hikariobfuscator / hikari Goto Github PK

LLVM Obfuscator

obfuscator llvm security compiler obfuscator-llvm

hikari's Introduction

Deprecated

As a toy project, Hikari had way too many design issues that makes it irrelavant in modern binary protection.
You really shouldn't be using it anymore, instead, switch to a commercially supported implementation. If you absolutely must use Hikari, switch to a actively maintained fork like NeHyci/Hikari-LLVM15 where I occasionally show up and provide some insights / hints/ help.

I also occasionally analyze existing open-source/commericial LLVM obfuscators in a professional setup, for analysis reports that are not restricted by an NDA, you can see a stripped down version of my reports here

Hikari

English Documentation
Hikari(Light in Japanese, name stolen from the Nintendo Switch game Xenoblade Chronicles 2) is Naville's 2017 Christmas Toy Project.

New features are not expected to be open-sourced and instead the focus would be compatibility with future LLVM versions and Xcode versions.

License

Please refer to License.

Note that this linked version of license text overrides any artifact left in source code

Building

See Compile & Install

Security

All releases prior to and including LLVM8 are signed using this PGP Key from Naville . Verifiable on his Keybase.

Demo

This only demonstrates a limited part of Hikari's capabilities. Download the complete demo and analyze yourself, link in the documentation

hikari's People

Contributors

Stargazers

Watchers

Forkers

piaoyunsoft acorld melbshark opbye wxywang89 xelzmm hling110 xtxwy crackercat debugpro orziruo ruochen1989 killvxk heitanbc xilet fwing1987 inforose sniper-yj ch4r04 zhguo jackyvan xuaninitial 0x0078 kasumar zjnixiang yanglq1001 liangguoqiang vendanner updata7 havonz linhere20 sweartogod luckycoder-git laizhenhai88 parkerpeng kozoro geor9elau zysyyz feng520ckx nicolastinkl dumdumgum liudaox sabrinaanaa nightoftwelve machunxiao xushao1990 tmfuny mrchens kevin-richael mystersu gocse cjackyang inascf ieswxia darkedgegit zhanglang001 pterx johnwins mainstayz zhuzeyu22 wynney nexthacker tututu-patch whb224117 nansongcheng meekseekgeek mayl8822 juntianzi dothanthitiendiettiende iceblacktea exorxw lgq2015 gesantung journeyyoung louwangzhiyuy kungia09 joyce1991 0x11901 lixufeng2014 piowind zoutaov aylhex explife0011 zl5621 gfgwin 23169407 ababook marcocpt mitchell-dream shuixi2013 gtict112 moonight10 gezijun edison9888 obaby simida 18638019934 genihoust securityresearchstaff xunqf

hikari's Issues

编译错误。

张总我是使用xcode集成的，在xcode build Settings中选择编译器的时候是您的编译器，但是编译的时候报错。

错误如下：请问是什么错误？

编译器在xcode10上已经无效果

亲爱的大神，目前发现Hikari在xcode10上编译出来的代码，是没有效果的了，求提供解决方案，谢谢。

About Hikari.xctoolchain

I downloaded the project and compiled him, but I didn't find the “Hikari.xctoolchain‘’,How to do？

Randomly Fuck-up GVs in ADB's callback

Pure abort() is too easy to bypass

String encryption doesn't apply on global strings

Hello,
In the following example code, I see that the local const string localstring is obfuscated, but the globalstring and the global_array are not obfuscated.
Is it normal behavior? Is there any way to obfuscate global strings and string arrays without making them local variables?

