forked from obfuscator-llvm/obfuscator
-
Notifications
You must be signed in to change notification settings - Fork 317
Bogus Control Flow
pyknite edited this page Nov 4, 2014
·
4 revisions
This method modifies a function call graph by adding a basic block before the current basic block. This new basic block contains an opaque predicate and then makes a conditional jump to the original basic block.
The original basic block is also cloned and filled up with junk instructions chosen at random.
-
-mllvm -bcf
: activates the bogus control flow pass -
-mllvm -perBCF=20
: if the pass is activated, applies it on all functions with a probability of 20%. Default: 100 -
-mllvm -boguscf-loop=3
: if the pass is activated, applies it 3 times on a function. Default: 1 -
-mllvm -boguscf-prob=40
: if the pass is activated, a basic bloc will be obfuscated with a probability of 40%. Default: 30
Here is an example: the following C code snippet
#include <stdlib.h>
int main(int argc, char** argv) {
int a = atoi(argv[1]);
if(a == 0)
return 1;
else
return 10;
return 0;
}
translates to the following intermediate representation:
After the bogus controlflow pass, we might obtain the following flow graph :