Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Fix two GlobalsEncryption pass bugs #59

Open
wants to merge 7 commits into
base: main
Choose a base branch
from
Open

Fix two GlobalsEncryption pass bugs #59

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
7 commits
Select commit Hold shift + click to select a range
74fc85e
Fix bug (#1)
mrh929 Dec 17, 2023
a838b89
fix bug: float value is wrongly processed (#2)
mrh929 Dec 17, 2023
09775c2
ignore functions that contain exception handling and phi instructions…
mrh929 Feb 28, 2024
aa75362
Apply llvm flat only on functions whose terminators are br and ret.
mrh929 Feb 28, 2024
bbafdc1
Merge pull request #3 from mrh929/dev
mrh929 Feb 28, 2024
6bb1c37
ignore intdata in GlobalsEncryption(bug)
mrh929 Feb 28, 2024
fcaa2ba
Merge pull request #4 from mrh929/dev
mrh929 Feb 28, 2024
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
29 changes: 29 additions & 0 deletions llvm/lib/Transforms/Obfuscation/Flattening.cpp
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -23,6 +23,17 @@ bool Flattening::runOnFunction(Function &F) {
return false;
}

bool has_unsupported_ir(Function &F){
for (BasicBlock &BB : F) {
for (Instruction &I : BB) {
if (isa<LandingPadInst>(&I) || isa<PHINode>(&I))
return true;
}
}
return false;
}


void Flattening::flatten(Function &F) {
// 基本块数量不超过1则无需平坦化
if (F.size() <= 1) {
Expand All @@ -34,9 +45,27 @@ void Flattening::flatten(Function &F) {
// 将除入口块(第一个基本块)以外的基本块保存到一个 vector
// 容器中,便于后续处理 首先保存所有基本块
vector<BasicBlock *> origBB;

int use_flat = 1;

for (BasicBlock &BB : F) {
origBB.push_back(&BB);

unsigned int op = BB.getTerminator()->getOpcode();
if(op != Instruction::Br && op != Instruction::Ret){
use_flat = 0;
break;
}
}

if(has_unsupported_ir(F)){
use_flat = 0;
}

if(!use_flat){
return;
}

// 从vector中去除第一个基本块
origBB.erase(origBB.begin());
BasicBlock &entryBB = F.getEntryBlock();
Expand Down
23 changes: 15 additions & 8 deletions llvm/lib/Transforms/Obfuscation/GlobalsEncryption.cpp
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -28,19 +28,25 @@ bool GlobalsEncryption::runOnModule(Module &M) {
INIT_CONTEXT(M);
vector<GlobalVariable *> GVs;
for (GlobalVariable &GV : M.getGlobalList()) {
// only process non llvm-generated IRs
if(GV.getName().contains("llvm"))
Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

我们把 Module 内的所有 Globals 筛选出来的时候,没有对全局变量做特判,这会导致有一部分由 llvm 生成的全局变量(这里代称为 llvm-global)也放到列表中来。

其实本来这也没什么问题的,因为后续我们有语句去把这些无关的变量过滤掉。

但是,我们的 appendToGlobalCtors 函数会删除 llvm-global,再添加新的 llvm-global,这会导致之前 vector 中的 llvm-global 变成无意义指针,后续的 pass 在处理变量的时候会 crash 掉,所以我们一开始就不应该把这些变量筛选进来。

所以把有 llvm 字样的所有全局变量忽略掉就好了。

continue;
GVs.push_back(&GV);
}
for (int i = 0; i < ObfuTimes; i++) {
for (GlobalVariable *GV : GVs) {
// Only encrypt globals of integer and array
if (!GV->getValueType()->isIntegerTy() &&
!GV->getValueType()->isArrayTy()) {
continue;
}
if(GV->getValueType()->isArrayTy()){ // the value can be array
ArrayType *ArrTy = dyn_cast<ArrayType>(GV->getValueType());
if(!ArrTy->getElementType()->isIntegerTy()){ // but the array must be integerty
Copy link
Contributor Author

@mrh929 mrh929 Dec 17, 2023
edited
Loading

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

我们对数组变量做筛选的时候,没有判断数组内元素是否为浮点,正好 IR 没办法拿 double、float 来做异或,所以遇到这种数,就需要跳过,不做处理。
如果后续有对浮点的加密方式,需要重新写相关逻辑。

continue;
}
}
else if (!GV->getValueType()->isIntegerTy()){ // or, the value must be integerty
continue;
}

if (GV->hasInitializer() && GV->getInitializer() &&
(GV->getName().contains(".str") || !OnlyStr)
// Do not encrypt globals having a section named "llvm.metadata"
&& !GV->getSection().equals("llvm.metadata")) {
(GV->getName().contains(".str") || !OnlyStr)) {
Constant *initializer = GV->getInitializer();
ConstantInt *intData = dyn_cast<ConstantInt>(initializer);
ConstantDataArray *arrData = dyn_cast<ConstantDataArray>(initializer);
Expand All @@ -61,6 +67,7 @@ bool GlobalsEncryption::runOnModule(Module &M) {
GV->setConstant(false);
insertArrayDecryption(M, {GV, key, eleNum});
} else if (intData) {
continue; // TODO: fix the bug
uint64_t key = cryptoutils->get_uint64_t();
ConstantInt *enc =
CONST(intData->getType(), key ^ intData->getZExtValue());
Expand Down