Skip to content

Latest commit

 

History

History
48 lines (44 loc) · 1.09 KB

LLVM_Obfuscation.md

File metadata and controls

48 lines (44 loc) · 1.09 KB
Raw

LLVM_OBF

  • 控制流平坦化
    增加分发块
    while + switch
    • 逃逸变量
    • PHI

      stack中

  • 虚假控制流
    克隆、构造
    • 不可达
    • 不透明谓词
  • 随机控制流
    克隆后,用随机跳转,clone功能相同
  • 常量替代
    • 线性运算
    • 按位运算

指令替代

  • ADD a + b
    • addNeg

      a = b - ( -c )

    • addDoubleNeg

      a = -( -b + ( -c ))

    • addRand

      r = rand(); a = b + r; a = a + c; a = a - r

    • addRand2

      r = rand(); a = b - r; a = a + b; a = a + r

  • SUB
  • AND a = b & c
    • andSubstitute

      a = ( b ^ ~c ) & b

    • andSubstituteRand

      a = ~ ( ~b | ~c) & ( r | ~r )

  • OR a = b | c
    • orSubstitute

      a = ( b & c ) | ( b ^ c )

    • orSubstituteRand

      a = ~ ( ~b & ~c) & ( r | ~r )

  • XOR a = b ^ c
    • xorSubstitute

      a = ( ~a & b ) | ( a & ~b )

    • xorSubstituteRand

      a = ( b ^ r ) ^ ( c ^ r )
      a = ( ~b & r | b & ~r ) ^ ( ~c & r | c & ~r )

单边看中间,双边相同and不同or,xor全对称