Skip to content
pyknite edited this page Nov 4, 2014 · 4 revisions

Description

This method modifies a function call graph by adding a basic block before the current basic block. This new basic block contains an opaque predicate and then makes a conditional jump to the original basic block.

The original basic block is also cloned and filled up with junk instructions chosen at random.

Available Compiler Options

  • -mllvm -bcf: activates the bogus control flow pass
  • -mllvm -perBCF=20: if the pass is activated, applies it on all functions with a probability of 20%. Default: 100
  • -mllvm -boguscf-loop=3: if the pass is activated, applies it 3 times on a function. Default: 1
  • -mllvm -boguscf-prob=40: if the pass is activated, a basic bloc will be obfuscated with a probability of 40%. Default: 30

Implemented Technique

Here is an example: the following C code snippet

#include <stdlib.h>
int main(int argc, char** argv) {
  int a = atoi(argv[1]);
  if(a == 0)
    return 1;
  else
    return 10;
  return 0;
}

translates to the following intermediate representation:

main_c

After the bogus controlflow pass, we might obtain the following flow graph :

main_c_bcf

Clone this wiki locally