search

meme / hellscape

GIMPLE obfuscator for C, C++, Go, ... all supported GCC targets and front-ends that use GIMPLE.
GNU General Public License v3.0
390 stars 34 forks source link

Add function selectors #10

Closed liufengwenyu closed 4 years ago

liufengwenyu commented 4 years ago

Hi,I found a way to select functions by attributes. New files: Utils.h and Utils.cpp Utils.h

#pragma once

#include <gcc-plugin.h>
#include <basic-block.h>
#include <tree.h>
#include <function.h>
#include <iostream>

bool toObfuscate(bool flag, function *f, std::string attribute);

Utils.cpp

#include "Utils.h"
#include <stringpool.h>
#include <attribs.h>

using namespace std;

bool toObfuscate(bool flag, function *f, string attribute)
{
    /* skip declaration*/
    //return false;

    /*skip external linkage*/
    //return false;

    /*skip some functions that cannot currently be handled */
    //return false;

    /*check attribute*/
    std::string attr = attribute;
    std::string attrNo = "no" + attr;

    tree attri = DECL_ATTRIBUTES(f->decl);
    if(attri)
    {
        tree q = lookup_attribute("obfus", attri);
        if(q)
        {
            tree qq = q;
            while(qq)
            {
                std::string name = TREE_STRING_POINTER (TREE_VALUE(TREE_VALUE(qq)));
                if(!name.empty())
                {
                    if(name.find(attrNo) != string::npos)
                    {
                        std::cerr << "in " << function_name(f) <<" find " << name << "\n";
                        return false;
                    }

                    if(name.find(attr) != string::npos)
                    {
                        std::cerr << "in " << function_name(f) <<" find " << name << "\n";
                        return true;
                    }

                }
                qq = TREE_CHAIN (qq);
            }
        }
    }
    if (flag == true) {
        return true;
    } 
    return false;
}

Then modify the PluginManager.cpp:

static tree
handle_obfus_attribute (tree *node, tree name, tree args, int flags, bool *no_add_attrs)
{
    return NULL_TREE;
}

/* Attribute definition */

static struct attribute_spec fla_attr =
{ "obfus", 1, 1, false,  false, false, false, handle_obfus_attribute, NULL};

/* Plugin callback called during attribute registration */

static void 
register_attributes (void *event_data, void *data) 
{
    register_attribute (&fla_attr);
}

register it: register_callback (info->base_name, PLUGIN_ATTRIBUTES, register_attributes, NULL);

finally, write one demo:

__attribute__((obfus("nofla"))) char* hello( char *list, const char *oid, size_t len )
{
    while( list != NULL )
    {
        if(memcmp( list, oid, len ) == 0 )
        {
            break;
        }

        list = (char *)TEST_P;
    }

    return( list );
}

__attribute__((obfus("nobcf"))) __attribute__((obfus("fla"))) void make_kn(unsigned char *k1, const unsigned char *l, int bl)
{
    int i;
    unsigned char c = l[0], carry = c >> 7, cnext;
    for (i = 0; i < bl - 1; i++, c = cnext)
        k1[i] = (c << 1) | ((cnext = l[i + 1]) >> 7);

    k1[i] = (c << 1) ^ ((0 - carry) & (bl == 16 ? 0x87 : 0x1b));
}

the log:

in hello find nofla
in make_kn find nobcf
in make_kn find fla
meme commented 4 years ago

Hey, could you make a PR with these changes and we'll discuss them there? Thanks