/movfuscator

Permalink
Find file
movfuscator/post/xor.py
28a6b4c Sep 25, 2015
Raw Blame History
55 lines (42 sloc) 1.61 KB
# The XORfuscator post-processor - translates M/o/Vfuscated C into only
# xor instructions.
# This is a post-processing routine that can be run on assembly output from the
# M/o/Vfuscator. It converts the M/o/Vfuscator's mov instructions into an
# alternative set of minimalistic instructions.
# To use:
# movcc example.c -S
# python this.py example.s
# as --32 example.s -o example.o
# movcc example.o
# Note that the final linking step above will add the M/o/Vfuscator crt
# libraries; you may wish to run these libraries through this same script, to
# ensure the entire executable is converted. See the M/o/Vfuscator build script
# for an example of building the crt libraries.
import sys
with open(sys.argv[1]) as f:
asm = f.readlines()
asm = [l.replace('ebx', 'esi') for l in asm]
with open(sys.argv[1], 'w') as f:
for l in asm:
if l.startswith("mov"):
f.write("#xor> " + l)
tok = l.find(",", l.find(")"))
if tok == -1:
tok = l.find(",")
source = l[l.index(" "):tok].strip()
dest = l[tok+1:].strip()
if l.startswith("movb"):
s = "b"
reg = "%bl"
elif l.startswith("movw"):
s = "w"
reg = "%bx"
elif l.startswith("movl"):
s = "l"
reg = "%ebx"
f.write("xor%s %s, %s\n" % (s, reg, reg))
f.write("xor%s %s, %s\n" % (s, source, reg))
f.write("xor%s %s, %s\n" % (s, dest, reg))
f.write("xor%s %s, %s\n" % (s, reg, dest))
else:
f.write(l)