Exemplo n.º 1
0
        /// <summary>
        /// Function to make a Conditional Jump out of a Nop.
        /// </summary>
        /// <param name="ins">The nop we want to work on.</param>
        private static void GenerateConditionalJump(Instruction ins)
        {
            /*
             * Before doing anything, we have to split the basic block holding this
             * instruction, so we can make a conditional jump at the end of the
             * new basic block, unless it is already the last instruction.
             */
            if (!ins.Equals(ins.parent.Instructions.Last()))
            {
                ins.parent.SplitAfterInstruction(ins);
            }


            // We create a jump target.
            BasicBlock jumptarget = new BasicBlock(ins.parent.parent);

            // We make a random conditional jump here, which has to be always false.
            MakeInstruction.RandomConditionalJump(ins, Instruction.ConditionType.AlwaysFalse, jumptarget);

            //We expand the Fake Route as we did during meshing
            Meshing.ExpandFakeRoute(jumptarget, ins.parent.getSuccessors.Last(), true);
        }
Exemplo n.º 2
0
        private static void Obfuscation(Routine routine)
        {
            Logging.WriteComplexityMetrics(routine, "Original");

            //Checking whether the functions have either "division" or "modulo" operations
            //If they do, fake instructions with original variables should be inserted only before the return
            //to avoid problems with the these operations
            foreach (Function func in routine.Functions)
            {
                func.CheckDivisionModulo();
            }

            //Creating fake input parameters in all functions
            FakeParameters.CreateFakeParameters(routine);

            //Checking for Multiple Obfuscation
            for (int i = 0; i < Convert.ToInt32(ConfigurationManager.AppSettings["MultipleRuns"]); i++)
            {
                //Creating fake variables
                foreach (Function func in routine.Functions)
                {
                    for (int j = 0; j < (Common.PercentageFakeVars * func.LocalVariables.FindAll(x => !x.fake).Count) / 100; j++)
                    {
                        func.LocalVariables.Add(new Variable(Variable.Kind.Local, Variable.Purpose.Fake, Objects.Common.MemoryRegionSize.Integer));
                    }
                }

                if (ConfigurationManager.AppSettings["ConstCoverAlgInMultipleRuns"].Split('-')[i].Equals("1"))
                {
                    Console.Write("Step 1: Constants coverage");
                    ConstCoverage.CoverConstants(routine);
                    routine.Validate();
                    PrintSuccess();
                    Logging.WriteReadableTAC(routine, "CONST");
                    Logging.DrawCFG(routine, "CONST");
                }

                if (ConfigurationManager.AppSettings["UncMeshingAlgInMultipleRuns"].Split('-')[i].Equals("1"))
                {
                    Console.Write("Step 2: Meshing unconditional jumps");
                    Meshing.MeshUnconditionals(routine);
                    routine.Validate();
                    PrintSuccess();
                    Logging.WriteReadableTAC(routine, "MeshingUNC");
                    Logging.DrawCFG(routine, "MeshingUNC");
                }

                if (ConfigurationManager.AppSettings["CondMeshingAlgInMultipleRuns"].Split('-')[i].Equals("1"))
                {
                    Console.Write("Step 3: Meshing conditional jumps");
                    Meshing.MeshConditionals(routine);
                    routine.Validate();
                    PrintSuccess();
                    Logging.WriteReadableTAC(routine, "MeshingCOND");
                    Logging.DrawCFG(routine, "MeshingCOND");
                }

                Console.Write("Step 4: Generation of fake NOP instructions");
                foreach (Function func in routine.Functions)
                {
                    FakeCode.GenerateNoOperations(func);
                }
                routine.Validate();
                PrintSuccess();
                Logging.WriteRoutine(routine, "NoOpersGeneration");
                Logging.WriteReadableTAC(routine, "FakeNOPs");

                Console.Write("Step 5: Partial data analysis");
                DataAnalysis.GatherBasicBlockInfo(routine);
                PrintSuccess();

                if (ConfigurationManager.AppSettings["FakeJumpsAlgInMultipleRuns"].Split('-')[i].Equals("1"))
                {
                    Console.Write("Step 6: Generation of fake conditional jumps from NOPs");
                    foreach (Function func in routine.Functions)
                    {
                        FakeCode.GenerateConditionalJumps(func);
                    }
                    Logging.WriteRoutine(routine, "CondJumps");
                    foreach (Function func in routine.Functions)
                    {
                        FakeCode.GenerateNoOperations(func);
                    }
                    routine.Validate();
                    PrintSuccess();
                }

                Console.Write("Step 7: Complete data analysis");
                foreach (Function func in routine.Functions)
                {
                    DataAnalysis.DeadVarsAlgortihm(func);
                }
                DataAnalysis.GatherBasicBlockInfo(routine);
                PrintSuccess();


                Console.Write("Step 8: Generation of fake instructions from NOPs");
                foreach (Function func in routine.Functions)
                {
                    FakeCode.GenerateFakeInstructions(func);
                }
                Logging.WriteRoutine(routine, "FakeIns");
                Logging.DrawCFG(routine, "CondJumps");
                Logging.WriteComplexityMetrics(routine, "Final");
                FakeCode.CheckForProblems(routine);
                routine.Validate();
                PrintSuccess();

                Logging.WriteReadableTAC(routine, "FakeInstrFromNOPs");
            }
        }