├── .github
    └── front.png
├── bin
    ├── test_objc_arm64.macho
    ├── mbedtls_self_test.arm64.elf
    ├── mbedtls_self_test.arm64.macho
    └── mbedtls_self_test.nostrip.arm64.elf
├── transformed
    ├── 01-symbols
    │   ├── 01-mbedtls_self_test.arm64.elf
    │   ├── 02-mbedtls_self_test.arm64.elf
    │   ├── 03-mbedtls_self_test.arm64.elf
    │   └── 04-mbedtls_self_test.arm64.elf
    ├── 02-sections
    │   ├── test_objc_arm64_shifted.macho
    │   └── swapped_mbedtls_self_test.arm64.elf
    ├── 03-misc
    │   ├── dynsym-mbedtls_self_test.arm64.elf
    │   └── fstarts_mbedtls_self_test.arm64.macho
    └── 00-unwind-eh_frame
    │   ├── eh-frame_mbedtls_self_test.arm64.elf
    │   └── unwind_mbedtls_self_test.arm64.macho
├── README.md
└── scripts
    ├── 00-unwind-eh_frame
        ├── 01-macho-unwind.py
        └── 02-elf-eh_frame.py
    ├── 03-misc
        ├── 01-elf-dynsym.py
        └── 02-macho-LC_FUNCTION_STARTS.py
    ├── 02-sections
        ├── 01-macho-section.py
        └── 02-elf-sections-swap.py
    └── 01-symbols
        ├── 01-exports-elf.py
        ├── 02-exports-name-elf.py
        ├── 03-exports-name-elf.py
        └── 04-exports-name-unaligned-elf.py


/.github/front.png:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/romainthomas/the-poor-mans-obfuscator/HEAD/.github/front.png


--------------------------------------------------------------------------------
/bin/test_objc_arm64.macho:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/romainthomas/the-poor-mans-obfuscator/HEAD/bin/test_objc_arm64.macho


--------------------------------------------------------------------------------
/bin/mbedtls_self_test.arm64.elf:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/romainthomas/the-poor-mans-obfuscator/HEAD/bin/mbedtls_self_test.arm64.elf


--------------------------------------------------------------------------------
/bin/mbedtls_self_test.arm64.macho:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/romainthomas/the-poor-mans-obfuscator/HEAD/bin/mbedtls_self_test.arm64.macho


--------------------------------------------------------------------------------
/bin/mbedtls_self_test.nostrip.arm64.elf:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/romainthomas/the-poor-mans-obfuscator/HEAD/bin/mbedtls_self_test.nostrip.arm64.elf


--------------------------------------------------------------------------------
/transformed/01-symbols/01-mbedtls_self_test.arm64.elf:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/romainthomas/the-poor-mans-obfuscator/HEAD/transformed/01-symbols/01-mbedtls_self_test.arm64.elf


--------------------------------------------------------------------------------
/transformed/01-symbols/02-mbedtls_self_test.arm64.elf:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/romainthomas/the-poor-mans-obfuscator/HEAD/transformed/01-symbols/02-mbedtls_self_test.arm64.elf


--------------------------------------------------------------------------------
/transformed/01-symbols/03-mbedtls_self_test.arm64.elf:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/romainthomas/the-poor-mans-obfuscator/HEAD/transformed/01-symbols/03-mbedtls_self_test.arm64.elf


--------------------------------------------------------------------------------
/transformed/01-symbols/04-mbedtls_self_test.arm64.elf:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/romainthomas/the-poor-mans-obfuscator/HEAD/transformed/01-symbols/04-mbedtls_self_test.arm64.elf


--------------------------------------------------------------------------------
/transformed/02-sections/test_objc_arm64_shifted.macho:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/romainthomas/the-poor-mans-obfuscator/HEAD/transformed/02-sections/test_objc_arm64_shifted.macho


