark modes, automatic switching of themes and transparent s

Simon 1 Dec 3, 2021
Capstone disassembly/disassembler framework

Capstone Engine Capstone is a disassembly framework with the target of becoming the ultimate disasm engine for binary analysis and reversing in the se

Capstone Engine 2 Nov 8, 2021
Capstone disassembly/disassembler framework: Core + bindings.

Capstone disassembly/disassembler framework: Core (Arm, Arm64, BPF, EVM, M68K, M680X, MOS65xx, Mips, PPC, RISCV, Sparc, SystemZ, TMS320C64x, Web Assembly, X86, X86_64, XCore) + bindings.

Capstone Engine 5.3k Dec 1, 2021
Capstone disassembly/disassembler framework

Capstone Engine Capstone is a disassembly framework with the target of becoming the ultimate disasm engine for binary analysis and reversing in the se

Capstone Engine 36 Nov 22, 2021
Toy LLVM obfuscator pass

ToyObfuscator Some simple obfuscator ;) (base on llvm-10) Compile Build out-tree pass git clone https://github.com/veritas501/ToyObfuscator.git cd Toy

veritas501 23 Nov 21, 2021
Obfuscator refactored and extended from OLLVM.

OLLVM++ Obfuscator refactored and extended from OLLVM. Environment Ubuntu 18.04.5 LTS LLVM 12.0.1 Clang 12.0.1 CMake 3.21.1 Usage Compile Obfuscation

34r7hm4n 51 Dec 1, 2021
a playground for working with fully static tensors and automatic differentiation

This is a playground for learning about how to apply template-meta-programming to get more efficient evaluation for tensor-based automatic differentiation.

Edward Kmett 16 Mar 18, 2021
This repository is used for automatic calibration between high resolution LiDAR and camera in targetless scenes.

livox_camera_calib livox_camera_calib is a robust, high accuracy extrinsic calibration tool between high resolution LiDAR (e.g. Livox) and camera in t

HKU-Mars-Lab 231 Dec 7, 2021
Automatic differentiation with weighted finite-state transducers.

GTN: Automatic Differentiation with WFSTs Quickstart | Installation | Documentation What is GTN? GTN is a framework for automatic differentiation with

null 56 Nov 30, 2021
Weather clock with automatic time synchronization

Clock with weather and automatic time synchronization Features Display The numbers are written in a font similar to handwritten; The change of numbers

Anton Petrusevich 3 Sep 14, 2021
🎻 Automatic Exploit Generation using symbolic execution

S2E Library This repository contains all the necessary components to build libs2e.so. This shared library is preloaded in QEMU to enable symbolic exec

ᴀᴇꜱᴏᴘʜᴏʀ 15 Nov 29, 2021
A Semi Automatic Chessboard Corner Extraction Class

This program realizes semi-automatic chessboard corner extraction, the interface is simple, and the accuracy of corner extraction is guaranteed.

null 1 Oct 6, 2021
Automatic plant growing and monitoring system using Arduino

Plant Automatic Growing and Monitoring System Roadmap Read sensors Ambient Temperature Ambient Moisture Ambient Light Soil Moisture LCD with custom ch

Diego Santos Seabra 1 Oct 7, 2021
Automatic adds AFIX instructions for hydrogen atoms to SHELX input file based on geometry and residual desity

autoHFIX Adds AFIX instructions for hydrogen atoms to SHELX input files based on geometry and residual desity automatically Usage: autoHFIX.exe [-opti

Christian Hübschle 2 Oct 7, 2021
Code for our ECE445/ME470 design: Wireless Charging Table with Automatic Alignment

Qi Wireless Charging Table with Automatic Alignment Code for ECE445/ME470 Senior Design Project SP21 at ZJUI. Team 24: Kaiwen Cao, Tianyi Han, Tingkai

Zikai Liu 1 Oct 22, 2021
Skrull is a malware DRM, that prevents Automatic Sample Submission by AV/EDR and Signature Scanning from Kernel.

Skrull is a malware DRM, that prevents Automatic Sample Submission by AV/EDR and Signature Scanning from Kernel. It generates launchers that can run malware on the victim using the Process Ghosting technique. Also, launchers are totally anti-copy and naturally broken when got submitted.

Sheng-Hao Ma 269 Dec 4, 2021
automatic fish feeder source code

fishsrv automatic fish feeder. features: uses easily available hardware (espxx, 40x20mm servo, 3d printed assembly) accurate (encoder-based servo will

William Teder 1 Nov 7, 2021
A smart automatic pet feeder based on OM2M

?? A Smart Automatic Pet Feeder Based on OM2M WEB ?? Pet ?? Core functions At present, the system can automatically generate text boxes, drop-down box

newdragon 2 Nov 12, 2021
KDevelop plugin for automatic time tracking and metrics generated from your programming activity.

Wakatime KDevelop Plugin Installation instructions Make sure the project is configured to install to the directory of your choice: In KDevelop, select

snotr 6 Oct 13, 2021