Bogus Control Flow
This method modifies a function call graph by adding a basic block before the current basic block. This new basic block contains an opaque predicate and then makes a conditional jump to the original basic block.
The original basic block is also cloned and filled up with junk instructions chosen at random.
-
-mllvm -bcf: activates the bogus control flow pass -
-mllvm -bcf_loop=3: if the pass is activated, applies it 3 times on a function. Default: 1 -
-mllvm -bcf_prob=40: if the pass is activated, a basic bloc will be obfuscated with a probability of 40%. Default: 30
Here is an example: the following C code snippet
#include <stdlib.h>
int main(int argc, char** argv) {
int a = atoi(argv[1]);
if(a == 0)
return 1;
else
return 10;
return 0;
}
translates to the following intermediate representation:
After the bogus controlflow pass, we might obtain the following flow graph :