--------------------------------------------------------------------------------
/transformed/03-misc/dynsym-mbedtls_self_test.arm64.elf:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/romainthomas/the-poor-mans-obfuscator/HEAD/transformed/03-misc/dynsym-mbedtls_self_test.arm64.elf


--------------------------------------------------------------------------------
/transformed/03-misc/fstarts_mbedtls_self_test.arm64.macho:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/romainthomas/the-poor-mans-obfuscator/HEAD/transformed/03-misc/fstarts_mbedtls_self_test.arm64.macho


--------------------------------------------------------------------------------
/transformed/02-sections/swapped_mbedtls_self_test.arm64.elf:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/romainthomas/the-poor-mans-obfuscator/HEAD/transformed/02-sections/swapped_mbedtls_self_test.arm64.elf


--------------------------------------------------------------------------------
/transformed/00-unwind-eh_frame/eh-frame_mbedtls_self_test.arm64.elf:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/romainthomas/the-poor-mans-obfuscator/HEAD/transformed/00-unwind-eh_frame/eh-frame_mbedtls_self_test.arm64.elf


--------------------------------------------------------------------------------
/transformed/00-unwind-eh_frame/unwind_mbedtls_self_test.arm64.macho:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/romainthomas/the-poor-mans-obfuscator/HEAD/transformed/00-unwind-eh_frame/unwind_mbedtls_self_test.arm64.macho


--------------------------------------------------------------------------------
/README.md:
--------------------------------------------------------------------------------
1 | <p align="center">
2 |   <br /> <br />
3 |   <a href="https://www.romainthomas.fr/publication/22-pst-the-poor-mans-obfuscator/">
4 |   <img src=".github/front.png" alt="The Poor Man's Obfuscator">
5 |   </a>
6 | </p>
7 | 
8 | 


--------------------------------------------------------------------------------
/scripts/00-unwind-eh_frame/01-macho-unwind.py:
--------------------------------------------------------------------------------
 1 | #!/usr/bin/env python3
 2 | import lief
 3 | import random
 4 | 
 5 | target = lief.parse("mbedtls_self_test.arm64.macho")
 6 | 
 7 | section = target.get_section("__unwind_info")
 8 | content = list(section.content)
 9 | random.shuffle(content)
10 | section.content = content
11 | 
12 | target.write("unwind_mbedtls_self_test.arm64.macho")
13 | 


--------------------------------------------------------------------------------
/scripts/03-misc/01-elf-dynsym.py:
--------------------------------------------------------------------------------
 1 | import lief
 2 | import random
 3 | 
 4 | target: lief.ELF.Binary = lief.parse("mbedtls_self_test.arm64.elf")
 5 | 
 6 | dynsym = target.get_section(".dynsym").as_frame()
 7 | 
 8 | sizeof = dynsym.entry_size
 9 | osize = dynsym.size
10 | nsyms = osize / sizeof
11 | dynsym.size = sizeof * min(3, nsyms)
12 | 
13 | target.write("dynsym-mbedtls_self_test.arm64.elf")
14 | 


--------------------------------------------------------------------------------
/scripts/02-sections/01-macho-section.py:
--------------------------------------------------------------------------------
 1 | import lief
 2 | 
 3 | target = lief.parse("test_objc_arm64.macho")
 4 | 
 5 | __text  = target.get_section("__text")
 6 | __stubs = target.get_section("__stubs")
 7 | 
 8 | SHIFT = 0x100
 9 | 
10 | __text.size             -= SHIFT
11 | __stubs.offset          -= SHIFT
12 | __stubs.virtual_address -= SHIFT
13 | __stubs.size            += SHIFT
14 | 
15 | target.write("test_objc_arm64_shifted.macho")
16 | 


