open-obfuscator / o-mvll

:electron: O-MVLL is a LLVM-based obfuscator for native code (Android & iOS)
https://obfuscator.re/omvll
Apache License 2.0
617 stars 66 forks source link

Segmentation fault in clang #36

Closed matbrik closed 8 months ago

matbrik commented 8 months ago

I'm trying to build and obfuscate a simple piece of code but clang crashes: omvll dylib: https://github.com/open-obfuscator/o-mvll/releases/tag/1.0.3 Python-3.10.7

utils.c

#include <stdio.h>
#include <sys/types.h>
#include <unistd.h>
#include <sys/sysctl.h>
#include <stdlib.h>

int is_debugger_present(void)
{
    int name[4];
    struct kinfo_proc info;
    size_t info_size = sizeof(info);

    info.kp_proc.p_flag = 0;
    name[0] = CTL_KERN;
    name[1] = KERN_PROC;
    name[2] = KERN_PROC_PID;
    name[3] = getpid();

    if (sysctl(name, 4, &info, &info_size, NULL, 0) == -1) {
        perror("sysctl");
        exit(-1);
    }
    return ((info.kp_proc.p_flag & P_TRACED) != 0);
}

int main(){
    is_debugger_present();
    return 0;
}

config.py

import omvll
import os
from functools import lru_cache

class MyConfig(omvll.ObfuscationConfig):
    def __init__(self):
        super().__init__()

    def flatten_cfg(self, mod: omvll.Module, func: omvll.Function):
        if func.name == "is_debugger_present":
            return True
        return False

@lru_cache(maxsize=1)
def omvll_get_config() -> omvll.ObfuscationConfig:
    """
    Return an instance of `ObfuscationConfig` which
    aims at describing the obfuscation scheme
    """
    return MyConfig()

output:

clang -fpass-plugin=omvll_xcode_14.dylib utils.c -o main
clang: error: unable to execute command: Segmentation fault: 11
clang: error: clang frontend command failed due to signal (use -v to see invocation)
Apple clang version 14.0.3 (clang-1403.0.22.14.1)
Target: arm64-apple-darwin22.6.0
Thread model: posix
InstalledDir: /Applications/Xcode.app/Contents/Developer/Toolchains/XcodeDefault.xctoolchain/usr/bin
clang: note: diagnostic msg: 
********************

PLEASE ATTACH THE FOLLOWING FILES TO THE BUG REPORT:
Preprocessed source(s) and associated run script(s) are located at:
clang: note: diagnostic msg: /var/folders/g_/y9nmb9t11lv5bdyscrcfwlg80000gn/T/utils-c2f326.c
clang: note: diagnostic msg: /var/folders/g_/y9nmb9t11lv5bdyscrcfwlg80000gn/T/utils-c2f326.sh
clang: note: diagnostic msg: Crash backtrace is located in
clang: note: diagnostic msg: /Users/gitlab/Library/Logs/DiagnosticReports/clang_<YYYY-MM-DD-HHMMSS>_<hostname>.crash
clang: note: diagnostic msg: (choose the .crash file that corresponds to your crash)
clang: note: diagnostic msg: 

Attached there is the crashlog of clang

clang-2024-02-28-122142.ips.txt I've also exported OMVLL_CONFIG and OMVLL_PYTHONPATH I've tried it also with XCode 15 and 14

marcobrador commented 8 months ago

Hi @matbrik, Have you tried with -fno-legacy-pass-manager? Thanks, Marc

matbrik commented 8 months ago

yes I've tried also that, the result is identical, also the faulting address "type":"EXC_BAD_ACCESS","signal":"SIGSEGV","subtype":"KERN_INVALID_ADDRESS at 0x000000016d460010"

clang -fpass-plugin=omvll_xcode_14.dylib -fno-legacy-pass-manager utils.c -o main
clang: error: unable to execute command: Segmentation fault: 11
clang: error: clang frontend command failed due to signal (use -v to see invocation)
Apple clang version 14.0.3 (clang-1403.0.22.14.1)
Target: arm64-apple-darwin22.6.0
Thread model: posix
InstalledDir: /Applications/Xcode.app/Contents/Developer/Toolchains/XcodeDefault.xctoolchain/usr/bin
clang: note: diagnostic msg: 
********************

PLEASE ATTACH THE FOLLOWING FILES TO THE BUG REPORT:
Preprocessed source(s) and associated run script(s) are located at:
clang: note: diagnostic msg: /var/folders/g_/y9nmb9t11lv5bdyscrcfwlg80000gn/T/utils-01b9dc.c
clang: note: diagnostic msg: /var/folders/g_/y9nmb9t11lv5bdyscrcfwlg80000gn/T/utils-01b9dc.sh
clang: note: diagnostic msg: Crash backtrace is located in
clang: note: diagnostic msg: /Users/gitlab/Library/Logs/DiagnosticReports/clang_<YYYY-MM-DD-HHMMSS>_<hostname>.crash
clang: note: diagnostic msg: (choose the .crash file that corresponds to your crash)
clang: note: diagnostic msg: 

********************
matbrik commented 8 months ago

it worked using the the clang from the prebuilt dependency package https://open-obfuscator.build38.io/static/omvll-deps-xcode-14_1.tar probably it is a mismatch between toolchains.

marcobrador commented 8 months ago

Thanks for the feedback @matbrik

In theory you would not need to use the prebuild dependency. The distrib package is supposed to work with the xcode / ndk mentioned in the name (for release 1.0.3, it's Xcode 14.1). So as long as you use Xcode's 14.1 clang, it should work.

Which version of Xcode were you using?

matbrik commented 8 months ago

@marcobrador the minimum I managed to test was xcode 14.3.1, due to being on macos 14.x it blocks me from running an older version even betas. Is the documentation on the website up to date for building on a different xcode/clang version?