es3n1n / obfuscator Goto Github PK

This topic is truly fascinating and, unfortunately, there isn't much about it on the internet. It would be interesting if, in the future, we could see some basic content regarding bin2bin code virtualization. 😊

I have tried clang17/libc++abi-17-dev on kali but failed on linker (looks like some symbols couldn't found in libc++, compiled 100% )
Then I tried other llvm docker but also failed .
If would be helpful to provide some version information as c++23 is not stably supported

I've tried this tool on a small test program, and I ran into this error.

Tested on a c, and a cpp file. I got the same result.
I tried running the command in Administrator mode, but that did not solve my problem either.

hi, can I use this after use Themida?
or
can I use Themida after use this?

thanks!

command: obfuscator.exe stage1.dll -f main (seed irrelevant)
crash at:

sample: RelWithDebInfo.zip (It's part of fumo_loader, one of my projects, just built with symbols)

discord name: nezu.cc in case you need that

obf a.exe -f main
15:56:52.897 | [ info ] random: seed is 0xf758817f291fee
15:56:52.900 | [ info ] main: loading binary from a.exe
15:56:52.905 | [ debug ] pe: parsed 11 sections
15:56:52.907 | [critical] RUNTIME ERROR: pe: duplicated 0x22b000 rva entry

Tried this on two .exes. Not too sure why, mabye I need to disable a compiler setting when compiling a.exe?

Some of the project files that are header only can benefit from having source files created for them.
As per https://github.com/es3n1n/obfuscator/blob/master/todo.txt#L1

PS C:\Users\user\Desktop\obfuscator> C:\Users\user\Desktop\obfuscator\build\src\Release\obfuscator.exe ..\test.exe
09:45:08.662 | [  info  ] random: seed is 0x87ee46b82834fc34
09:45:08.666 | [  info  ] main: loading binary from ..\test.exe
09:45:08.696 | [ debug  ] pe: parsed 15 sections
09:45:08.700 | [ debug  ] pe: parsed total number of 29309 relocations
09:45:08.701 | [  info  ] func_parser: discovering functions: 0%
09:45:08.702 | [  info  ] func_parser: discovering functions: 25%
09:45:08.703 | [  info  ] func_parser: discovering functions: 50%
09:45:08.705 | [  info  ] func_parser: discovering functions: 75%
09:45:08.708 | [  info  ] func_parser: discovering functions: 100% took 7 ms
09:45:08.712 | [critical] RUNTIME ERROR: parser: Parsed 0 functions in total

text.exe is a golang binary, I also tried a c binary and same issue. Any idea how to fix the issue?

13:10:14.962 | [ info ] random: seed is 0x5904f32cf6a0ce77
13:10:14.964 | [ info ] main: loading binary from test.exe
13:10:14.968 | [ debug ] pe: parsed 6 sections
13:10:14.969 | [ debug ] pe: parsed total number of 232 relocations
13:10:14.970 | [ info ] func_parser: discovering functions: 0%
13:10:15.026 | [ debug ] pdb: Parsed 38 types of DBI symbols
13:10:15.058 | [ info ] func_parser: discovering functions: 25%
13:10:15.058 | [ info ] func_parser: discovering functions: 50%
13:10:15.062 | [ info ] func_parser: discovering functions: 75%
13:10:15.066 | [ info ] func_parser: discovering functions: 100% took 96 ms
13:10:15.068 | [ debug ] func_parser: discovered 3089 functions
13:10:15.069 | [ info ] obfuscator: setting up functions: 9223372036854775808% took 13 microseconds
13:10:15.070 | [ info ] obfuscator: got 0 function(s) to obfuscate
13:10:15.075 | [critical] RUNTIME ERROR: obfuscator: got 0 functions to protect

It gives me this error for every .exe that I try

Smaller functions with only one basic block breaks most of the transforms. A fix for this would be writing a transform that splits it up into multiple.

mov rax, 1
ret

becomes

:bb1
mov rax, 1
jmp bb2

:bb2
ret

Command I've used to perform:

"C:\Users\geork\Documents\Github\obfuscator\build\src\RelWithDebInfo\obfuscator.exe" C:\Users\geork\Documents\Github\obfox\test_app\AppKey\x64\Debug\AppKey.exe -pdb C:\Users\geork\Documents\Github\obfox\test_app\AppKey\x64\Debug\AppKey.pdb -f main -t ConstantCrypt -t BogusControlFlow -t DecompBreak -t Substitution -v SomeValue0 133

AppKey source code:

#include <stdio.h>
#include <string.h>


#define PASS "key01234"
#define BUFF_SIZE 0xFF

int main(void) {
	printf("Enter key: ");
	char key[BUFF_SIZE];

	fgets(key, BUFF_SIZE, stdin);
	key[sizeof(PASS) - 1] = '\0';

	if (strcmp(key, PASS) == 0) {
		printf("Correct key!\n");
	} else {
		printf("Incorrect key!\n");
	}

	getchar();
	return 0;
}

I've tried both Release and Release with debug info versions of obfuscator. Both do nothing, guess it because of exception:

Console output:

If I remove all of the transforms I want to apply to program and leave only, for example, ConstantCrypt still doesn't work.

Is iOS (MachO) supported?

I get this error during cmake building. Any idea how to solve this? Thanks!

Good job, mate!
Do you have any idea to rebuild executable without adding second executeble section?
I think it have to look like as https://github.com/jnastarot/furikuri project