Skip to content
This repository has been archived by the owner on Sep 25, 2023. It is now read-only.

Functions Annotations

Zhang edited this page Dec 12, 2018 · 1 revision

Description

Annotations allows you to specify functions by functions what obfuscations (or not) to apply.

How to use it

Below we use ControlFlowFlattening as an example, which has corresponding FunctionAnnotation Flag fla. You can find a table of all FA flags at the end of this article

C++/C functions

Simply add attributes to your functions.
For example, if you have ten functions, but you only want the function int foo() to be obfuscated, you can declare it like that:

int foo() __attribute((__annotate__(("fla"))));
int foo() {
   return 2;
}

You can add use one or more annotations for each function. You can also use the "reverse flag" if you want to disable an obfuscation on a function (for e.g. if you want to disable the Bogus Control Flow on a function, use the annotation "nobcf").

ObjC Methods

Since CFE is ignoring attributes for ObjC Methods. Hikari implemented a alternative solution based on adding pseudo calls. For example you want to pass fla like the C++/C example:

extern void hikari_fla(void);
@implementation foo2:NSObject
+(void)foo{
  hikari_fla();
  NSLog(@"FOOOO2");
}
@end

Supported Flags

  • sub Instruction Substitution
  • bcf Bogus Control Flow
  • fla Control Flow Flattening
  • fco Function Call Obfuscate
  • fw FunctionWrapper
  • indibr Indirect Branching
  • split Split Basic Block
  • strenc String Encryption

Note that this is highly experimental