diff --git a/llvm/lib/Transforms/Obfuscation/BogusControlFlow.cpp b/llvm/lib/Transforms/Obfuscation/BogusControlFlow.cpp index 841fdd1e6..7494541e8 100644 --- a/llvm/lib/Transforms/Obfuscation/BogusControlFlow.cpp +++ b/llvm/lib/Transforms/Obfuscation/BogusControlFlow.cpp @@ -1,3 +1,4 @@ +#include "llvm/IR/IRBuilder.h" #include "llvm/Transforms/Obfuscation/BogusControlFlow.h" #include "llvm/Transforms/Utils/Cloning.h" #include "llvm/Transforms/Utils/ValueMapper.h" @@ -35,21 +36,22 @@ BasicBlock *cloneBasicBlock(BasicBlock *BB) { Value *createBogusCmp(BasicBlock *insertAfter) { // if((y < 10 || x * (x + 1) % 2 == 0)) - // 等价于 if(true) Module *M = insertAfter->getModule(); LLVMContext &context = M->getContext(); GlobalVariable *xptr = new GlobalVariable(*M, Type::getInt32Ty(context), false, GlobalValue::CommonLinkage, ConstantInt::get(Type::getInt32Ty(context), 0), "x"); GlobalVariable *yptr = new GlobalVariable(*M, Type::getInt32Ty(context), false, GlobalValue::CommonLinkage, ConstantInt::get(Type::getInt32Ty(context), 0), "y"); - LoadInst *x = new LoadInst(Type::getInt32Ty(context), xptr, "", insertAfter); - LoadInst *y = new LoadInst(Type::getInt32Ty(context), yptr, "", insertAfter); - ICmpInst *cond1 = new ICmpInst(*insertAfter, CmpInst::ICMP_SLT, y, ConstantInt::get(Type::getInt32Ty(context), 10)); - BinaryOperator *op1 = BinaryOperator::CreateAdd(x, ConstantInt::get(Type::getInt32Ty(context), 1), "", insertAfter); - BinaryOperator *op2 = BinaryOperator::CreateMul(op1, x, "", insertAfter); - BinaryOperator *op3 = - BinaryOperator::CreateURem(op2, ConstantInt::get(Type::getInt32Ty(context), 2), "", insertAfter); - ICmpInst *cond2 = new ICmpInst(*insertAfter, CmpInst::ICMP_EQ, op3, ConstantInt::get(Type::getInt32Ty(context), 0)); + + IRBuilder<> builder(context); + builder.SetInsertPoint(insertAfter); + LoadInst *x = builder.CreateLoad(Type::getInt32Ty(context), xptr); + LoadInst *y = builder.CreateLoad(Type::getInt32Ty(context), yptr); + Value *cond1 = builder.CreateICmpSLT(y, ConstantInt::get(Type::getInt32Ty(context), 10)); + Value *op1 = builder.CreateAdd(x, ConstantInt::get(Type::getInt32Ty(context), 1)); + Value *op2 = builder.CreateMul(op1, x); + Value *op3 = builder.CreateURem(op2, ConstantInt::get(Type::getInt32Ty(context), 2)); + Value *cond2 = builder.CreateICmpEQ(op3, ConstantInt::get(Type::getInt32Ty(context), 0)); return BinaryOperator::CreateOr(cond1, cond2, "", insertAfter); } diff --git a/llvm/lib/Transforms/Obfuscation/IndirectCall.cpp b/llvm/lib/Transforms/Obfuscation/IndirectCall.cpp index 84c04c5ff..975becc81 100644 --- a/llvm/lib/Transforms/Obfuscation/IndirectCall.cpp +++ b/llvm/lib/Transforms/Obfuscation/IndirectCall.cpp @@ -16,7 +16,7 @@ PreservedAnalyses Pluto::IndirectCall::run(Module &M, ModuleAnalysisManager &AM) std::vector functions; for (Function &F : M) { - if (F.size()) { + if (F.size() && !F.hasLinkOnceLinkage()) { functions.push_back(&F); } } diff --git a/llvm/lib/Transforms/Obfuscation/MBAObfuscation.cpp b/llvm/lib/Transforms/Obfuscation/MBAObfuscation.cpp index 3e06c503f..e6aa4c910 100644 --- a/llvm/lib/Transforms/Obfuscation/MBAObfuscation.cpp +++ b/llvm/lib/Transforms/Obfuscation/MBAObfuscation.cpp @@ -52,6 +52,7 @@ void Pluto::MbaObfuscation::substituteConstant(Instruction *I, int i) { int64_t *coeffs = generateLinearMBA(NUM_COEFFS); coeffs[14] -= val->getValue().getZExtValue(); Value *mbaExpr = insertLinearMBA(coeffs, I); + delete[] coeffs; if (val->getBitWidth() <= 32) { mbaExpr = insertPolynomialMBA(mbaExpr, I); } @@ -92,30 +93,40 @@ Value *Pluto::MbaObfuscation::substituteAdd(BinaryOperator *BI) { int64_t *coeffs = generateLinearMBA(NUM_COEFFS); coeffs[2] += 1; coeffs[4] += 1; - return insertLinearMBA(coeffs, BI); + Value *mbaExpr = insertLinearMBA(coeffs, BI); + delete[] coeffs; + return mbaExpr; } Value *Pluto::MbaObfuscation::substituteSub(BinaryOperator *BI) { int64_t *coeffs = generateLinearMBA(NUM_COEFFS); coeffs[2] += 1; coeffs[4] -= 1; - return insertLinearMBA(coeffs, BI); + Value *mbaExpr = insertLinearMBA(coeffs, BI); + delete[] coeffs; + return mbaExpr; } Value *Pluto::MbaObfuscation::substituteXor(BinaryOperator *BI) { int64_t *coeffs = generateLinearMBA(NUM_COEFFS); coeffs[5] += 1; - return insertLinearMBA(coeffs, BI); + Value *mbaExpr = insertLinearMBA(coeffs, BI); + delete[] coeffs; + return mbaExpr; } Value *Pluto::MbaObfuscation::substituteAnd(BinaryOperator *BI) { int64_t *coeffs = generateLinearMBA(NUM_COEFFS); coeffs[0] += 1; - return insertLinearMBA(coeffs, BI); + Value *mbaExpr = insertLinearMBA(coeffs, BI); + delete[] coeffs; + return mbaExpr; } Value *Pluto::MbaObfuscation::substituteOr(BinaryOperator *BI) { int64_t *coeffs = generateLinearMBA(NUM_COEFFS); coeffs[6] += 1; - return insertLinearMBA(coeffs, BI); + Value *mbaExpr = insertLinearMBA(coeffs, BI); + delete[] coeffs; + return mbaExpr; } \ No newline at end of file diff --git a/llvm/lib/Transforms/Obfuscation/MBAUtils.cpp b/llvm/lib/Transforms/Obfuscation/MBAUtils.cpp index 35e05ee97..5370044d4 100644 --- a/llvm/lib/Transforms/Obfuscation/MBAUtils.cpp +++ b/llvm/lib/Transforms/Obfuscation/MBAUtils.cpp @@ -35,7 +35,7 @@ static int8_t truthTables[15][4] = { int64_t *MBAUtils::generateLinearMBA(int numExprs) { #ifdef USE_CACHE static std::queue cached_coeffs; - if (cached_coeffs.size() && cryptoutils->get_range(100) < 80) { + if (cached_coeffs.size() >= 200) { int64_t *coeffs = cached_coeffs.front(); cached_coeffs.pop(); int64_t *coeffs_copy = new int64_t[15]; diff --git a/llvm/lib/Transforms/Obfuscation/Pipeline.cpp b/llvm/lib/Transforms/Obfuscation/Pipeline.cpp index 803bc6751..309d5e107 100644 --- a/llvm/lib/Transforms/Obfuscation/Pipeline.cpp +++ b/llvm/lib/Transforms/Obfuscation/Pipeline.cpp @@ -23,7 +23,11 @@ ModulePassManager buildObfuscationPipeline() { ModulePassManager MPM; FunctionPassManager FPM; for (auto pass : Passes) { - if (pass == "fla") { + if (pass == "hlw") { + FPM.addPass(HelloWorld()); + } else if (pass == "idc") { + MPM.addPass(IndirectCall()); + } else if (pass == "fla") { FPM.addPass(LowerSwitchWrapper()); FPM.addPass(Flattening()); } else if (pass == "sub") { diff --git a/tests/test-json.sh b/tests/test-json.sh index 91a3409c7..24503f5c2 100755 --- a/tests/test-json.sh +++ b/tests/test-json.sh @@ -1,5 +1,5 @@ CXX=`pwd`/install/bin/clang++ -CXX_FLAGS="-flto -fuse-ld=lld -mllvm -passes=mba,sub,fla -Xlinker -mllvm -Xlinker -passes=idc -Wno-unused-command-line-argument" +CXX_FLAGS="-O0 -flto -fuse-ld=lld -mllvm -passes=mba,sub,fla -Wno-unused-command-line-argument" cd tests/json rm -rf build diff --git a/tests/test-openssl.sh b/tests/test-openssl.sh index ec9e03b54..5fcbc8b66 100755 --- a/tests/test-openssl.sh +++ b/tests/test-openssl.sh @@ -1,3 +1,4 @@ cd tests/openssl -CC=../../install/bin/clang CFLAGS="-flto -fuse-ld=lld -mllvm -passes=mba,sub,bcf,fla -Xlinker -mllvm -Xlinker -passes=idc -Wno-unused-command-line-argument" ./Configure -make -j`nproc` tests \ No newline at end of file +CC=../../install/bin/clang CFLAGS="-O0 -mllvm -passes=mba,sub,idc,fla,bcf" ./Configure +make clean +make -j8 tests \ No newline at end of file