--------------------------------------------------------------------------------
/scripts/00-unwind-eh_frame/02-elf-eh_frame.py:
--------------------------------------------------------------------------------
 1 | #!/usr/bin/env python3
 2 | import lief
 3 | import random
 4 | 
 5 | target = lief.parse("mbedtls_self_test.arm64.elf")
 6 | for sname in [".eh_frame", ".eh_frame_hdr"]:
 7 |     section = target.get_section(sname)
 8 |     if section is None:
 9 |         continue
10 |     content = list(section.content)
11 |     random.shuffle(content)
12 |     section.content = content
13 | 
14 | target.write("eh-frame_mbedtls_self_test.arm64.elf")
15 | 


--------------------------------------------------------------------------------
/scripts/01-symbols/01-exports-elf.py:
--------------------------------------------------------------------------------
 1 | #!/usr/bin/env python3
 2 | """
 3 | This script creates exports with random names.
 4 | """
 5 | 
 6 | import lief
 7 | import random
 8 | import string
 9 | target: lief.ELF.Binary = lief.parse("mbedtls_self_test.arm64.elf")
10 | 
11 | for idx, function in enumerate(target.functions):
12 |     name = "".join(random.choice(string.ascii_letters) for i in range(20))
13 |     target.add_exported_function(function.address, name)
14 | 
15 | target.write("01-mbedtls_self_test.arm64.elf")
16 | 


--------------------------------------------------------------------------------
/scripts/03-misc/02-macho-LC_FUNCTION_STARTS.py:
--------------------------------------------------------------------------------
 1 | #!/usr/bin/env python3
 2 | import lief
 3 | import random
 4 | 
 5 | bin = lief.parse("./mbedtls_self_test.arm64.macho")
 6 | LC_FUNCTION_STARTS = bin[lief.MachO.LOAD_COMMAND_TYPES.FUNCTION_STARTS]
 7 | 
 8 | functions = [f for f in LC_FUNCTION_STARTS.functions]
 9 | 
10 | for idx, f in enumerate(functions):
11 |     if idx % 2 == 0:
12 |         functions[idx] += 4 * 7
13 |     else:
14 |         functions[idx] -= 4 * 7
15 | 
16 | bin.write("./fstarts_mbedtls_self_test.arm64.macho")
17 | 
18 | 
19 | 
20 | 


--------------------------------------------------------------------------------
/scripts/01-symbols/02-exports-name-elf.py:
--------------------------------------------------------------------------------
 1 | #!/usr/bin/env python3
 2 | """
 3 | This script creates exports with names taken from the
 4 | unstripped version of the mbedtls binary
 5 | """
 6 | 
 7 | import lief
 8 | import random
 9 | 
10 | target: lief.ELF.Binary = lief.parse("mbedtls_self_test.arm64.elf")
11 | non_striped = lief.parse("mbedtls_self_test.nostrip.arm64.elf")
12 | 
13 | SYMBOLS = [s.name for s in non_striped.symbols if s.name.startswith("mbedtls_")]
14 | 
15 | for idx, function in enumerate(target.functions):
16 |     if len(SYMBOLS) == 0:
17 |         break
18 | 
19 |     sym = random.choice(SYMBOLS)
20 |     SYMBOLS.remove(sym)
21 |     target.add_exported_function(function.address, sym)
22 | 
23 | target.write("02-mbedtls_self_test.arm64.elf")
24 | 


--------------------------------------------------------------------------------
/scripts/01-symbols/03-exports-name-elf.py:
--------------------------------------------------------------------------------
 1 | #!/usr/bin/env python3
 2 | """
 3 | This script creates exports with names taken from the libc.so
 4 | """
 5 | import lief
 6 | import random
 7 | 
 8 | target: lief.ELF.Binary = lief.parse("mbedtls_self_test.arm64.elf")
 9 | libc = lief.parse("<ANDROID_HOME>/sdk/ndk/24.0.8215888/toolchains/llvm/prebuilt/linux-x86_64/sysroot/usr/lib/aarch64-linux-android/23/libc.so")
10 | 
11 | libc_symbols = {s.name for s in libc.exported_symbols}
12 | libc_symbols -= {s.name for s in target.imported_symbols}
13 | libc_symbols = list(libc_symbols)
14 | 
15 | 
16 | for idx, function in enumerate(target.functions):
17 |     if len(libc_symbols) == 0:
18 |         break
19 | 
20 |     sym = random.choice(libc_symbols)
21 |     libc_symbols.remove(sym)
22 | 
23 |     export = target.add_exported_function(function.address, sym)
24 | 
25 |     export.binding    = lief.ELF.SYMBOL_BINDINGS.GNU_UNIQUE
26 |     export.visibility = lief.ELF.SYMBOL_VISIBILITY.INTERNAL
27 | 
28 | target.write("03-mbedtls_self_test.arm64.elf")
29 | 


