Obfusheader.h is a header-only library for C++14 and above, offering features like compile-time obfuscation using metaprogramming (string & decimal encryption, control flow, call hiding). It is self-contained, compatible with Windows and Unix, and supports g++, gcc, and Visual C++ compilers on various CPU architectures. This header simplifies adding basic protection to sensitive data in your binaries and supports g++ compilation arguments (-O3, Os, -fPIC, etc).
Unlike Windows x86_64 with VMProtect, Themida and other tools, on some platforms there's no good ways to protect your binaries, for example Arm64 / Arm32 android or linux ones. Because of that developing native ARM software (for example gaming mods) becomes a big problem - your product can be easily cracked by anyone. This gave me inspiration to create a handmade compile-time obfuscation using C++ macros, templates and constant expressions to provide basic protection measures for any platform, including android and Arm linux.
Sample crackme with & without obfusheader.h
- Fully compile-time contant encryption (any types, including strings, decimals & chars) with two modes - threadlocal & normal and random key generation in compile-time)
- Call hiding (using compile-time function pointer array shuffling)
- Imports hiding (cross-platform via GetProcAddress on windows & dlsym on linux) with import name encryption
- if/else/while/for/switch compiletime branching mutation (inline control flow, branch redefinition)
- Purely compile-time random providers based on macro constants (__TIME__, __LINE__, __COUNTER__)
- Completely break decompiler such as IDA pro using unusual inline ASM blocks & indirect branching
- Watermarking & leaving fun messages for crackers in your binaries which will appear in decompiler and stack trace
- Fake signatures to trick DIE (Detect-It-Easy) and other detectors into thinking the binary is protected via VMProtect, Themida & other popular protectors
- Fully inline internal implementation of common C methods such as strcmp, memcmp, strcmp, etc to avoid hooking & make reversing harder
You can change them in the start of obfusheader.h. This will affect how the obfuscation works in different ways.
#pragma region CONFIG
// C++ only features
#define CONST_ENCRYPTION 1
#define CONST_ENCRYPT_MODE NORMAL // NORMAL & THREADLOCAL
#define CFLOW_CONST_DECRYPTION 1
// C & C++ features
#define CFLOW_BRANCHING 0
#define INDIRECT_BRANCHING 0
#define FAKE_SIGNATURES 0
#define INLINE_STD 1
#define KERNEL_MODE 0
#pragma endregion CONFIGYou can encrypt strings and any xor-able decimals easily. The macro is universal - it accepts any supported type as an argument.
printf("char*: %s\n"
"int (dec): %d\n"
"long long: %llu\n"
"int (hex): 0x%x\n"
"boolean: %d\n",
OBF("test"), OBF(123),
OBF(9223372036854775807),
OBF(0x123), OBF(true));The logic of the program won't be affected and the original values will be restored during runtime and never present in the binary.
// Not safe, since the string might get deallocated upon compiling with optimizations
const char* str = OBF("test");
printf("1: %s\n", str);
// Safe, since the string is passed directly inside the method and stack memory has 0 chances to get deallocated
printf("2: %s\n", OBF("test"));
// Safe, since we create the encrypted storager and decrypt the string only when required
auto obf = MAKEOBF("test");
printf("3: %s\n", (char*)obf);
The logic isn't affected - the data is decrypted in runtime
You can leave messages and ASCII arts in your binary which will not affect execution, but will be displayed in IDA/GHIDRA decompilers. To do that use the WATERMARK macro. Inspired by REpsych and some java obfuscators which also do that.
WATERMARK(" ",
" 00 00 ",
" 00000 0000 ",
" 0 000 0000 0 ",
" 000 000 0000 0 0 ",
" 00 0000 000000 000 00 ",
" 0000000 000 0 000 0 00 00 0 00 ",
" 0 0 0 0 0 00 00000000 000 000000 ",
" 0 0 0 0 0 00 00 00 0 00 0 0 0 0 ",
" 0 0 0 0 0 0 00 000 0 000 0 0 0 ",
" 0 0 0 0 0 0 0 00000 000 0 0 0 0 0000 ",
" 0 0 0 0 0 000 0 0 0 0 ",
" 0 0 0 0 0000000 0 0 0 ",
" 0 00000000 000000 0 0 ",
" 0 00000000000 0 00 ",
" 0 0 0 000 0 0 0 0 ",
" 00000000 ",
" 000000000 ",
" 000000000 ",
" 000 ",
" ");
Watermarking in different RE tools
Obfusheader allows you to hide calls to any internal methods by generating randomly shuffled function pointer arrays in compiletime and obfuscating the origin index.
CALL(&printf, "Very secure call\n");
Call hiding demo
You can hide any calls exported from external libraries on both linux and windows. (I will port to PEB walking soon enough, stay tuned)
if (CALL_EXPORT("kernel32.dll", "LoadLibraryA", int(*)(const char*), "user32.dll"))
CALL_EXPORT("user32.dll", "MessageBoxA", int(*)(int, const char*, const char*, int), 0, "Real", "Msgbox", 0);
Import hiding demo
Obfusheader uses a few unique macroses which can be used in your programs. RND(min, max) can be used to generate random decimals in compiletime.
printf("Some random value: %d\n", RND(0, 10));INLINE can be used to forcefully inline any method.
INLINE void do_something() {
// the method will be fully inlined on any compiler
}Also obfusheader reimplements most common C methods fully inlined, including: strcpy, strlen, strncat, strcmp, strncmp, strstr. You can use those methods to achieve more secure operations and prevent reversers from hooking their standard implementations.
if (inline_strcmp(password, correctPassword) == OBF(0)) {
printf(OBF("Congratulations! You have successfully cracked the program. \n"));
} else {
printf(OBF("Sorry, the password is incorrect. Try again!\n"));
}Special thanks to these people: DosX-dev, RandomPerson7 for suggestions & great ideas! Your help is greatly appreciated