Home

Awesome

What is ADVobfuscator?

ADVobfuscator demonstates how to use C++11/14 language to generate, at compile time, obfuscated code without using any external tool and without modifying the compiler. The technics presented rely only on C++11/14, as standardized by ISO. It shows also how to introduce some form of randomness to generate polymorphic code and it gives some concrete examples like the encryption of strings literals and the obfuscation of calls using finite state machines.

ADVobfuscator is delivered as a set of source file (source code library). You have to include them into your project and call the appropriate functions or macro. This is not a magic black box or some kind of code pre-processor or post-processor. It has to be integrated manually into your source code.

If you are looking for a more transparent obfuscator, look at Obfuscator-LLVM or strong.codes (commercial version of Obfuscator-LLVM). Note: I have no affiliation with Obfuscator-LLVM and strong.codes. I just know some of those swiss folks.

News

August 2017

August 2016

Several enhancement (suppress warnings, fix some errors, enhance portability). In more details:

August 2015

ADVobfuscator code has been updated for Visual Studio 2015. ADVobfuscator is now compatible with the RTM release of Visual Studio 2015 (previous versions or CTP releases are not). The whitepaper is not yet updated. The code has also been modified in order to avoid problems with O3 optimization and GCC. GCC with O3 defeats obfuscation (because it optimizes too much) and sometimes generates wrong code (not clear yet if it is a bug in GCC or in ADVobfuscator).

How to use it?

First you have to follow the requirements below. Then, you just have to include ADVobfuscator header files and use macros such as OBFUSCATED to protect your strings or function calls.

Look at the examples in the Examples folder.

Prerequisites

Boost Library

You have to install the Boost library in order to use some features of ADVdetector (it is used by FSM). To install Boost:

Examples

Linux

cd Examples
make

Each example is in its subdirectory.

macOS

Open ADVobfuscator.xcworkspace and build each example.

Windows

Open ADVobfuscator.sln. Be sure to change the path to Boost library for each project (Properties | C/C++ | General | Additional Include Directories).

Debug Builds

Debug builds are very special: Compiler do not have (and do not most of the time) respect statement such as inline or constexpr. All optimizations are also, by default, disabled. Compilers are doing this for a good reason: let you debug, single step, etc.

As a consequence, ADVobfuscator is not compatible with Debug builds. It works only for Release builds.

Compatibility

ADVobfuscator has been tested with:

Other compilers are probably compatible if they are C++11/14 compliant.

Future Directions

These are ideas for the next few months:

Files and Folders

Files and FoldersDescription
README.mdThis file
LibADVobfuscator library
ExamplesExamples of using ADVobfuscator
Examples/MakefileMake file that build all the examples
Examples/ObfuscatedStringExample of using ADVobfuscator to obfuscate strings
Examples/ObfuscatedCallsExample of using ADVobfuscator to obfuscate function calls
Examples/DetectDebuggerExample of using ADVobfuscator to obfuscate function calls triggered by a predicate
DocsMy talks and white papers
DocCodeCode memtionned in the documents

Lib

FilesDescription
Indexes.hGenerate list of indexes at compile time (0, 1, 2, ... N)
MetaFSM.hTemplate to generate Finite State Machines at compile time
MetaRandom.hGenerate a pseudo-random number at compile time
MetaString.hObfuscated string - version 4 - Random encryption algorithm
ObfuscatedCall.hObfuscate function call
ObfuscatedCallWithPredicate.hObfuscate function call, execute a FSM based on a predicate
ADVobfuscator.xcodeprojProject for Apple Xcode
ADVobfuscator.slnVisual Studio 2015 Solution

DocCode

FilesDescription
MetaFactorial.hCompute factorial at compile time
MetaFibonacci.hCompute fibonacci sequence at compile time
MetaString1.hObfuscated string - version 1
MetaString2.hObfuscated string - version 2 - Remove truncation
MetaString3.hObfuscated string - version 3 - Random key
MetaString4.hObfuscated string - version 4 - Random encryption algorithm

Examples

FilesDescription
DetectDebugger.cppDebugger detection, implemented for Mac OS X and iOS. It is used by ObfuscatedCallWithPredicate (FSM)
DetectDebugger.hDebugger detection, declaration
main.cppSamples
MakefileSimple makefile for GCC
ADVobfuscator.slnVisual Studio 2017 Solution
ADVobfuscator.xcworkspaceXcode workspace

Copyright and license

Written by Sebastien Andrivet - Copyright © 2010-2017 Sebastien Andrivet.

Redistribution and use in source and binary forms, with or without modification, are permitted provided that the following conditions are met:

  1. Redistributions of source code must retain the above copyright notice, this list of conditions and the following disclaimer.

  2. Redistributions in binary form must reproduce the above copyright notice, this list of conditions and the following disclaimer in the documentation and/or other materials provided with the distribution.

  3. Neither the name of the copyright holder nor the names of its contributors may be used to endorse or promote products derived from this software without specific prior written permission.

THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.