Here is the complete test code;

#include <stdlib.h>
#include <stdio.h>
#include <string.h>

static const char *global_array[] =
{
    "teststring1",
    "teststring2",
    "teststring3",
    NULL
};
static const char *globalstring = "localstring";

void pass_string(const char * s)
{
    fprintf(stderr, "test : %s\n", s);
}

int main()
{
    int i;
    const char *localstring = "globalstring";

    pass_string(globalstring); // Not obfuscated

    pass_string(localstring); // Obfuscated

    for(i =0; global_array[i] != NULL; i++)
          pass_string(global_array[i]); // Not obfuscated

    return 0;
}

CMake was unable to find a build program corresponding to "Ninja"

sorry，i am confused with Ninja ，where is “Ninja”

xcode 9.2 build failed

Opening an issue

If you provide one or more of the stuff listed below, it'll be a lot faster for me and future fellow contributors to help you

Affected source code. It's best for you to create minimal source code that could reproduce the issue
LLVM's Logs in Debug mode if the issue is about crashed compiling process
Misbehaving passes. Try toggling pass switches to find out what pass(es) is triggering the issue
Details regarding the target platform

创建一个Issue

请尽可能多的提供下述的信息。否则恕无能为力

受影响源码或LLVM IR. 源码最好是最小复现问题的代码。IR可通过在CFLAGS末尾加上-S -emit-llvm获得
LLVM的完整日志
有问题的Pass,试着分别打开关闭混淆的pass来找出是哪个(些)Pass的问题
目标平台的细节。例如操作系统，处理器架构等。

Broken StoryBoards

ACD breaks StoryBoard's initializers due to the setters/getter/etc not available at initialing stage

OLLVM's implementation breaks on EH Terminators

AffectedIR By@Ouroburos
Yielding the following error by IR Verifier:

The unwind destination does not have an exception handling instruction!
  %10 = invoke %1* bitcast (i8* (i8*, i8*, ...)* @objc_msgSend to %1* (i8*, i8*)*)(i8* %7, i8* %9) #3
          to label %11 unwind label %16
Block containing LandingPadInst must be jumped to only by the unwind edge of an invoke.
  %25 = landingpad { i8*, i32 }
          cleanup
Block containing LandingPadInst must be jumped to only by the unwind edge of an invoke.
  %34 = landingpad { i8*, i32 }
          cleanup
LLVM ERROR: Broken function found, compilation aborted!

Need investigation

__DARWIN_ALIAS_C and the alike mess up symbols

On Darwin, a bunch of system C APIs are marked as with __DARWIN_ALIAS_C.
For example, in <sys/fcntl.h>, open is declared as int open(const char *, int, ...) __DARWIN_ALIAS_C(open);
At IR Stage open has symbol \01_open, which is unresolvable by FunctionCallObfuscate 's dlsym mechanism and thus crash the process.
Need more research to decide if we can blindly search for \01 prefixes and discard it. For now we disable FunctionCallObfuscate's automatic loading

AntiHook 's detection mechanism is broken on ARM itseems

Just keeping a note here. Public version is no longer maintained and in-house build is using a complete different approach

Use GV to bypass optimizations

Currently everything is direct constructed from ConstantExpr and will be optimized by InstCombine and ConstantFolding without -O0 flag.
We need to add a GV & LoadInst to bypass this

Shuffle BB Location so the indirect branching's target is unpredictable

Doing so at IR is possible, however we need to be really careful so we don't break DominatorTree, plus we can only shuffle the BBs within the same function.
Doing so at MIR or CodeGen is probably da wae to go

Assertion failed "Invalid Object Idx!" on StringEncryption

Hello. I try to compile C++ code on Windows in Clang-CL mode. I get this assertion:

