0基础学习ollvm反混淆之-0x00-使用ollvm 命令行混淆

代码

• test.c

#include <stdio.h>
// #include <string.h>

int main() {
  char input[100];
  scanf("%s", input);
  if (!strcmp(input, "1")) {
    printf("This is '1' branch");
  } else if (!strcmp(input, "2")) {
    printf("This is '2' branch");
  } else {
    printf("This is 'else' branch");
  }
  return 0;
}

编译选项

# -enable-bcfobf Enable Bogus Control Flow
# -enable-cffobf Enable Control Flow Flattening
# -enable-splitobf Enable Basic Block Spliting
# -enable-subobf Enable Instruction Substitution
# -enable-acdobf Enable AntiClassDump Mechanisms
# -enable-indibran Enable Register-Based Indirect Branching
# -enable-strcry Enable String Encryption
# -enable-funcwra Enable Function Wrapper
# -enable-fco Enable FunctionCallObfuscate. (See HERE for full usage)

混淆单个选项

• ~/yourpath/clang-15 test.c -mllvm -enable-cffobf -o ./flaCFG -isysroot xcrun --show-sdk-path -target arm64-apple-darwin -arch arm64

参考链接

• https://www.i3r0nya.cn/security-note/ollvm-deobfuscate/
• https://oacia.dev/ollvm-study/
• https://gal2xy.github.io/2024/06/25/LLVM%20and%20OLLVM/ollvm%E5%8F%8D%E6%B7%B7%E6%B7%86/