Skip to content

Commit

Permalink
update example
Browse files Browse the repository at this point in the history
  • Loading branch information
lapla-cogito committed Aug 21, 2024
1 parent 7654ab4 commit 0b83161
Show file tree
Hide file tree
Showing 4 changed files with 26 additions and 20 deletions.
28 changes: 16 additions & 12 deletions README.md
Original file line number Diff line number Diff line change
Expand Up @@ -51,6 +51,9 @@ ELF Header:
Class: ELF64
Data: 2's complement, big endian
...
$ objdump -d obfuscated
objdump: obfuscated: file format not recognized
```

## Architcture obfuscation
Expand All @@ -66,6 +69,9 @@ input: ELF 64-bit LSB pie executable, x86-64, version 1 (SYSV), dynamically link
$ file obfuscated
obfuscated: ELF 32-bit LSB shared object, x86-64, version 1 (SYSV), no program header, no section header
$ objdump -d obfuscated
objdump: obfuscated: file format not recognized
```

## Section header obfuscation
Expand Down Expand Up @@ -152,18 +158,16 @@ As shown below, only the system function is called in the main function as far a
```
$ objdump -d bin/res_got
...
00000000004011d2 <main>:
4011d2: f3 0f 1e fa endbr64
4011d6: 55 push %rbp
4011d7: 48 89 e5 mov %rsp,%rbp
4011da: 48 83 ec 10 sub $0x10,%rsp
4011de: 48 8d 05 36 0e 00 00 lea 0xe36(%rip),%rax # 40201b <_IO_stdin_used+0x1b>
4011e5: 48 89 c7 mov %rax,%rdi
4011e8: e8 73 fe ff ff call 401060 <system@plt>
4011ed: 89 45 fc mov %eax,-0x4(%rbp)
4011f0: b8 00 00 00 00 mov $0x0,%eax
4011f5: c9 leave
4011f6: c3 ret
00000000004011e1 <main>:
4011e1: f3 0f 1e fa endbr64
4011e5: 55 push %rbp
4011e6: 48 89 e5 mov %rsp,%rbp
4011e9: 48 8d 05 2b 0e 00 00 lea 0xe2b(%rip),%rax # 40201b <_IO_stdin_used+0x1b>
4011f0: 48 89 c7 mov %rax,%rdi
4011f3: e8 68 fe ff ff call 401060 <system@plt>
4011f8: b8 00 00 00 00 mov $0x0,%eax
4011fd: 5d pop %rbp
4011fe: c3 ret
...
```

Expand Down
Binary file modified bin/got
Binary file not shown.
11 changes: 6 additions & 5 deletions bin/got.c
Original file line number Diff line number Diff line change
@@ -1,14 +1,15 @@
// gcc got.c -no-pie -o got
#include<stdio.h>
#include<stdlib.h>
#include <stdio.h>
#include <stdlib.h>

int secret(char* s) {
if (s[0] == 's' && s[1] == 'e' && s[2] == 'c' && s[3] == 'r' && s[4] == 'e' && s[5] == 't') {
puts("secret function called");
if (s[0] == 's' && s[1] == 'e' && s[2] == 'c' && s[3] == 'r' && s[4] == 'e' && s[5] == 't' && s[6] == '?') {
printf("secret function called\n");
}

return 0;
}

int main() {
int x=system("secret");
system("secret?\n");
}
7 changes: 4 additions & 3 deletions src/obfus.rs
Original file line number Diff line number Diff line change
@@ -1,4 +1,5 @@
use std::io::prelude::*;
use std::io::Read as _;
use std::io::Write as _;

pub const HEADER_MAGIC: [u8; 4] = [0x7f, 0x45, 0x4c, 0x46];

Expand Down Expand Up @@ -224,7 +225,7 @@ impl Obfuscator {
Ok(())
}

fn get_dyn_func_id(&self, function: &str) -> crate::error::Result<u64> {
fn get_dyn_func_idx(&self, function: &str) -> crate::error::Result<u64> {
let idx = self.dyn_strings.find(function).unwrap();
let (section_addr, section_size, entry_size, _) = self.get_section(".dynsym").unwrap();

Expand Down Expand Up @@ -280,7 +281,7 @@ impl Obfuscator {
));
}

let dyn_func = self.get_dyn_func_id(target_function_name)?;
let dyn_func = self.get_dyn_func_idx(target_function_name)?;

if self.is_64bit() {
let (section_addr, section_size, entry_size, _) =
Expand Down

0 comments on commit 0b83161

Please sign in to comment.