Skip to content

Commit 879a2e2

Browse files
expend20expend20
committed
readme update
1 parent 4578084 commit 879a2e2

1 file changed

Lines changed: 52 additions & 4 deletions

File tree

README.md

Lines changed: 52 additions & 4 deletions
Original file line numberDiff line numberDiff line change
@@ -1,12 +1,12 @@
11
# Shifting Codes
22

3-
Python port of [Pluto](https://github.com/bluesadi/Pluto) LLVM obfuscation passes using [llvm-nanobind](https://github.com/LLVMParty/llvm-nanobind) bindings (fork: [transformation-api](https://github.com/expend20/llvm-nanobind/tree/transformation-api)), with a PyQt6 visualization UI.
3+
Python port of [Pluto](https://github.com/bluesadi/Pluto) and [Polaris](https://github.com/polaris-obfuscator/polaris-obfuscator) LLVM obfuscation passes using [llvm-nanobind](https://github.com/LLVMParty/llvm-nanobind) bindings (fork: [transformation-api](https://github.com/expend20/llvm-nanobind/tree/transformation-api)), with a PyQt6 visualization UI.
44

55
![](assets/UI-showcase.gif)
66

77
## Passes
88

9-
Six obfuscation passes are available:
9+
### [Pluto](https://github.com/bluesadi/Pluto) (6 passes)
1010

1111
| Pass | Type | Description |
1212
|------|------|-------------|
@@ -17,6 +17,21 @@ Six obfuscation passes are available:
1717
| **Global Encryption** | Module | XOR-encrypts global variable initializers with runtime decryption stubs |
1818
| **Indirect Call** | Module | Replaces direct function calls with indirect calls through function pointers |
1919

20+
### [Polaris](https://github.com/polaris-obfuscator/polaris-obfuscator) (8 passes)
21+
22+
Upgraded versions of four Pluto passes plus four new passes:
23+
24+
| Pass | Type | Description |
25+
|------|------|-------------|
26+
| **Bogus Control Flow** | Function | Modular-arithmetic opaque predicates (upgraded from Pluto's trivial predicates) |
27+
| **Flattening** | Function | Switch-based dispatch with dominance-based state encryption (upgraded from plaintext) |
28+
| **Global Encryption** | Module | Use-based discovery with per-function decryption via shared helper (upgraded from single-site inline) |
29+
| **Indirect Call** | Module | Per-call-site globals with add/subtract pointer masking (upgraded from shared GV, no masking) |
30+
| **Indirect Branch** | Function | Replaces direct branches with indirect jumps through obfuscated jump tables |
31+
| **Alias Access** | Function | Obscures local variable access through pointer aliasing and multi-level struct indirection |
32+
| **Custom CC** | Module | Randomly assigns non-standard calling conventions to internal functions |
33+
| **Merge Function** | Module | Merges multiple functions into a single switch-based dispatcher |
34+
2035
## Prerequisites
2136

2237
- **Python 3.12+**
@@ -46,15 +61,45 @@ Six obfuscation passes are available:
4661

4762
## Usage
4863

64+
Pluto passes:
65+
66+
```python
67+
from shifting_codes.passes import PassPipeline
68+
from shifting_codes.passes.substitution import SubstitutionPass
69+
from shifting_codes.passes.mba_obfuscation import MBAObfuscationPass
70+
from shifting_codes.passes.bogus_control_flow_pluto import PlutoBogusControlFlowPass
71+
from shifting_codes.passes.flattening_pluto import PlutoFlatteningPass
72+
from shifting_codes.passes.global_encryption_pluto import PlutoGlobalEncryptionPass
73+
from shifting_codes.passes.indirect_call_pluto import PlutoIndirectCallPass
74+
from shifting_codes.utils.crypto import CryptoRandom
75+
76+
rng = CryptoRandom(seed=42)
77+
78+
pipeline = PassPipeline()
79+
pipeline.add(SubstitutionPass(rng=rng))
80+
pipeline.add(MBAObfuscationPass(rng=rng))
81+
pipeline.add(PlutoBogusControlFlowPass(rng=rng))
82+
pipeline.add(PlutoFlatteningPass(rng=rng))
83+
pipeline.add(PlutoGlobalEncryptionPass(rng=rng))
84+
pipeline.add(PlutoIndirectCallPass(rng=rng))
85+
86+
pipeline.run(mod, ctx)
87+
```
88+
89+
Polaris passes:
90+
4991
```python
50-
import llvm
5192
from shifting_codes.passes import PassPipeline
5293
from shifting_codes.passes.substitution import SubstitutionPass
5394
from shifting_codes.passes.mba_obfuscation import MBAObfuscationPass
5495
from shifting_codes.passes.bogus_control_flow import BogusControlFlowPass
5596
from shifting_codes.passes.flattening import FlatteningPass
5697
from shifting_codes.passes.global_encryption import GlobalEncryptionPass
5798
from shifting_codes.passes.indirect_call import IndirectCallPass
99+
from shifting_codes.passes.indirect_branch import IndirectBranchPass
100+
from shifting_codes.passes.alias_access import AliasAccessPass
101+
from shifting_codes.passes.custom_cc import CustomCCPass
102+
from shifting_codes.passes.merge_function import MergeFunctionPass
58103
from shifting_codes.utils.crypto import CryptoRandom
59104

60105
rng = CryptoRandom(seed=42)
@@ -66,8 +111,11 @@ pipeline.add(BogusControlFlowPass(rng=rng))
66111
pipeline.add(FlatteningPass(rng=rng))
67112
pipeline.add(GlobalEncryptionPass(rng=rng))
68113
pipeline.add(IndirectCallPass(rng=rng))
114+
pipeline.add(IndirectBranchPass(rng=rng))
115+
pipeline.add(AliasAccessPass(rng=rng))
116+
pipeline.add(CustomCCPass(rng=rng))
117+
pipeline.add(MergeFunctionPass(rng=rng))
69118

70-
# Apply to a module
71119
pipeline.run(mod, ctx)
72120
```
73121

0 commit comments

Comments
 (0)