 Assertion failed: unsigned(ObjectIdx+NumFixedObjects) < Objects.size() && "Invalid Object Idx!", file e:\hikari\include\llvm\codegen\mac
  hineframeinfo.h, line 424
  Wrote crash dump file "C:\Users\John\AppData\Local\Temp\CL.exe-2c8655.dmp"
  0x02D79489 (0x00000016 0x4B9F8D04 0x0914D79C 0x0914D6F8), HandleAbort() + 0x9 bytes(s), e:\hikari\lib\support\windows\signals.inc, line
  411
  0x5C9FD56B (0x00000016 0x013DE8AF 0x0914D6B4 0x5CA02E14), raise() + 0x36B bytes(s)
  0x5C9FEA72 (0x5CAC1A98 0x5CAC1A98 0x5C972C60 0x0914D6CC), abort() + 0x32 bytes(s)
  0x5CA02E14 (0x072109F0 0x07210960 0x000001A8 0x00000001), _get_wide_winmain_command_line() + 0x1AB4 bytes(s)
  0x5CA0140A (0x072109F0 0x07210960 0x000001A8 0x01689577), _get_wide_winmain_command_line() + 0xAA bytes(s)
  0x5CA033FA (0x072109F0 0x07210960 0x000001A8 0x0914D7AC), _wassert() + 0x1A bytes(s)
  0x01689577 (0x110BCA5C 0x0914D830 0x0914D7AC 0xCCCCCCCC), llvm::MachineFrameInfo::getObjectAlignment() + 0x47 bytes(s), e:\hikari\includ
  e\llvm\codegen\machineframeinfo.h, line 423 + 0x38 byte(s)
  0x018A97AA (0x0FECFD58 0x00000000 0x0914D8D0 0x0914D83C), llvm::X86FrameLowering::processFunctionBeforeFrameFinalized() + 0x17A bytes(s)
  , e:\hikari\lib\target\x86\x86framelowering.cpp, line 3035 + 0xC byte(s)
  0x020611C1 (0x0FECFD58 0x0914D870 0xCCCCCCCC 0xCCCCCCCC), `anonymous namespace'::PEI::runOnMachineFunction() + 0x1D1 bytes(s), e:\hikari
  \lib\codegen\prologepiloginserter.cpp, line 199 + 0x1A byte(s)
  0x01DFD11B (0x0F5CAB14 0x0914D90C 0x0914D918 0x00000001), llvm::MachineFunctionPass::runOnFunction() + 0x15B bytes(s), e:\hikari\lib\cod
  egen\machinefunctionpass.cpp, line 62 + 0x13 byte(s)
  0x0238E435 (0x0F5CAB14 0x0914D9C4 0x00000000 0x0F5CAB14), llvm::FPPassManager::runOnFunction() + 0x105 bytes(s), e:\hikari\lib\ir\legacy
  passmanager.cpp, line 1520 + 0x17 byte(s)
  0x0238E5DA (0x00CC7520 0x0914DA08 0x0914D9D0 0x00000000), llvm::FPPassManager::runOnModule() + 0x7A bytes(s), e:\hikari\lib\ir\legacypas
  smanager.cpp, line 1541 + 0x10 byte(s)
  0x0238F610 (0x00CC7520 0x0914DCEC 0x0914DCF8 0x008C9000), `anonymous namespace'::MPPassManager::runOnModule() + 0x1C0 bytes(s), e:\hikar
  i\lib\ir\legacypassmanager.cpp, line 1597 + 0x17 byte(s)
  0x0238FCCA (0x00CC7520 0x0914DB18 0x0914DCEC 0x0330BC09), llvm::legacy::PassManagerImpl::run() + 0xFA bytes(s), e:\hikari\lib\ir\legacyp
  assmanager.cpp, line 1700 + 0x1B byte(s)
  0x0238A49D (0x00CC7520 0x0914DE68 0x0914DCF8 0xCCCCCCCC), llvm::legacy::PassManager::run() + 0x1D bytes(s), e:\hikari\lib\ir\legacypassm
  anager.cpp, line 1732
  0x0330BC09 (0x00000005 0x00C80AB8 0x0914DF4C 0x0914DE90), `anonymous namespace'::EmitAssemblyHelper::EmitAssembly() + 0x599 bytes(s), e:
  \hikari\tools\clang\lib\codegen\backendutil.cpp, line 816
  0x03309BDA (0x00C95320 0x00C7C118 0x00C7B268 0x00C41B50), clang::EmitBackendOutput() + 0x21A bytes(s), e:\hikari\tools\clang\lib\codegen
  \backendutil.cpp, line 1185
  0x06FCF4D9 (0x00C8B890 0x0914E094 0x0914DFF0 0x00D02248), clang::BackendConsumer::HandleTranslationUnit() + 0x3C9 bytes(s), e:\hikari\to
  ols\clang\lib\codegen\codegenaction.cpp, line 292 + 0x62 byte(s)
