Implementing Obfuscating Transformations in the LLVM Compiler Infrastructure

The paper describes the methods for obfuscating C/C++ programs to prevent applying static analyzers to them. The methods are implemented within the well-known LLVM compiler infrastructure. Experimental results presenting resulting program slowdown and used memory growth are given.

Obfuscation, LLVM, opaque predicates

1. The LLVM Compiler Infrastructure. http://LLVM.org/

2. Obfuscator reloaded, Application Security Forum – Western Switzerland, November 7th, 2012, Yverdon-les-Bains, Switzerland. http://crypto.junod.info/obfuscatorwf12_talk.pdf

3. Chih-Fan Chen, Theofilos Petsios, Marios Pomonis, Adrian Tang. Confuse: LLVM-based Code Obfuscation. http://www.cs.columbia.edu/~aho/cs4115_Spring-2013/lectures/13-05-16_Team11_Confuse_Paper.pdf

4. Morpher http://morpher.com/

5. Rasha Salah Omar, Ahmed El-Mahdy, Erven Rohou, Thread-Based Obfuscation through Control-Flow Mangling, arXiv:1311.0044

6. Tamboli, Teja, "Metamorphic Code Generation from LLVM IR Bytecode" (2013). Master's Projects. http://scholarworks.sjsu.edu/etd_projects/301/

7. Monirul Sharif, Andrea Lanzi, Jonathon Giffin, and Wenke Lee. Impeding malware analysis using conditional code obfuscation. Informatica, 2008.

8. Dyninst. http://www.dyninst.org/dyninst

9. D. А. Shhelkunov. Primenenie zaputyvayushhikh preobrazovanij i polimorfnykh tekhnologij dlya avtomaticheskoj zashhity ispolnyaemykh fajlov ot issledovaniya i modifikatsii. [Applying obfuscation transformations and polymorphic technologies for automatic protection executable files from analysis and modification]. Trudy mezhdunarodnoj konferentsii RusKripto. [Proceedings of international conference RusCrypto]. April 2008 (in Russian).

10. А.V. Chernov. Аnaliz zaputyvayushhikh preobrazovanij programm. [Analysis obfuscating program transformations] Trudy ISP RАN [The Proceedings of ISP RAS], 2002, vol.3, pp. 7-38 (in Russian).

11. Chenxi Wang, Jonathan Hill, John Knight, and Jack Davidson. 2000. Software Tamper Resistance: Obstructing Static Analysis of Programs. Technical Report. University of Virginia, Charlottesville, VA, USA., 18 pages

12. C. Collberg, C. Thomborson, D. Low. A Taxonomy of Obfuscating Transformations. Departament of Computer Science, the University of Auckland, 1997. URL: http://www.cs.arizona.edu/~collberg/Research/Publications/CollbergThomborsonLow97a

13. Frank Tip. "A survey of program slicing techniques". Journal of Programming Languages, Volume 3, Issue 3, pages 121–189, September 1995.

14. А.V. Chernov Ob odnom metode maskirovki programm [About one method program masking], Trudy ISP RАN [The Proceedings of ISP RAS], 2003, vol.4, pp. 85-119 (in Russian).

15. M.G. Bakulin, S.S. Gaissaryan, Sh.F. Kurmangaleev, I.N. Ledovskikh, V.A. Padaryan, S.M. Shchevyeva. Dinamicheskij analiz obfustsirovannykh prilozhenij s dispetcherizatsiej ili virtualizatsiej koda. [Dynamic analysis of virtualization- or dispatching-obfuscated applications]. Trudy ISP RАN [The Proceedings of ISP RAS], 2012, vol. 23, pp. 49-66. DOI: 10.15514/ISPRAS-2012-23-3. (in Russian).