In English

LO! LLVM Obfuscator

An LLVM obfuscator for binary patch generation

FRANCISCO BLAS IZQUIERDO RIERA
Göteborg : Chalmers tekniska högskola, 2014. 217 s.
[Examensarbete på avancerad nivå]

As part of this Master’s Thesis some patches to LLVM have been written allowing the application of obfuscation techniques to the LLVM IR. These patches allow both obfuscation and polymorphism which results in code that is both hard to read and different from previous versions. This, makes finding the real changes made between versions harder for the attacker.

The techniques are applied using a function attribute as the seed for the CPRNGs used by the transformations as a source of entropy. As a result it is possible to mark the functions that should be obfuscated in the prototypes allowing the developer to create binaries with the desired amount of changes and a sufficiently large amount of functions that are hard to read and (if the seed is changed) different from previous versions.

In this Master’s Thesis the possible ways in which the applied techniques can be “reversed” have been evaluated to be able to compare the resulting code. For this to succeed a transformation able to obtain LLVM IR from the resulting binary code is necessary, this was not done as part of this work.



Publikationen registrerades 2015-01-22. Den ändrades senast 2015-01-22

CPL ID: 211348

Detta är en tjänst från Chalmers bibliotek