  0x04E3B286 (0x00CFE858 0x00000000 0x00000000 0x0914E09C), clang::ParseAST() + 0x226 bytes(s), e:\hikari\tools\clang\lib\parse\parseast.c
  pp, line 159 + 0x18 byte(s)
  0x039AA601 (0x0914E198 0x0914E09C 0xCCCCCCCC 0xCCCCCCCC), clang::ASTFrontendAction::ExecuteAction() + 0x101 bytes(s), e:\hikari\tools\cl
  ang\lib\frontend\frontendaction.cpp, line 998 + 0x30 byte(s)
  0x06FC7534 (0x0914E0CC 0xCCCCCCCC 0xCCCCCCCC 0xCCCCCCCC), clang::CodeGenAction::ExecuteAction() + 0x2A4 bytes(s), e:\hikari\tools\clang\
  lib\codegen\codegenaction.cpp, line 1032
  0x039AA194 (0x0914E29C 0x00C96728 0xCCCCCCCC 0xCCCCCCCC), clang::FrontendAction::Execute() + 0x84 bytes(s), e:\hikari\tools\clang\lib\fr
  ontend\frontendaction.cpp, line 897 + 0xF byte(s)
  0x03934B74 (0x00C98A70 0x0914E7D0 0x0914E2A4 0xCCCCCCCC), clang::CompilerInstance::ExecuteAction() + 0x3C4 bytes(s), e:\hikari\tools\cla
  ng\lib\frontend\compilerinstance.cpp, line 992
  0x03B02776 (0x00C39F58 0x0914F83C 0x0914E814 0xCCCCCCCC), clang::ExecuteCompilerInvocation() + 0x4D6 bytes(s), e:\hikari\tools\clang\lib
  \frontendtool\executecompilerinvocation.cpp, line 252 + 0x14 byte(s)
  0x015E0227 (0x0914F418 0x00000077 0x00C6A900 0x01354330), cc1_main() + 0x3A7 bytes(s), e:\hikari\tools\clang\tools\driver\cc1_main.cpp,
  line 221 + 0xE byte(s)
  0x015CC808 (0x0914F410 0x00000079 0x00C6A92D 0x00000000), ExecuteCC1Tool() + 0x78 bytes(s), e:\hikari\tools\clang\tools\driver\driver.cp
  p, line 309 + 0x2B byte(s)
  0x015CCE85 (0x00000079 0x00C3A378 0x00C5D1E8 0x0914F8A8), main() + 0x5D5 bytes(s), e:\hikari\tools\clang\tools\driver\driver.cpp, line 3
  88 + 0x35 byte(s)
  0x06C65FAE (0x860E51AD 0x013B221E 0x013B221E 0x008C9000), invoke_main() + 0x1E bytes(s), f:\dd\vctools\crt\vcstartup\src\startup\exe_com
  mon.inl, line 78 + 0x1B byte(s)
  0x06C65E20 (0x0914F8B8 0x06C66028 0x0914F8CC 0x75C88484), __scrt_common_main_seh() + 0x150 bytes(s), f:\dd\vctools\crt\vcstartup\src\sta
  rtup\exe_common.inl, line 283 + 0x5 byte(s)
  0x06C65CBD (0x0914F8CC 0x75C88484 0x008C9000 0x75C88460), __scrt_common_main() + 0xD bytes(s), f:\dd\vctools\crt\vcstartup\src\startup\e
  xe_common.inl, line 326
  0x06C66028 (0x008C9000 0x75C88460 0xBEF945BB 0x0914F914), mainCRTStartup() + 0x8 bytes(s), f:\dd\vctools\crt\vcstartup\src\startup\exe_m
  ain.cpp, line 17
  0x75C88484 (0x008C9000 0x2E1B44B2 0x00000000 0x00000000), BaseThreadInitThunk() + 0x24 bytes(s)
  0x77372EC0 (0xFFFFFFFF 0x7738DEC0 0x00000000 0x00000000), RtlValidSecurityDescriptor() + 0x1C0 bytes(s)
  0x77372E90 (0x013B221E 0x008C9000 0x00000000 0x00000000), RtlValidSecurityDescriptor() + 0x190 bytes(s)
clang-cl.exe : error : clang frontend command failed due to signal (use -v to see invocation) [C:\my-proj.vcxproj]
  clang version 6.0.0 (tags/RELEASE_600/final)
  Target: x86_64-pc-windows-msvc
  Thread model: posix
  InstalledDir: C:\Program Files\LLVM\msbuild-bin
  clang-cl.exe: note: diagnostic msg: PLEASE submit a bug report to http://llvm.org/bugs/ and include the crash backtrace, preprocessed so
  urce, and associated run script.
  clang-cl.exe: note: diagnostic msg:

