/raindrop

This is the home of the raindrop obfuscator. It transforms program functions into obfuscated ROP chains that coexist seamlessly with the surrounding software stack and can withstand popular static and dynamic deobfuscation approaches.

GNU General Public License v2.0GPL-2.0

raindrop

This is the home of the raindrop obfuscator. It transforms program functions into obfuscated ROP chains that coexist seamlessly with the surrounding software stack and can withstand popular static and dynamic deobfuscation approaches.

raindrop takes as input an ELF binary and obfuscates one or more user-defined functions, introducing different ROP-based obfuscations.

This is the high-level workflow:



The design behind raindrop is described in Hiding in the Particles: When Return-Oriented Programming Meets Program Obfuscation which has appeared in the DSN 2021 conference.

Access

We grant access to the tool and its code for research purposes. Please send an email to borrello@diag.uniroma1.it with the subject [raindrop] code access and specify in the body your name, your affiliation, and your GITLAB username, so we can grant you access to a private repository that we use for the project. We will keep your data confidential.

Cite

@inproceedings{raindrop,
    author={Borrello, Pietro and Coppa, Emilio and D’Elia, Daniele Cono},
    booktitle={2021 51st Annual IEEE/IFIP International Conference on Dependable Systems and Networks (DSN)}, 
    title={Hiding in the Particles: When Return-Oriented Programming Meets Program Obfuscation}, 
    year={2021},
    publisher = {IEEE},
    location = {Virtual Event},
    pages={555-568},
    doi={10.1109/DSN48987.2021.00064}}
}