Skip to content
This repository has been archived by the owner on Sep 25, 2023. It is now read-only.

Usage

Jump to bottom
Zhang edited this page May 4, 2019 · 5 revisions

The following flags are supported

  • -enable-bcfobf Enable Bogus Control Flow
  • -enable-cffobf Enable Control Flow Flattening
  • -enable-splitobf Enable Basic Block Spliting
  • -enable-subobf Enable Instruction Substitution
  • -enable-acdobf Enable AntiClassDump Mechanisms
  • -enable-indibran Enable Register-Based Indirect Branching
  • -enable-strcry Enable String Encryption
  • -enable-funcwra Enable Function Wrapper
  • -enable-fco Enable FunctionCallObfuscate. (See HERE for full usage)

And there is an extra -enable-allobf that enables all the aforementioned obfuscations.
The flags are LLVM-level flags. Unless you are hacking LLVM itself, in which case I believe you already know all these, otherwise you are probably using the compiler frontend, In which case you should add a prefix (-mllvm for Clang) to each option and add them to CFLAGS. For example enable everything and set the probability of BogusControlFlow to 100% would be adding -mllvm -enable-allbcf -mllvm -bcf_prob=100 to CFLAGS.
Flags marked with LTO should be passed at LTO stage, this is done though linker flags,which is something like -Wl,-mllvm,-enable-symobf

Turn off optimizer so compiler's aggressive optimization won't fuck up our obfuscation

Summary

Clone this wiki locally