Prior that error, I get about 2.5k of lines such:

  Running StringEncryption On �??$_Uninitialized_default_fill_n1@PEAV?$sub_match@PEBD@std@@_KV?$allocator@V?$sub_match@PEBD@std@@@2@@std@@
  YAXPEAV?$sub_match@PEBD@0@_KAEAU?$_Wrap_alloc@V?$allocator@V?$sub_match@PEBD@std@@@std@@@0@U?$integral_constant@_N$0A@@0@@Z
  Running StringEncryption On �??$construct@V?$sub_match@PEBD@std@@$$V@?$_Wrap_alloc@V?$allocator@V?$sub_match@PEBD@std@@@std@@@std@@QEAAX
  PEAV?$sub_match@PEBD@1@@Z
  Running StringEncryption On �??$construct@V?$sub_match@PEBD@std@@$$V@?$allocator_traits@V?$allocator@V?$sub_match@PEBD@std@@@std@@@std@@
  SAXAEAV?$allocator@V?$sub_match@PEBD@std@@@1@PEAV?$sub_match@PEBD@1@@Z
  Running StringEncryption On �??$construct@V?$sub_match@PEBD@std@@$$V@?$allocator@V?$sub_match@PEBD@std@@@std@@QEAAXPEAV?$sub_match@PEBD@
  1@@Z
  Running StringEncryption On �?size@?$vector@_NV?$allocator@_N@std@@@std@@QEBA_KXZ
  Running StringEncryption On �?_Insert_n@?$vector@_NV?$allocator@_N@std@@@std@@QEAA?AV?$_Vb_iterator@U?$_Wrap_alloc@V?$allocator@I@std@@@
  std@@@2@V?$_Vb_const_iterator@U?$_Wrap_alloc@V?$allocator@I@std@@@std@@@2@_KAEB_N@Z
  Running StringEncryption On �?end@?$vector@_NV?$allocator@_N@std@@@std@@QEAA?AV?$_Vb_iterator@U?$_Wrap_alloc@V?$allocator@I@std@@@std@@@
  2@XZ
  Running StringEncryption On �?erase@?$vector@_NV?$allocator@_N@std@@@std@@QEAA?AV?$_Vb_iterator@U?$_Wrap_alloc@V?$allocator@I@std@@@std@
  @@2@V?$_Vb_const_iterator@U?$_Wrap_alloc@V?$allocator@I@std@@@std@@@2@0@Z
  Running StringEncryption On �?begin@?$vector@_NV?$allocator@_N@std@@@std@@QEAA?AV?$_Vb_iterator@U?$_Wrap_alloc@V?$allocator@I@std@@@std@
  @@2@XZ
  Running StringEncryption On �??H?$_Vb_iterator@U?$_Wrap_alloc@V?$allocator@I@std@@@std@@@std@@QEBA?AV01@_J@Z
  Running StringEncryption On �?_Insert_x@?$vector@_NV?$allocator@_N@std@@@std@@QEAA_KV?$_Vb_const_iterator@U?$_Wrap_alloc@V?$allocator@I@
  std@@@std@@@2@_K@Z
  Running StringEncryption On �??$fill@V?$_Vb_iterator@U?$_Wrap_alloc@V?$allocator@I@std@@@std@@@std@@_N@std@@YAXV?$_Vb_iterator@U?$_Wrap_
  alloc@V?$allocator@I@std@@@std@@@0@0AEB_N@Z