--------------------------------------------------------------------------------
/scripts/02-sections/02-elf-sections-swap.py:
--------------------------------------------------------------------------------
 1 | import lief
 2 | SWAP_LIST = [
 3 |     (".rela.dyn", ".data.rel.ro"),
 4 |     (".got",      ".got.plt"),
 5 |     #(".got",      ".data"),
 6 |     (".plt",      ".text"),
 7 |     (".dynsym",   ".gnu.version"),
 8 | 
 9 |     #(".preinit_array", ".bss"),
10 | ]
11 | 
12 | target = lief.parse("mbedtls_self_test.arm64.elf")
13 | 
14 | for (lhs_name, rhs_name) in SWAP_LIST:
15 |     print(lhs_name, rhs_name)
16 |     lhs = target.get_section(lhs_name).as_frame()
17 |     rhs = target.get_section(rhs_name).as_frame()
18 |     tmp = lhs.offset, lhs.size, lhs.name, lhs.type, lhs.virtual_address
19 | 
20 |     lhs.offset          = rhs.offset
21 |     lhs.size            = rhs.size
22 |     lhs.name            = rhs.name
23 |     lhs.type            = rhs.type
24 |     lhs.virtual_address = rhs.virtual_address
25 | 
26 |     rhs.offset          = tmp[0]
27 |     rhs.size            = tmp[1]
28 |     rhs.name            = tmp[2]
29 |     rhs.type            = tmp[3]
30 |     rhs.virtual_address = tmp[4]
31 | 
32 | target.write("swapped_mbedtls_self_test.arm64.elf")
33 | 


--------------------------------------------------------------------------------
/scripts/01-symbols/04-exports-name-unaligned-elf.py:
--------------------------------------------------------------------------------
 1 | #!/usr/bin/env python3
 2 | """
 3 | This scripts creates exports with names taken from the libc and
 4 | and addresses not aligned with the beginning of a function.
 5 | """
 6 | import lief
 7 | import random
 8 | 
 9 | target: lief.ELF.Binary = lief.parse("mbedtls_self_test.arm64.elf")
10 | libc = lief.parse("<ANDROID_HOME>/sdk/ndk/24.0.8215888/toolchains/llvm/prebuilt/linux-x86_64/sysroot/usr/lib/aarch64-linux-android/23/libc.so")
11 | 
12 | libc_symbols = {s.name for s in libc.exported_symbols}
13 | libc_symbols -= {s.name for s in target.imported_symbols}
14 | libc_symbols = list(libc_symbols)
15 | 
16 | 
17 | for idx, function in enumerate(target.functions):
18 |     if len(libc_symbols) == 0:
19 |         break
20 | 
21 |     sym = random.choice(libc_symbols)
22 |     libc_symbols.remove(sym)
23 | 
24 |     address = function.address
25 |     address += random.randint(16, 32)
26 |     address -= address % 4
27 | 
28 |     export = target.add_exported_function(address, sym)
29 | 
30 |     export.binding    = lief.ELF.SYMBOL_BINDINGS.GNU_UNIQUE
31 |     export.visibility = lief.ELF.SYMBOL_VISIBILITY.INTERNAL
32 | 
33 | target.write("04-mbedtls_self_test.arm64.elf")
34 | 


--------------------------------------------------------------------------------