An automation tool to generate, obfuscate, compile and run symbolic execution on c source files
- Generate sample c source code with activation codes and passwords based authentication using Tigress
- Compile c source files with different optimization levels using GCC and run it
- Compile c source files to bytecodes using Clang
- Run symbolic execution using Angr and Klee
- Generate analysis report of symbolic execution and run time
Install Docker and follow the commands
$ mkdir workspace
$ cd workspace
$ mkdir out
$ docker run -v $(pwd):/home/argon/workspace -ti --name=argon elm3nt/argon
$ cd ~/workspace
Above command downloads Argon image - elm3nt/argon from Docker Hub. Then it mounts workspace directory created in host machine to the container's home directory. This helps to easly access benchmark and test results files from host machine. For argon command line help refer to cli README.
Generate sample c source file using Tigress randomFunc option. You can provide either activation codes or passwords or both for authentication function.
Syntax
$ argon generate -o [output c file path] -c [code] -p [password]
Note: Please make sure you specify filename with c extension in output path
Example
$ argon generate -o out/code.c -c 18
$ argon generate -o out/password.c -p secret
$ argon generate -o out/codepass.c -c 18 -p secret
Obfuscate generated c source file with Tigress transformations (Abstract, Control flow, Data and Virtualization). Use short code of each transformations. For e.g. A, C, D, V or any combinations of short codes such as AC, ADC, DACV.
Note: Make sure you use generated c source file from generate command. Your custom c source file might not work.
Syntax
$ argon obfuscate -i [input C file path] -o [output directory path] -nv [number of variants] -ol [obfuscation list]
Example
$ argon obfuscate -i out/codepass.c -o out/obs -nv 5 -ol A AC ADC DACV
It takes input as c source file(s). You can provide single c source file path. Or if you provide directory path, it will recursively search for c source files in that direcotry. Then these c source files are compiled using GCC with provided optimiazation levels 0, 1, 2, 3, s, fast in the options. The analysis report is saved in analysis.csv file of output path.
Syntax to compile and execute c source file
$ argon run -i [input C file/dir path] -o [output directory path] -ol {0|1|2|3|s|fast} -c [code] -p [password]
Example
$ argon run -i out/codepass.c -o out/out-code -ol 0 1 -c 18
$ argon run -i out/codepass.c -o out/out-codepass -ol 0 1 2 3 s fast -c 18 -p secret
Analysis report
| File | File size (in bytes) | GCC optimization level | Time taken to run (in secs) | Path |
|---|---|---|---|---|
| sample_o0.out | 12824 | 0 | 0.001 | /home/argon/workspace/out/out-sample/sample/sample_o0.out |
| sample_o1.out | 8680 | 1 | 0.001 | /home/argon/workspace/out/out-sample/sample/sample_o1.out |
| sample_o2.out | 8680 | 2 | 0.001 | /home/argon/workspace/out/out-sample/sample/sample_o2.out |
| sample_o3.out | 8680 | 3 | 0.003 | /home/argon/workspace/out/out-sample/sample/sample_o3.out |
| sample_os.out | 8728 | s | 0.001 | /home/argon/workspace/out/out-sample/sample/sample_os.out |
| sample_ofast.out | 10160 | fast | 0.001 | /home/argon/workspace/out/out-sample/sample/sample_ofast.out |
Generate symbolic execution analysis report of c source files using Klee or Angr or both. It takes input as c source file(s). You can provide single c source file path. Or if you provide directory path, it will recursively search for c source files in that direcotry. The analysis report is saved in analysis.csv file of output path.
- A c source file must have either c
argsbased authentication or c standard stdin (e.g.scanf) based authentication or both - If source program has c
argsbased authentication, the command requires number of arguments and length of argument to perform symbolic execution - Similarly if source program has c
stdinbased authentication, number of standard inputs and length of standard input is required - If source file has both
argsandstdinbased authentication provide both of them - If you want validate whether symbolic execution tools cracked activation codes and passwords correctly, provide activation codes and passwords at the command
Angrcan run symbolic execution both forcsource file and executable file with.out.exeextensions
Syntax
$ argon (angr|klee|all) -i [input C file/dir path] -o [output directory path] -na [number of arguments] -la [length of argument] -ni [number of inputs] -li [length of input] -c [authentication codes] -p [authentication passwords]
Example
$ argon angr -i out/password.c -o out/out-angr-password -ni 1 -li 6 # Does not verify password after running symbolic execution
$ argon klee -i out/obs/codepass/AC -o out/out-klee-ac -na 1 -la 2 -ni 1 -li 6 -c 18 -p secret # Varifies activation codes and password after running symbolic execution
Run symbolic execution using Angr, Klee and notes execution time as well
$ argon all -i out/obs/codepass/A -o out/out-all-a -na 1 -la 2 -ni 1 -li 8 -c 18 -p secret
Analysis report
| File | File size (in bytes) | Time taken to run (in secs) | Time taken by Angr (in secs) | Time taken by Klee (in secs) | Codes | Is code cracked by Angr? | Codes generated by Angr | Is code cracked by Klee? | Codes generated by Klee | Passwords | Is password cracked by Angr | Passwords generated by Angr | Is password cracked by Klee | Passwords generated by Klee | Path |
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| ADC3.c | 224581 | 0.001 | 208.235517 | 12.7 | 18 | True | ... | True | ... | secret | True | ... | True | ... | /home/argon/workspace/out/obs/codepass/ADC/ADC3.c |
| ADC4.c | 198516 | 0.001 | 204.615799 | 14.76 | 18 | True | ... | True | ... | secret | True | ... | True | ... | /home/argon/workspace/out/obs/codepass/ADC/ADC4.c |
| ADC1.c | 203457 | 0.001 | 211.010781 | 13.14 | 18 | True | ... | True | ... | secret | True | ... | True | ... | /home/argon/workspace/out/obs/codepass/ADC/ADC1.c |
| ADC5.c | 208637 | 0.001 | 207.245102 | 13.69 | 18 | True | ... | True | ... | secret | True | ... | True | ... | /home/argon/workspace/out/obs/codepass/ADC/ADC5.c |
| ADC2.c | 203481 | 0.001 | 199.579206 | 12.35 | 18 | True | ... | True | ... | secret | True | ... | True | ... | /home/argon/workspace/out/obs/codepass/ADC/ADC2.c |
This source code is released under the MIT License