Proceedings of ISP RAS


Implementing Obfuscating Transformations in the LLVM Compiler Infrastructure.

Victor Ivannikov, Shamil Kurmangaleev, Andrey Belevantsev, Alexey Nurmukhametov, Valery Savchenko, Hripsime Matevosyan, Arutyun Avetisyan.

Abstract

Actual task is protecting programs from reverse engineering. The best choice to implement a resistant obfuscation is to create obfuscating compiler based on one of the existing compiler infrastructures. On the one hand, it will produce obfuscated program, with full information about it at all stages of compilation, and the other allows you to focus on the development of protection, rather than on creating the infrastructure required. In addition, this approach provides support for multiple architectures, as well as introduces watermarks for binary images of the program for each user depending from a unique key.

The paper describes the methods for obfuscating C/C++ programs to prevent applying static analyzers to them. Paper observes existing obfuscating compilers. The proposed transformations are based on well-known obfuscation algorithms (including constant string protection, fake cycle insertion, control flow graph flattening, functions merge, function call encapsulation, control flow graph structure obfuscation, opaque predicate insertion and other) and they are specifically improved to resist better to static analysis deobfuscation techniques. The methods are implemented within the LLVM (low level virtual machine) compiler infrastructure. Experimental results presenting resulting program slowdown and used memory growth are given.

Keywords

Obfuscation, LLVM, opaque predicates.

Edition

Proceedings of the Institute for System Programming, vol. 26, issue 1, 2014, pp. 327-342.

ISSN 2220-6426 (Online), ISSN 2079-8156 (Print).

DOI: 10.15514/ISPRAS-2014-26(1)-12

Full text of the paper in pdf Back to the contents of the volume