Repository files navigation

obfus.h is a macro-only library for compile-time obfuscating C applications, designed specifically for theTiny C (tcc). It is tailored for Windows x86 and x64 platforms and supports almost all versions of the compiler.Very reliable armor for your C programs!

• 🔍Function Call Obfuscation: Confuse function calls to make your code less readable to unauthorized eyes.
• 🛡️Anti-Debugging Techniques: Built-in mechanisms to prevent code analysis during runtime.
• 🔄Control Flow Code Mutation: Turns code into spaghetti, making it difficult to parse conditions and loops.
• 🧶Strings Hiding: Hides specified strings in a file and dynamically collects them when executed.
• 🚫Anti-Decompilation Techniques: Makes many popular decompilers useless visually breaking their output.
• 😈Fake Signatures Adding: Can add fake signatures of various packers and protectors to confuse reverse engineers.
• 🧠Virtualization: Makes math operations very difficult to understand using virtual machine commands.

Integratingobfus.h into your project is a simple process. Just include the following line in your code:

#include"obfus.h"

This will automatically obfuscate your code during compilation, ensuring protection and confidentiality of your intellectual property.

Available options for protection configuring:

// Advanced code protection (see the "Virtualization" part of the documentation!)#defineVIRT           1  // Allows you to use the functions of a math VM// Additional options#defineCFLOW_V2       1  // More powerful Control Flow obfuscation (slowly!)#defineANTIDEBUG_V2   1  // Use better dynamic anti-debugging protection#defineFAKE_SIGNS     1  // Adds fake signatures of various protectors or packers// Disabling default features#defineNO_OBF         1  // Don't obfuscate (for debugging)#defineNO_CFLOW       1  // Don't use Control-Flow obfuscation#defineNO_ANTIDEBUG   1  // Don't build in debugging protection

or use it with compiler args:

tcc "app.c" -w  -D NO_CFLOW  -D ANTIDEBUG_V2  -D FAKE_SIGNS  -D VIRT

🔐 Debugging protection is triggered by calls to many basic MSVCRT functions.In critical places in the code you can use theANTI_DEBUG; construct. For example:

ANTI_DEBUG;if (!licenseExpired()) {// ...}

TheHIDE_STRING(str) obfuscates and visually hides strings by mutating them, significantly complicating their discovery and patching in the source code. When declared in this manner, the strings are assembled on the stack throughmov instructions rather than being loaded all at once. This method ensures that the strings are not statically declared and are instead constructed at runtime, making them less susceptible to static analysis. However, it is important to note that this feature cannot be used for hiding static fields during their declaration, as it involves a function call.

An example of calling theprintf function from the standard library with static hiding of the message and its decryption on the stack:

char*hidden_message=HIDE_STRING("Hello, world!");// ...printf(hidden_message);

This is a protection technique in which certain calculations are performed through an embedded virtual machine upon command. Makes analysis of mathematical operationsvery difficult! It will work with theVIRT option enabled (and only!). Otherwise, all virtual machine commands will be replaced by ordinary mathematical operators.

The virtual machine does not support some basicdouble comparison operations.

You can use logical operators that use virtual machine calls to further complicate the understanding of your code:

This is not a complete replacement for if/else, but is just a complication of standard operators.

A simple example of using virtualization:

// ...#defineVIRT 1// ...// if ((2 + 2) == 4) { ... }VM_IF (VM_EQU(VM_ADD(2,2),4)) {printf("2 + 2 == 4!");}// if (condition1) { ... }// else if (condition2) { ... }// else { ... }VM_IF (condition1) {// if}VM_ELSE_IF (condition2) {// else if}VM_ELSE {// else}

You can find examples of using all the functions of a virtual machine in the filetests/virtualmachine.c

If you need advanced protection against skilled reversers, useCFLOW_V2 andANTIDEBUG_V2 options.

// Let's obfuscate your code!#include<stdio.h>#defineVIRT         1 // [+] Use math virtual machine#defineCFLOW_V2     1 // [+] ControlFlow v2#defineFAKE_SIGNS   1 // [+] Fake signatures#defineANTIDEBUG_V2 1 // [+] AntiDebug v2#defineNO_OBF       0 // [-] Don't obfuscate (disable all)#defineNO_CFLOW     0 // [-] Disable ControlFlow#defineNO_ANTIDEBUG 0 // [-] Disable AntiDebug#include"obfus.h"voidmain() {char*out=malloc(256);strcpy(out,HIDE_STRING("Hello, world!\n"));if (out) {printf(out);}else {printf("Error!\n");}free(out);intresult=VM_ADD(5,7);// 5 + 7VM_IF (VM_EQU(result,12)) {// (5 + 7) == 12printf("5 + 7 == 12");}}

The latest version ofTiny C (0.9.27) is recommended for use. Unfortunately, some versions of the compiler do not support the functionality needed to completely obfuscation.Visual C,GCC andClangis not supported and is unlikely to be supported.

You can usespecial script for Windows to get the latest versions ofobfus.h by downloading the package from the official repository. This is useful if you need to automate security updates without usinggit.

For example, you can use it before building your project:

+ C:\...> call obfh-update  C:\...> tcc app.c -w

The script will update the contents of the obfus.h file in the current directory (according to the specified configuration)

The code of a program (and its original original logic) protected usingobfus.h is almostimpossible to recover (deobfuscate). However, using this obfuscator does not guarantee complete protection against all types of threats.It's important to develop and maintain internal program security systems.

What the diagrammatic code will look like after obfuscation:

The reverser will see something like this if he tries to use a decompiler:

This is what all hidden strings viaHIDE_STRING feature look like in the disassembler (x86-64 arch):

  ; ; ; ; ; ; ; ; ; ; ; ; ; ; ; ; ; ; ; ; ; ; ; ; ; ; ; ; ; ; ; ; ;  ; PROTECTED STRING:                  ; ORIGINAL STRING:         ;moveax,48hlearax, aHelloWorld       ;mov[rbp-0Fh],almovr11,rax               ;moveax,65h                         ; . . .                    ;mov[rbp-0Eh],al                                               ;moveax,6Ch                                                    ;mov[rbp-0Dh],al                                               ;moveax,6Ch                                                    ;mov[rbp-0Ch],al                                               ;moveax,6Fh                                                    ;mov[rbp-0Bh],al                                               ;moveax,2Ch                                                    ;  ; etc . . .                                                     ;  ; ; ; ; ; ; ; ; ; ; ; ; ; ; ; ; ; ; ; ; ; ; ; ; ; ; ; ; ; ; ; ; ;

Thanks to everyone who helped in the development of this project. I appreciate it! ❤️

• 👨🏼‍💻@horsicq(for help with the code and advices)
• 🐺@ac3ss0r(for cool ideas and their solutions)

Andthanks to you 🤝 for paying attention to this project!