-
Notifications
You must be signed in to change notification settings - Fork 550
Functions Annotations
Annotations allows you to specify functions by functions what obfuscations (or not) to apply.
Below we use ControlFlowFlattening as an example, which has corresponding FunctionAnnotation Flag fla
. You can find a table of all FA flags at the end of this article
Simply add attributes to your functions.
For example, if you have ten functions, but you only want the function int foo() to be obfuscated, you can declare it like that:
int foo() __attribute((__annotate__(("fla"))));
int foo() {
return 2;
}
You can add use one or more annotations for each function. You can also use the "reverse flag" if you want to disable an obfuscation on a function (for e.g. if you want to disable the Bogus Control Flow on a function, use the annotation "nobcf").
Since CFE is ignoring attributes for ObjC Methods. Hikari implemented a alternative solution based on adding pseudo calls. For example you want to pass fla
like the C++/C example:
extern void hikari_fla(void);
@implementation foo2:NSObject
+(void)foo{
hikari_fla();
NSLog(@"FOOOO2");
}
@end
-
sub
Instruction Substitution -
bcf
Bogus Control Flow -
fla
Control Flow Flattening -
fco
Function Call Obfuscate -
fw
FunctionWrapper -
indibr
Indirect Branching -
split
Split Basic Block -
strenc
String Encryption
Note that this is highly experimental