Installation

R1kk3r edited this page Jun 29, 2017 · 19 revisions

You will find here some informations on how to get, build and use our project.

Getting the sources and building

We maintain several branches: the one named llvm-4.0 is the latest official (i.e., non-dev) version and is based on the latest version 4.0.1 released by the LLVM team. Older branches are also available: llvm-3.3, llvm-3.4, llvm-3.5, llvm-3.6.1

At the moment, all our obfuscation transforms have been ported in all branches.

To get the latest version of the LLVM branch, you can use the following commands:

$ git clone -b llvm-4.0 https://github.com/obfuscator-llvm/obfuscator.git
$ mkdir build
$ cd build
$ cmake -DCMAKE_BUILD_TYPE=Release ../obfuscator/
$ make -j7

Older branches can be accordingly be cloned.

When the build is finished, you should have all the binaries in build/bin. Note that this source tree contain LLVM and Clang.

How to use it

The simplest way to use Obfuscator-LLVM, is to pass a flag to the LLVM backend from Clang. The current available flags are :

  1. -fla for the control flow flattening pass
  2. -sub for the instruction substitution pass
  3. -bcf for the bogus control flow pass

For annotations, see Functions annotations.

Imagine that you have a code file named test.c and that you want to use the substitution pass; just call clang like that :

$ path_to_the/build/bin/clang test.c -o test -mllvm -sub

Of course, you can call more than one pass at a time (e.g flattening and substitutions) :

$ path_to_the/build/bin/clang test.c -o test -mllvm -sub -mllvm -fla

If you have a project using the 'autotools' and you want to compile it with obfuscation, you can do that :

$ CC=path_to_the/build/bin/clang
$ CFLAGS+="-mllvm -fla" or CXXFLAGS+="-mllvm -fla" (or any other obfuscation-related flags)
$ ./configure
$ make

If you have questions, don't hesitate to [contact](How to Contribute) us.

Integration into Xcode

To use o-llvm within Xcode, you have to write a Xcode plugin.

This tutorial is based on this one. It was tested with Xcode 8.2.


$ cd /Applications/Xcode.app/Contents/PlugIns/Xcode3Core.ideplugin/Contents/SharedSupport/Developer/Library/Xcode/Plug-ins/
$ sudo cp -r Clang\ LLVM\ 1.0.xcplugin/ Obfuscator.xcplugin
$ cd Obfuscator.xcplugin/Contents/
$ sudo plutil -convert xml1 Info.plist
$ sudo vim Info.plist

Change:

<string>com.apple.compilers.clang</string> -> <string>com.apple.compilers.obfuscator</string>
<string>Clang LLVM 1.0 Compiler Xcode Plug-in</string> -> <string>Obfuscator Xcode Plug-in</string>

Then:

$ sudo plutil -convert binary1 Info.plist
$ cd Resources/
$ sudo mv Clang\ LLVM\ 1.0.xcspec Obfuscator.xcspec
$ sudo vim Obfuscator.xcspec

Change:

<key>Description</key>
<string>Apple LLVM 8.0 compiler</string> -> <string>Obfuscator 4.0 compiler</string>
<key>ExecPath</key>
<string>clang</string> -> <string>/path/to/obfuscator_bin/clang</string>
<key>Identifier</key>
<string>com.apple.compilers.llvm.clang.1_0</string> -> <string>com.apple.compilers.llvm.obfuscator.4_0</string>
<key>Name</key>
<string>Apple LLVM 8.0</string> -> <string>Obfuscator 4.0</string>
<key>Vendor</key>
<string>Apple</string> -> <string>HEIG-VD</string>
<key>Version</key>
<string>7.0</string> -> <string>4.0</string>

Then:

$ cd English.lproj/
$ sudo mv Apple\ LLVM\ 5.1.strings "Obfuscator 3.4.strings"
$ sudo plutil -convert xml1 Obfuscator\ 3.4.strings
$ sudo vim Obfuscator\ 3.4.strings 

Change:

<key>Description</key>
<string>Apple LLVM 8.0 compiler</string> -> <string>Obfuscator 4.0 compiler</string>
<key>Name</key>
<string>Apple LLVM 8.0</string> -> <string>Obfuscator 4.0</string>
<key>Vendor</key>
<string>Apple</string> -> <string>HEIG-VD</string>
<key>Version</key>
<string>7.0</string> -> <string>4.0</string>

Then:

$ sudo plutil -convert binary1 Obfuscator\ 3.4.strings

Now, you can open Xcode and set the new compiler in your project settings:

Xcode build settings

And you can add your obfuscation flags to the CXXFLAGS or CFLAGS like that:

Xcode build settings

You can’t perform that action at this time.
You signed in with another tab or window. Reload to refresh your session. You signed out in another tab or window. Reload to refresh your session.
Press h to open a hovercard with more details.