News:

MASM32 SDK Description, downloads and other helpful links
MASM32.com New Forum Link
masmforum WebSite

x86 source code obfuscator

Started by bw, March 09, 2006, 09:38:16 PM

Previous topic - Next topic
Print
Go Down Pages1
User actions

bw

March 09, 2006, 09:38:16 PM
Hi,

I've just released my x86 source code obfuscator. It's not perfect and it supports only MASM syntax, but I've used it many times to obfuscate my commercial products in win32asm and i can tell you it really works.

You can get more information at (what's supported and what's not supported) http://www.pelock.com/page.php?p=obfuscator

Online demo http://www.pelock.com/obfuscator/

GUI Backend http://www.pelock.com/download.php?f=obfuscator10.zip

Activation code (all options enabled) for masmforum users with 100 credits (if someone will use it it won't be 100  ::) ):
BA0B-C08A-2F25-4858

You can reach me via http://www.pelock.com/page.php?p=contact

Bartosz Wójcik

evlncrn8

#1
March 09, 2006, 11:30:13 PM
hmmm

i got 'DATA ERROR' on 9 of the 10 asm files (which i wrote myself) that i tried it on, on the one that
it did work on, it turned the code into garbage, which i guess is fine, but whats the point in puting in
opcodes into the code for the likes of a jmp etc.. considering the obfuscation is PRE compile, thus you
could probably just as easily put in the equivalent code (jmp blah) etc..

and it looks more like advertising than a realistic 'project post'... but thats for the mods to decide

Oh, and it also completely messes things up with trying on x64 asm, it doesnt recognise the push r10
etc commands and completely trashes things

[from your site]
Obfuscator features:

    <snip>

    * obfuscated code is slower than the original code

[...]

thats hardly a feature now is it?

-------------

[using the demo on your site.. with hide win32 api enabled]

m3f:
   call   ExitProcess

-------------------

hidden?

PBrennick

#2
March 09, 2006, 11:39:56 PM
bw,
I don't think you should be using this site for advertisement purposes.  There will never be much of a market for it.  All we have to do is compress the executable and 99% of the curious are stopped.

Paul
The GeneSys Project is available from:
The Repository or My crappy website

bw

#3
March 10, 2006, 09:28:45 AM
As you said there will never be much marker for it, so where else could i write about it, i think it's the right place.

evlncrn8 in demo mode only "change code execution flow" options is working (if you want to use all options, use this activation code i gave to you). And yes it can't handle 64 asm. About that "DATA ERROR", did your sources included procedures or just pure main: code?

Bartosz Wójcik

evlncrn8

#4
March 10, 2006, 12:13:15 PM
yep, all my sources were procs, some using nested code, some not, the file was 1.34mb of source code, it seemed to be processing for a while, then stopped and did the data error message, masm compiles it fine however, even after i have obfuscicated it with a python script i wrote... as for hiding calls, you can also convert calls to jmps with some stack manipulation and/or even converting it into a call register / using jump tables / call tables

Mark Jones

#5
March 10, 2006, 06:43:42 PM
Bartosz, I tried your GUI version. I opened it up and pressed the Obfuscate! button, and it locked up. AMD XP 2500/XP SP2. I had to end its task.

Looks like a little more work is needed. Neat idea, though. Good luck.
"To deny our impulses... foolish; to revel in them, chaos." MCJ 2003.08

asmrixstar

#6
May 03, 2006, 05:12:48 PM
i think the main problem for this project is there is no market for it.
Most asm coder understand delta-code,obfuscator,etc or at least intend to learn it. Its why we picked asm.....

D1N

#7
November 25, 2006, 09:31:03 AM
This is my first post here on the MASM forums - All I have to say about Obfuscated code especially asm is why? The code is hard enough to understand without obfuscating it. That was a joke but seriously why dont you make it open source so people can learn from it and mabye contribute to your project thats what this thread is for right?

ToutEnMasm

#8
November 25, 2006, 03:27:01 PM

Funny,the demo is enough  :bdg .But I don't see at what he can be usefull ?.
                        ToutEnMasm

ecube

#9
December 24, 2006, 12:05:34 AM
I've tested your application on many sources and everytime it obfuscated them into not working :) I like the idea though, and I think your program can be really good just needs some more work. I'm writing something similar for my commerical PE protector.

TomRiddle

#10
January 31, 2007, 01:14:04 AM
QuoteAbout that "DATA ERROR", did your sources included procedures or just pure main: code?

What language is the program written in?  I could guess, but that isn't much fun :P

PBrennick

#11
February 28, 2007, 04:22:50 PM
He probably can't remember and it is obfuscated...  :bdg

Paul
The GeneSys Project is available from:
The Repository or My crappy website

Retsim_X

#12
June 12, 2007, 04:07:48 AM
this is all well and good... but what would make it improved is a few antidebug techniques and a little proggy that changes the virtual size of all the sections to FFFFFFFFh.... which makes the exe take hours to load in olly... simple but effective

Print
Go Up Pages1
User actions