LO! LLVM Obfuscator
Ladda ner
Typ
Examensarbete för masterexamen
Master Thesis
Master Thesis
Program
Computer systems and networks (MPCSN), MSc
Publicerad
2014
Författare
RIERA, FRANCISCO BLAS IZQUIERDO
Modellbyggare
Tidskriftstitel
ISSN
Volymtitel
Utgivare
Sammanfattning
As part of this Master’s Thesis some patches to LLVM have been written allowing the application of obfuscation techniques to the LLVM IR. These patches allow both obfuscation and polymorphism which results in code that is both hard to read and different from previous versions. This, makes finding the real changes made between versions harder for the attacker. The techniques are applied using a function attribute as the seed for the CPRNGs used by the transformations as a source of entropy. As a result it is possible to mark the functions that should be obfuscated in the prototypes allowing the developer to create binaries with the desired amount of changes and a sufficiently large amount of functions that are hard to read and (if the seed is changed) different from previous versions. In this Master’s Thesis the possible ways in which the applied techniques can be “reversed” have been evaluated to be able to compare the resulting code. For this to succeed a transformation able to obtain LLVM IR from the resulting binary code is necessary, this was not done as part of this work.
Beskrivning
Ämne/nyckelord
Informations- och kommunikationsteknik , Data- och informationsvetenskap , Data- och systemvetenskap , Information & Communication Technology , Computer and Information Science , Computer and systems science