/// <summary>
/// Function to make a Conditional Jump out of a Nop.
/// </summary>
/// <param name="ins">The nop we want to work on.</param>
private static void GenerateConditionalJump(Instruction ins)
{
/*
* Before doing anything, we have to split the basic block holding this
* instruction, so we can make a conditional jump at the end of the
* new basic block, unless it is already the last instruction.
*/
if (!ins.Equals(ins.parent.Instructions.Last()))
{
ins.parent.SplitAfterInstruction(ins);
}
// We create a jump target.
BasicBlock jumptarget = new BasicBlock(ins.parent.parent);
// We make a random conditional jump here, which has to be always false.
MakeInstruction.RandomConditionalJump(ins, Instruction.ConditionType.AlwaysFalse, jumptarget);
//We expand the Fake Route as we did during meshing
Meshing.ExpandFakeRoute(jumptarget, ins.parent.getSuccessors.Last(), true);
}
private static void Obfuscation(Routine routine)
{
Logging.WriteComplexityMetrics(routine, "Original");
//Checking whether the functions have either "division" or "modulo" operations
//If they do, fake instructions with original variables should be inserted only before the return
//to avoid problems with the these operations
foreach (Function func in routine.Functions)
{
func.CheckDivisionModulo();
}
//Creating fake input parameters in all functions
FakeParameters.CreateFakeParameters(routine);
//Checking for Multiple Obfuscation
for (int i = 0; i < Convert.ToInt32(ConfigurationManager.AppSettings["MultipleRuns"]); i++)
{
//Creating fake variables
foreach (Function func in routine.Functions)
{
for (int j = 0; j < (Common.PercentageFakeVars * func.LocalVariables.FindAll(x => !x.fake).Count) / 100; j++)
{
func.LocalVariables.Add(new Variable(Variable.Kind.Local, Variable.Purpose.Fake, Objects.Common.MemoryRegionSize.Integer));
}
}
if (ConfigurationManager.AppSettings["ConstCoverAlgInMultipleRuns"].Split('-')[i].Equals("1"))
{
Console.Write("Step 1: Constants coverage");
ConstCoverage.CoverConstants(routine);
routine.Validate();
PrintSuccess();
Logging.WriteReadableTAC(routine, "CONST");
Logging.DrawCFG(routine, "CONST");
}
if (ConfigurationManager.AppSettings["UncMeshingAlgInMultipleRuns"].Split('-')[i].Equals("1"))
{
Console.Write("Step 2: Meshing unconditional jumps");
Meshing.MeshUnconditionals(routine);
routine.Validate();
PrintSuccess();
Logging.WriteReadableTAC(routine, "MeshingUNC");
Logging.DrawCFG(routine, "MeshingUNC");
}
if (ConfigurationManager.AppSettings["CondMeshingAlgInMultipleRuns"].Split('-')[i].Equals("1"))
{
Console.Write("Step 3: Meshing conditional jumps");
Meshing.MeshConditionals(routine);
routine.Validate();
PrintSuccess();
Logging.WriteReadableTAC(routine, "MeshingCOND");
Logging.DrawCFG(routine, "MeshingCOND");
}
Console.Write("Step 4: Generation of fake NOP instructions");
foreach (Function func in routine.Functions)
{
FakeCode.GenerateNoOperations(func);
}
routine.Validate();
PrintSuccess();
Logging.WriteRoutine(routine, "NoOpersGeneration");
Logging.WriteReadableTAC(routine, "FakeNOPs");
Console.Write("Step 5: Partial data analysis");
DataAnalysis.GatherBasicBlockInfo(routine);
PrintSuccess();
if (ConfigurationManager.AppSettings["FakeJumpsAlgInMultipleRuns"].Split('-')[i].Equals("1"))
{
Console.Write("Step 6: Generation of fake conditional jumps from NOPs");
foreach (Function func in routine.Functions)
{
FakeCode.GenerateConditionalJumps(func);
}
Logging.WriteRoutine(routine, "CondJumps");
foreach (Function func in routine.Functions)
{
FakeCode.GenerateNoOperations(func);
}
routine.Validate();
PrintSuccess();
}
Console.Write("Step 7: Complete data analysis");
foreach (Function func in routine.Functions)
{
DataAnalysis.DeadVarsAlgortihm(func);
}
DataAnalysis.GatherBasicBlockInfo(routine);
PrintSuccess();
Console.Write("Step 8: Generation of fake instructions from NOPs");
foreach (Function func in routine.Functions)
{
FakeCode.GenerateFakeInstructions(func);
}
Logging.WriteRoutine(routine, "FakeIns");
Logging.DrawCFG(routine, "CondJumps");
Logging.WriteComplexityMetrics(routine, "Final");
FakeCode.CheckForProblems(routine);
routine.Validate();
PrintSuccess();
Logging.WriteReadableTAC(routine, "FakeInstrFromNOPs");
}
}