Shulou(Shulou.com)06/01 Report--

I. brief introduction

Obfuscator-llvm is an open source code confusion compiler that can add junk code and various jump processes to compiled files, making it more difficult for reverse analysts.

II. Compilation

(1) download

At present, the latest version is 4.0. the download address is https://github.com/obfuscator-llvm/obfuscator/tree/llvm-4.0, or you can download it with git.

(2) install cmake

There is no cmake under OSX and needs to be installed, otherwise obfuscator-llvm cannot be compiled. Download address: http://www.cmake.org/download, my next version is 3.4.3. After the download is complete, go to the decompressed directory and enter the following command to install

Sudos. / bootstrap & & sudo make & & sudo make install

(3) compilation

Git clone-b llvm-4.0 https://github.com/obfuscator-llvm/obfuscator.gitmkdir buildcd buildcmake-DCMAKE_BUILD_TYPE=Release.. / obfuscator/make-J7

The bin directory of clang under build after the compilation is successful.

Third, integrate into Xcode for use

(1) modify Info.plist

First copy an Obfuscator.xcplugin:

Cd / Applications/Xcode.app/Contents/PlugIns/Xcode3Core.ideplugin/Contents/SharedSupport/Developer/Library/Xcode/Plug-ins/sudo cp-r Clang\ LLVM\ 1.0.xcplugin/ Obfuscator.xcplugincd Obfuscator.xcplugin/Contents/sudo plutil-convert xml1 Info.plistsudo vim Info.plist

Modify the following key values:

Com.apple.compilers.clang-> com.apple.compilers.obfuscatorClang LLVM 1.0 Compiler Xcode Plug-in-> Obfuscator Xcode Plug-in

When the modification is complete, execute the following command:

Sudo plutil-convert binary1 Info.plist

(2) modify xcspec

Execute the following command:

Cd Resources/sudo mv Clang\ LLVM\ 1.0.xcspec Obfuscator.xcspecsudo vim Obfuscator.xcspec

Modify the following key values:

DescriptionApple LLVM 8.0 compiler-> Obfuscator 4.0 compilerExecPathclang-> / path/to/obfuscator_bin/clangIdentifiercom.apple.compilers.llvm.clang.1_0-> com.apple.compilers.llvm.obfuscator.4_0NameApple LLVM 8.0-> Obfuscator 4.0VendorApple-> HEIG-VDVersion8.0-> 4.0

(3) modify strings

Execute the following command:

Cd English.lproj/sudo mv Apple\ LLVM\ 8.0.strings "Obfuscator 4.0.strings" sudo plutil-convert xml1 Obfuscator\ 4.0.stringssudo vim Obfuscator\ 4.0.strings

Modify the following key values:

DescriptionApple LLVM 8.0 compiler-> Obfuscator 4.0 compilerNameApple LLVM 8.0-> Obfuscator 4.0VendorApple-> HEIG-VDVersion8.0-> 4.0

Finally, execute the following command:

$sudo plutil-convert binary1 Obfuscator\ 4.0.strings

(4) modify the compilation settings of Xcode

Open Xcode, select a project, and change the GCC_VERSION of Build Setting to Obfuscator 4.0, as shown in figure 12-6.

Then add obfuscation flags

IV. Effect

After confusion, use a static tool to analyze the effect as shown below:

Original address: https://www.exchen.net/ios-hacker-obfuscator-llvm-xcode%e9%9b%86%e6%88%90%e9%85%8d%e7%bd%ae.html

Welcome to subscribe "Shulou Technology Information " to get latest news, interesting things and hot topics in the IT industry, and controls the hottest and latest Internet news, technology news and IT industry trends.