iOS OLLVM from compilation to application
Needless to say here, OLLVM is used to confuse code during compilation, including string obfuscation and control flow obfuscation. This makes it impossible to clarify the instruction execution logic smoothly when decompiling static analysis, which greatly increases the static analysis of APP, thereby protecting the APP.
Hikari
We use the open source project Hikari, GitHub
supports:
1. Enabling pseudo control flow
2. Control flow flattening
3. Basic block segmentation
4. Instruction replacement
5. Anti-class-dump
6. Relative jump based on registers. With other reinforcements, it can be completely Destroy the pseudocode of IDA/Hopper (commonly known as F5)
7, string encryption
8, function encapsulation,
etc., without further ado, let's go directly to the topic.
1. Environment configuration
1.1 Install CMAKE
Since it is compiled from source code, cmake needs to be installed.
Official website download address: https://cmake.org/download/
Find a suitable version to download, my version is
cmake --version
cmake version 3.10.2
Installation, Configuration:
Select from the menu bar: Tools—How to Install For Command Line Use
cmake --version
Test whether the installation is complete.
1.2 Install SWIG
Go to the official website to download SWIG , I use version 3.0.12.
After the download is complete, unzip and enter swig-3.0.12
./configure
make
sudo make install
Test whether the installation is complete
swig -version
1.3 Install Z3
brew install z3
2. Download Hikari
I am using the latest version of the source code. Because there are other GitHub references in the Release , you need to download it yourself and put it in the specified location: 1. Put the Header in /include/llvm/Transforms/Obfuscation. 2. Put Core in /lib/Transforms/Obfuscation.
3. Compile
mkdir Build
cd Build
cmake -G "Ninja" -DCMAKE_BUILD_TYPE=MinSizeRel -DLLVM_APPEND_VC_REV=on ../Hikari
ninja
Demining first:
1. When executing cmake -G “Ninja” -DCMAKE_BUILD_…, there are usually missing things. Download the corresponding files and place them in the specified directory as mentioned above, and basically compile through.
2. When executing ninja, when compiling the iOS specific environment, two errors will be reported:
invalid application of 'sizeof' to an incomplete type 'struct stat64'
invalid application of 'sizeof' to an incomplete type 'struct statfs64'
At this time, To find the error file projects/compiler-rt/lib/sanitizer_common/sanitizer_platform_limits_posix.cc, open the file and change the corresponding:
struct stat64 to struct stat
truct statfs64 to truct statfs
3. When executing ninja, fatal error: lipo: / Build/lib/libclang_rt.builtins_arm64_ios.a and /Build/lib/libclang_rt.builtins_arm64_iossim.a have the same architectures (arm64) and can't be in the same fat output file
The arm64 architecture of the M1 chip also exists during compilation, so we directly modify build.ninja, find the corresponding lipo -output command, and remove the arm64 architecture of the M1 chip to merge.
-arch arm64 /Volumes/IosWorkSpace/OLLVM/Hikari/Build/lib/libclang_rt.builtins_arm64_iossim.a
compile continues
ninja install
git clone https://github.com/HikariObfuscator/Resources.git ~/Hikari
Continue to mine
file cannot create directory: /usr/local/libexec. Maybe need
This is because the specified installation path does not have permission, and the following parameters of the Makefile need to be modified
将:
"/usr/local/libexec"
修改为:
"$(ROMFS)/usr/local/libexec"