OLLVM4.0+NDK Build Environment

0x00 Project Introduction

OBFUSCATOR-LLVM is a project initiated in June, by the information security group of the University of applied S and Arts Western Switzerland of Yverdon-les-bains (HEIG-VD).

The aim of this project was to provide a open-source fork of the LLVM compilation suite able to provide increased software Security through code obfuscation and tamper-proofing. As we currently mostly work at the intermediate representation (IR) level, our tool is compatible with all programming LAN Guages (c, C + +, objective-c, Ada and Fortran) and target platforms (x86, x86-64, PowerPC, PowerPC-64, ARM, Thumb, SPARC, A Lpha, CELLSPU, MIPS, MSP430, Systemz, and XCore) currently supported by LLVM.
Source Address: https://github.com/obfuscator-llvm/obfuscator/ 

0x01 compilation Environment 

Ubuntu 16.04 32-bit obfuscator-llvm4.0 ANDROID-NDK-R10B-LINUX-X86.TAR.BZ2 

0x02 Installing the NDK

Unzip the NDK to/opt/android/ndk/
after extracting the directory
/opt/android/ndk/android-ndk-r10b
$ sudo gedit/etc/profile
# At the end of the file, add the following to set the NDK environment variable
export ndk_home=/opt/android/ndk/android-ndk-r10b
export path= $NDK _home: $PATH
$ Source/etc/profile   Make it effective

if the environment variable is not in effect, you can try to add content to the "~/.BASHRC" file
$sudo gedit ~/.BASHRC

After you have configured the environment variables, you need to verify that the build is successful, enter ndk-build at the command line, and the following hints indicate that the build was successful.

0x03 Install the compilation environment and compile the OLLVM

Install the build tool
Apt-get install cmake
apt-get install g++

compile OLLVM source
git clone-b obfuscator-llvm-4.0 HTTPS ://github.com/obfuscator-llvm/obfuscator.git
mkdir build
CD build
cmake-dcmake_build_type:string= Release: /
make-j7
in the build directory will generate a compiled program, we will only use the bin and Lib directory files

0x04 Add string obfuscation function

String obfuscation Add Method reference here 0x05 integration tool chain into the NDK

cd/opt/android/ndk/android-ndk-r10b/toolchains/
mkdir obfuscator-llvm-4.0

Copy the following directories and files from the llvm-3.3 directory in the Toolchains directory to obfuscator-llvm-4.0

1.prebuilt directories and files 
2.config.mk
3.setup.mk
4.setup-common.mk

Replace Bin and Lib under obfuscator-llvm-4.0/prebuilt/linux-x86 with our compiled bin and Lib
Then copy the following file and change the name as follows

arm-linux-androideabi-clang3.4->arm-linux-androideabi-obfuscator4.0
mipsel-linux-android-clang3.4-> mipsel-linux-android-obfuscator4.0
x86-clang3.4-> x86-obfuscator4.0

Change the value of the Llvm_name in the setup.mk in the three-copy folder to

    Llvm_name: = obfuscator-llvm-$ (llvm_version)

0x06 using OLLVM to generate obfuscated programs

0. Confusing parameter explanation

-MLLVM-FLA Open Control Flow platform
-mllvm-sub Open command replace
-MLLVM-BCF turn on false control flow
-MLLVM-SOBF turn on string obfuscation
-mllvm-seed= 0XDEADBEAF Specifies the random number seed generator

BCF can be used with the following parameters using
-mllvm-bcf_loop=3 set function obfuscation times to 3 no this option defaults to 1 times
-mllvm-bcf_prob=40 The probability of setting the code block to be confused is 40%, the default 30%

[Learn more] (Https://github.com/obfuscator-llvm/obfuscator/wiki) 

1. Create a project catalog here is Hello
2. Create sub-directory JNI
3. Create the ANDROID.MK in the JNI directory and write the Mk file as required

Local_path: = $ (call My-dir)
include $ (clear_vars)
local_module    : = Hello
local_src_files: = hello.c
Local_cflags + =-mllvm-sub-mllvm-bcf-mllvm-bcf_loop=3  -mllvm-bcf_prob=40-mllvm-fla-mllvm-split_num=10- MLLVM-SOBF
Local_arm_mode: = ARM
include $ (build_executable)

4. Create the application.mk in the JNI directory and write the Mk file as required

Local_path: = $ (call My-dir)
include $ (clear_vars)
App_abi: = Armeabi
ndk_toolchain_version: = obfuscator4.0
include $ (build_executable)

5. Create a code file under the JNI directory hello.c

#include <stdio.h>
int main (int argc, char** argv)
{
    int a=1;
    int b=0;
    if (a>b)
    {
        printf ("snow:%d\n", a);
    }
    else{
        printf ("test:%d\n", b);
    }
    return 0;       
}

6. Execute the ndk-build command in the project directory

7. Non-confusing effects

8. The effect after confusion

String Obfuscation effect

0x07 Problems and Solutions 

BCF does not support the Invoke command

In the actual use of the process, found that OLLVM currently does not support @synchronized, Try...catch and other minority syntax, and then lead to BCF error. These grammars generate an invoke instruction, which can now be filtered to include the Invokeinst method before BCF, and the code can refer to the GitHub address. 0x08 Reference Documentation

http://fighting300.com/2017/09/18/ollvm-with-StringObfuscate/
https://github.com/fighting300/obfuscator/commit/ae0e5acd873cd9a8c839a013a635422022fd0d6b
Https://github.com/GoSSIP-SJTU/Armariris
Https://github.com/obfuscator-llvm/obfuscator/wiki
http://blog.csdn.net/wangbaochu/article/details/45370543