  Running StringEncryption On �??G?$_Vb_const_iterator@U?$_Wrap_alloc@V?$allocator@I@std@@@std@@@std@@QEBA_JAEBV01@@Z
  Running StringEncryption On �?max_size@?$vector@_NV?$allocator@_N@std@@@std@@QEBA_KXZ
  Running StringEncryption On �?_Xlen@?$vector@_NV?$allocator@_N@std@@@std@@QEBAXXZ
  Running StringEncryption On �?resize@?$vector@IV?$allocator@_N@std@@@std@@QEAAX_KAEBI@Z
  Running StringEncryption On �?empty@?$vector@_NV?$allocator@_N@std@@@std@@QEBA_NXZ
  Running StringEncryption On �??$copy_backward@V?$_Vb_iterator@U?$_Wrap_alloc@V?$allocator@I@std@@@std@@@std@@V12@@std@@YA?AV?$_Vb_iterat
  or@U?$_Wrap_alloc@V?$allocator@I@std@@@std@@@0@V10@00@Z
  Running StringEncryption On �?_Compat@?$_Vb_const_iterator@U?$_Wrap_alloc@V?$allocator@I@std@@@std@@@std@@QEBAXAEBV12@@Z
  Running StringEncryption On �?size@?$vector@IV?$allocator@_N@std@@@std@@QEBA_KXZ
  Running StringEncryption On �?_Pop_back_n@?$vector@IV?$allocator@_N@std@@@std@@QEAAX_K@Z
  Running StringEncryption On �?_Inside@?$vector@IV?$allocator@_N@std@@@std@@IEBA_NPEBI@Z
  Running StringEncryption On �?_Reserve@?$vector@IV?$allocator@_N@std@@@std@@IEAAX_K@Z
  Running StringEncryption On �?_Mylast@?$_Vector_alloc@U?$_Vec_base_types@IV?$allocator@_N@std@@@std@@@std@@QEBAAEBQEAIXZ
  Running StringEncryption On �?_Myfirst@?$_Vector_alloc@U?$_Vec_base_types@IV?$allocator@_N@std@@@std@@@std@@QEBAAEBQEAIXZ
  Running StringEncryption On �?_Get_data@?$_Vector_alloc@U?$_Vec_base_types@IV?$allocator@_N@std@@@std@@@std@@QEBAAEBV?$_Vector_val@U?$_S
  imple_types@I@std@@@2@XZ
  Running StringEncryption On �?_Unused_capacity@?$vector@IV?$allocator@_N@std@@@std@@QEBA_KXZ
  Running StringEncryption On �?_Reallocate@?$vector@IV?$allocator@_N@std@@@std@@IEAAX_K@Z
  Running StringEncryption On �?_Grow_to@?$vector@IV?$allocator@_N@std@@@std@@IEBA_K_K@Z
  Running StringEncryption On �?_Myend@?$_Vector_alloc@U?$_Vec_base_types@IV?$allocator@_N@std@@@std@@@std@@QEBAAEBQEAIXZ
  Running StringEncryption On �??$_Umove@PEAI@?$vector@IV?$allocator@_N@std@@@std@@IEAAPEAIPEAI00@Z
  Running StringEncryption On �?capacity@?$vector@IV?$allocator@_N@std@@@std@@QEBA_KXZ

