Building an obfuscation compiler based on LLVM infrastructure

The paper describes the obfuscating transformations, which were implemented while developing an LLVM-based obfuscating compiler in ISP RAS.  The proposed transformations are based on well-known obfuscation algorithms and are specifically improved to resist better to static analysis deobfuscation techniques.  The application performance decrease estimation and the increase of application memory consumption estimation are presented. Also, the possibility of source code information recovery is estimated. The implemented obfuscating transformations can be applied together to the given application to provide the strong protection from the static analysis deobfuscation attacks.

LLVM, obfuscation

1. Chris Lattner. LLVM: An Infrastructure for Multi-Stage Optimization.— Master’s thesis, Computer Science Dept., University of Illinois at Urbana-Champaign, Urbana, IL, 61 pages

2. D. А. Shhelkunov. Primenenie zaputyvayushhikh preobrazovanij i polimorfnykh tekhnologij dlya avtomaticheskoj zashhity ispolnyaemykh fajlov ot issledovaniya i modifikatsii. [Applying obfuscation transformations and polymorphic technologies for automatic protection executable files from analysis and modification]. Trudy mezhdunarodnoj konferentsii RusKripto. [Proceedings of international conference RusCrypto]. April 2008 (in Russian).

3. А.V. Chernov. Аnaliz zaputyvayushhikh preobrazovanij programm. [Analysis obfuscating program transformations] Trudy ISP RАN [The Proceedings of ISP RAS], 2002, vol.3, pp. 7-38 (in Russian).

4. Chenxi Wang, Jonathan Hill, John Knight, and Jack Davidson. 2000. Software Tamper Resistance: Obstructing Static Analysis of Programs. Technical Report. University of Virginia, Charlottesville, VA, USA., 18 pages

5. Ilya N. Ledovskikh, Maxim G. Bakulin. Podkhod k vosstanovleniyu potoka upravleniya zaputannoj programmy. [An Approach to Reconstruction Control Flow of the Obfuscated Program] Trudy ISP RАN [The Proceedings of ISP RAS], 2012, vol. 22, pp. 153-168 (in Russian).

6.

7.

8. N.P. Varnovskij, А.V. Shokurov. Gomomorfnoe shifrovanie. [Homomorphic encryption]. Trudy ISP RАN [The Proceedings of ISP RAS], 2007. Vol. 12, pp. 27-36. (in Russian).

9. Christian Collberg. Jasvir Nagra Surreptitious Software: Obfuscation, Watermarking, and Tamperproofing for Software Protection. Addison-Wesley Professional. Pub. Date: July 24, 2009. Print ISBN-10: 0-321-54925-2.

10. N.P. Varnovskij, V.А. Zakharov, N.N. Kuzyurin, А.V. Chernov, А.V. Shokurov. Ob osobennostyakh primeneniya metodov obfuskatsii programm dlya informatsionnoj zashhity mikroehlektronnykh skhem. [About usage features of the program obfuscation techniques applying to informational microelectronic circuits security]. Trudy ISP RАN [The Proceedings of ISP RAS], 2006, vol. 11, pp. 27-60 (in Russian).

11. А.V. Chernov Ob odnom metode maskirovki programm [About one method program masking], Trudy ISP RАN [The Proceedings of ISP RAS], 2003, vol.4, pp. 85-119 (in Russian).

12. M.G. Bakulin, S.S. Gaissaryan, Sh.F. Kurmangaleev, I.N. Ledovskikh, V.A. Padaryan, S.M. Shchevyeva. Dinamicheskij analiz obfustsirovannykh prilozhenij s dispetcherizatsiej ili virtualizatsiej koda. [Dynamic analysis of virtualization- or dispatching-obfuscated applications]. Trudy ISP RАN [The Proceedings of ISP RAS], 2012,vol. 23, pp. 49-66. (in Russian).