-
Notifications
You must be signed in to change notification settings - Fork 9
enferex/GOAT-Plugs
Folders and files
Name | Name | Last commit message | Last commit date | |
---|---|---|---|---|
Repository files navigation
GOAT-Plugs: GCC Obfuscation Augmentation Tools A set of GCC plugins to aid in obfuscating binaries. == About == GOAT-Plugs provides a series of GCC plugins that aid in obfuscating binaries. The respective directory READMEs provide a better description of what the various plugins can do. One goal of GOAT-Plugs is to introduce those interested in computer security what they can do with GCC plugins. The focus here is primarily obfuscating data in binaries, which helps to avoid malware detection. hatch -- Example plugin that inserts a function, which further calls "system" on the executing machine. The system call spawns a netcat socket listening on port 666 and upon connection spawns an xterm session. Also, at runtime, the compiler also executes this code. This is an illusory example to show some potential dangers of plugins. Never run this plugin in an unsafe environment. Make sure you know what you are doing, or just modify the system call command to do something less security violating :-) jpanic -- Inserts junk instructions (no-ops) and functions throughout a program. munger -- Encodes readonly strings at compile time, rendering encoded data, and not the original text, if one were to do a hexdump of the binary. The data is decoded at runtime. nopper -- Example plugin which is well commented and inserts no-ops throughout the program. slimer -- Inserts junk functions and calls them non-deterministically at runtime. gdbinit -- This file is to be renamed to '.gdbinit' and placed into the directory where gdb is being executed from. This is merely to ease debugging. == Install == There is no install. So I was doing the autotools deal, but figured that was really just overkill. If you are using these plugins, chances are you know to use gcc, and chances are you have gcc. Just make sure you have a plugin enabled gcc build: `gcc -v | grep "--enable-plugin"` To build things, simply run `make` from the directory of the plugin you want to build. The resulting '.so' file is the plugin, enjoy its deliciousness. == Contact == Matt Davis (enferex) [email protected]
About
GCC Obfuscation Augmentation Tools
Resources
Stars
Watchers
Forks
Packages 0
No packages published