Assembly obfuscation

From: Nadasi Peter (peter_at_indigo2.hszk.bme.hu)
Date: 03/18/04

  • Next message: PlasmaDragon: "Re: Using tasm" 
    Date: Thu, 18 Mar 2004 00:25:36 +0100

    Hi,

    I'm new here :-)
    As my project on the university I would like to make an assembly
    obfuscator and I ask your help to give me advices, helps, rtfms...

    Ground idea:
    1., Compile the C, C++ or whatever source to assembly
    2., Make a proper and very hard obfuscation in the assembly code (with
    perhaps Perl or C)
    3., Build the exec from the obfuscated assembly to machine code

    Benefits:
    1., Still the same program but hard to understand when disassembled
    2., Good base for further source code watermarking
    3., We can handle our assembly source like a simple text file and make
    fine text manipulations.
    4., Does not affect (or just very little) the execution speed

    Now where I am, what are my ideas:
    1., Read the whole assembly source, and change the place of each blocks in
    file source random
    (block is eg.:
            LabelX:
                    mov %eax, %ebp
                    nop
                    jmp LabelZ
    )
     
    2., Make other jmps within the block to another bogus label make some nop
    or just simply jmp back to a new label where the rest of the original
    block should continue
    3., When jmp called then the label to jump to is computed from the former
    states of the program
    4., Make some easter-eggs, when conditional jump occured then in case of a
    specified range normal function is committed, else it jumps to another
    label where some very strange and worthless but hard to understand stuff
    is done.

    Any other ideas, advices, links or hints are welcome!
    I think in the golden era of asm were such tricks and demosceners used
    them often... asm shuffling, etc...

    Thanks in advance for your help!

    Peter

  • Next message: PlasmaDragon: "Re: Using tasm"