├── src └── main.cpp ├── .gitignore ├── LICENSE ├── README.md └── include └── brkida.hpp /src/main.cpp: -------------------------------------------------------------------------------- 1 | #include 2 | #include "brkida.hpp" 3 | 4 | int main() { 5 | BRKIDA; // define this at the start of every function you want to break 6 | 7 | printf("Hello!\n"); 8 | 9 | return 0; 10 | } 11 | -------------------------------------------------------------------------------- /.gitignore: -------------------------------------------------------------------------------- 1 | # Prerequisites 2 | *.d 3 | 4 | # Compiled Object files 5 | *.slo 6 | *.lo 7 | *.o 8 | *.obj 9 | 10 | # Precompiled Headers 11 | *.gch 12 | *.pch 13 | 14 | # Compiled Dynamic libraries 15 | *.so 16 | *.dylib 17 | *.dll 18 | 19 | # Fortran module files 20 | *.mod 21 | *.smod 22 | 23 | # Compiled Static libraries 24 | *.lai 25 | *.la 26 | *.a 27 | *.lib 28 | 29 | # Executables 30 | *.exe 31 | *.out 32 | *.app 33 | -------------------------------------------------------------------------------- /LICENSE: -------------------------------------------------------------------------------- 1 | MIT License 2 | 3 | Copyright (c) 2024 Android1337 4 | 5 | Permission is hereby granted, free of charge, to any person obtaining a copy 6 | of this software and associated documentation files (the "Software"), to deal 7 | in the Software without restriction, including without limitation the rights 8 | to use, copy, modify, merge, publish, distribute, sublicense, and/or sell 9 | copies of the Software, and to permit persons to whom the Software is 10 | furnished to do so, subject to the following conditions: 11 | 12 | The above copyright notice and this permission notice shall be included in all 13 | copies or substantial portions of the Software. 14 | 15 | THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR 16 | IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, 17 | FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE 18 | AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER 19 | LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, 20 | OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE 21 | SOFTWARE. 22 | -------------------------------------------------------------------------------- /README.md: -------------------------------------------------------------------------------- 1 | # brkida | C++ macro for x64 programs that breaks ida hex-rays decompiler tool. 2 | 3 | ## Description 4 | This repository provides a one-header project that can easily prevent IDA decompiler tool to decompile the functions of any program by throwing a decompilation failure.\ 5 | Users can easily protect their functions using the `BRKIDA` macro provided in the header.\ 6 | The repository includes an example demonstrating the usage of `BRKIDA`.\ 7 | Currently only supports MSVC and x64. 8 | 9 | ## Key Aspects 10 | - The stub is generated at compile-time by using a random ptr formed by 4 random bytes, each based on an hash that's based on the date, time and a counter which increases every time a function is protected. 11 | - Supports C++14 and higher versions. 12 | 13 | ## What it actually does 14 | This project exploits the fact that IDA decompiler fails when it encounters a stack access on a pointer that's too big.\ 15 | ASM: 16 | ```asm 17 | jmp useless ; jump 8 byte after to skip the next instruction (E8 08) 18 | mov [rsp + BIGINT_HERE], rcx ; this will never be executed or we would crash too (48 89 8C 24 DE AD BE EF) 19 | useless: 20 | ret ; C3 21 | ``` 22 | 23 | ## How it shows 24 | ![IDA Decompilation Failure](https://i.imgur.com/ctg9Zxv.png)\ 25 | 26 | ## Repository Structure 27 | - **`include/`**: Contains the `brkida.hpp` header file. 28 | - **`src/`**: Holds the example `main.cpp` file showcasing the usage of `BRKIDA`. 29 | - **`LICENSE`**: Licensing information for the provided code. 30 | - **`README.md`**: Documentation explaining how to use everything. 31 | 32 | ## Usage Example 33 | The repository includes an example demonstrating the usage of the `BRKIDA` macro: 34 | 35 | ### `main.cpp` 36 | ```cpp 37 | #include 38 | #include "brkida.hpp" 39 | 40 | int main() { 41 | BRKIDA; // define this at the start of every function you want to break 42 | 43 | printf("Hello!\n"); 44 | 45 | return 0; 46 | } 47 | ``` 48 | -------------------------------------------------------------------------------- /include/brkida.hpp: -------------------------------------------------------------------------------- 1 | /* 2 | * MIT License https://github.com/Android1337/brkida/blob/main/LICENSE 3 | * 4 | * Copyright (c) 2024 Android1337 5 | * 6 | * Permission is hereby granted, free of charge, to any person obtaining a copy 7 | * of this software and associated documentation files (the "Software"), to deal 8 | * in the Software without restriction, including without limitation the rights 9 | * to use, copy, modify, merge, publish, distribute, sublicense, and/or sell 10 | * copies of the Software, and to permit persons to whom the Software is 11 | * furnished to do so, subject to the following conditions: 12 | * 13 | * The above copyright notice and this permission notice shall be included in all 14 | * copies or substantial portions of the Software. 15 | * 16 | * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR 17 | * IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, 18 | * FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE 19 | * AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER 20 | * LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, 21 | * OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE 22 | * SOFTWARE. 23 | */ 24 | 25 | #ifndef BRKIDA_HPP 26 | #define BRKIDA_HPP 27 | 28 | #if _MSC_VER && _WIN64 == 1 // only implemented for MSVC and x64 for now 29 | #include // __AddressOfReturnAddress 30 | 31 | // very simple compile-time hash algorithm for binary randomness 32 | unsigned constexpr long long const_hash(const char* input) { 33 | return *input ? static_cast(*input) + 33 * const_hash(input + 1) : 5381; 34 | } 35 | 36 | /* 37 | * stub proc 38 | * jmp useless ; E8 08 39 | * mov [rsp + BIGINT_HERE], rcx; this will never be executed (48 89 8C 24 DE AD BE EF) 40 | * useless: 41 | * ret ; C3 42 | * stub endp 43 | */ 44 | 45 | #define BRKIDA \ 46 | { \ 47 | constexpr unsigned __int8 stub[] = { \ 48 | 0xEB, 0x08, /* jmp 0x8 */ \ 49 | 0x48, 0x89, 0x8C, 0x24, /* mov [rsp + ????????], rcx */ \ 50 | unsigned __int8((const_hash(__DATE__ __TIME__) + __COUNTER__ * __COUNTER__) % 0xFF /* mod of max uint8_t */), \ 51 | unsigned __int8((const_hash(__DATE__ __TIME__) + __COUNTER__ * __COUNTER__) % 0xFF /* mod of max uint8_t */), \ 52 | unsigned __int8((const_hash(__DATE__ __TIME__) + __COUNTER__ * __COUNTER__) % 0xFF /* mod of max uint8_t */), \ 53 | unsigned __int8((const_hash(__DATE__ __TIME__) + __COUNTER__ * __COUNTER__) % 0xFF /* mod of max uint8_t */), \ 54 | 0xC3 /* ret */ \ 55 | }; \ 56 | \ 57 | /* we don't want to execute the stub because we don't even change the protection to executable so it would crash */ \ 58 | if (!_AddressOfReturnAddress()) { \ 59 | ((void(*)())uintptr_t(stub))(); \ 60 | ((void(*)())uintptr_t(0x0))(); /* a call to 0x0 sometimes breaks ida decompiler too */ \ 61 | } \ 62 | } 63 | #else 64 | #define BRKIDA 65 | #error("BRKIDA is currently only supported on MSVC x64") 66 | #endif 67 | 68 | #endif // include guard 69 | --------------------------------------------------------------------------------