HikariObfuscator/Hikari

Obfuscator passes not working

Gaganiith opened this issue · 3 comments

Gaganiith commented

Obfuscator passe BCF not working

I was trying to use BCF (BogusControlFlow) obfuscator and Instruction substitution passes on a simple C-code.

  • #include<stdio.h>
    int main(){
    printf("Hello world");
    int x = 4;
    int y = 5*5;
    int z = x*y;
    return 0;
    }
  • I have taken the ll-file corresponding to the above c-code.
  • The passes like function callsite, Flattening and Split Basic Block are working.
  • ./opt -S -bcfobf test.ll --> I m using the following command
  • The error log is as follow -
  • Running BogusControlFlow On main
    Stack dump:
  1. Program arguments: ./opt -S -bcfobf test.ll
    1.Running pass 'Function Pass Manager' on module 'test.ll'.
    2.Running pass 'Enable BogusControlFlow.' on function '@main'
    0 0x000055db8be579e5 llvm::sys::PrintStackTrace(llvm::raw_ostream&) (./opt+0x14259e5)
    1 0x000055db8be56547 llvm::sys::RunSignalHandlers() (./opt+0x1424547)
    2 0x000055db8be56602 SignalHandler(int) (./opt+0x1424602)
    3 0x0000147a9e1e6890 __restore_rt (/lib/x86_64-linux-gnu/libpthread.so.0+0x12890)
    4 0x000055db8be2b7c6 std::mersenne_twister_engine<unsigned long, 64ul, 312ul, 156ul, 31ul, 13043109905998158313ul, 29ul, 6148914691
    236517205ul, 17ul, 8202884508482404352ul, 37ul, 18444473444759240704ul, 43ul, 6364136223846793005ul>::operator()() (./opt+0x13f97c6)
    5 0x000055db8c11b20f llvm::CryptoUtils::get_range(unsigned int, unsigned int) (./opt+0x16e920f)
    6 0x000055db8c11cffc (anonymous namespace)::BogusControlFlow::runOnFunction(llvm::Function&) (./opt+0x16eaffc)
    7 0x000055db8bb8504c llvm::FPPassManager::runOnFunction(llvm::Function&) (./opt+0x115304c)
    8 0x000055db8bb851ae llvm::FPPassManager::runOnModule(llvm::Module&) (./opt+0x11531ae)
    9 0x000055db8bb85659 llvm::legacy::PassManagerImpl::run(llvm::Module&) (./opt+0x1153659)
    10 0x000055db8b07b8e4 main (./opt+0x6498e4)
    11 0x0000147a9ce2fb97 __libc_start_main /build/glibc-OTsEL5/glibc-2.27/csu/../csu/libc-start.c:344:0
    12 0x000055db8b0fd3da _start (./opt+0x6cb3da)
    Segmentation fault (core dumped)
  • Same is the error for ./opt -S -subobf test.ll
Naville commented

Sounds like a issue related to my RNG implementation instead of LLVM. Honestly have no idea about why this would happen though

Gaganiith commented

btw i found a way around.
using the flags (-mllvm -enable-bcfobf) or (-mllvm -enable-subobf) with clang works.

Naville commented

PRNG seeding is done in the wrapper pass. So yeah you can use opt, but you should be using commands like opt -obfus -enable-bcfobf to properly initialize the RNG