I guess the problem is that there are too many encryptions (2500, I don't have so many string literals).
Should StringEncryption work with C/C++ code? Does it treat only string literals or something more?

Here is the compiler command:

 C:\Program Files\LLVM\msbuild-bin\CL.exe /c /nologo /W1 /WX- /O2 /Ob2 /D NDEBUG /D CONF_ENFORCE_OpenCL_1_2=1 /D _CRT_SECURE_NO_DEPRECATE /D NOMINMAX /D WIN32 /D "CMAKE_INTDIR=\"Release\"" /D _MBCS /Gm- /MT /GS /fp:precise
  /Zc:wchar_t /Zc:forScope /Zc:inline /Fo"myproj.dir\Release\\" /Fd"myproj.dir\Release\myproj.pdb" /Gd /TP /
  errorReport:queue -m64 -fmsc-version=1900  -mllvm -enable-strcry -mllvm -aesSeed=0xdeadbeafdeadbeefdeadbeefdeadbeef -msse2 -maes -Xclang
   -fexceptions -Xclang -fcxx-exceptions

Mark obfuscated functions are no-opt accordingly

Currently globally we rely on the user is not naive enough to pass -O3 so the aggressive DCE won't kick in. This can be fixed by adding attributes to the functions we are obfuscating instead. Similar to what we did in lib/Transforms/Obfuscation/AntiDebugging.cpp

Speed-up Compiling Process

Currently the element-by-element XOR in StringEncryption is really,really,really slow

Provide Option so the user could choose the fast original insecure implementation

EE would take way too long for large projects

Use expression evaluation as branching condition

Currently the branching condition used by Obfuscator-LLVM team is creating 1.0==1.0 always true compare predicate then obfuscate using a given expression at finalization part.

We could randomly generate a mathematical expression like 1+2-3*4 each time then build IRs on top of this as the LHS, then use tinyexpr to evaluate the result and build RHS on top of it

Replace dlfcn Calls with Custom Baked X-Platform Implementation

Calls like dlopen and dlsym are unsafe by nature.
Can we do better and import our own implementation and mark those as inline?

Possible Implementaion

Clang-ception, re-constructing everything purely with LLVM IR APIs would be a huge pain-in-ass and far from error-proof. The name is used by QuarksLab, see https://www.youtube.com/watch?v=d72Snpxx4Co
Pre-compile generated IRs and ship with Released Toolchain

EDIT:
As suggested by @Ouroboros , we could re-use code from MSFindSymbol

Get rid of EE

IRBuilder<> by default uses ConstantFolding, which means the ret instruction should already returning a constant so there is no need for emulation

Unknown CMake command "add_llvm_install_targets"

i use mac and clone HikariObfuscator
git clone -b release_50 --recursive https://github.com/HikariObfuscator/MonolithicRepo.git Hikari
mkdir Build and cd Build
then cmake
cmake -G "Ninja" -DCMAKE_BUILD_TYPE=MinSizeRel -DLLVM_APPEND_VC_REV=on -DLLVM_CREATE_XCODE_TOOLCHAIN=on -DCMAKE_INSTALL_PREFIX=~/Library/Developer/ ../Hikari
finally
CMake Error at tools/xcode-toolchain/CMakeLists.txt:100 (add_llvm_install_targets): Unknown CMake command "add_llvm_install_targets".
the CMakeError.log here:

Checking whether the ASM-ATT compiler is GNU using "--version" did not match "(GNU assembler)|(GCC)|(Free Software Foundation)":
Apple LLVM version 9.0.0 (clang-900.0.37)
Target: x86_64-apple-darwin16.7.0
Thread model: posix
InstalledDir: /Applications/Xcode.app/Contents/Developer/Toolchains/XcodeDefault.xctoolchain/usr/bin
Checking whether the ASM-ATT compiler is HP using "-V" terminated after 10 s due to timeout.Checking whether the ASM-ATT compiler is Intel using "--version" did not match "(ICC)":
Apple LLVM version 9.0.0 (clang-900.0.37)
Target: x86_64-apple-darwin16.7.0
Thread model: posix
InstalledDir: /Applications/Xcode.app/Contents/Developer/Toolchains/XcodeDefault.xctoolchain/usr/bin
Checking whether the ASM-ATT compiler is SunPro using "-V" terminated after 10 s due to timeout.Checking whether the ASM-ATT compiler is XL using "-qversion" did not match "XL C":
clang: error: unknown argument: '-qversion'
Checking whether the ASM-ATT compiler is MSVC using "/?" did not match "Microsoft":
clang: error: no such file or directory: '/?'
clang: error: no input files
Checking whether the ASM-ATT compiler is TI using "-h" did not match "Texas Instruments":
clang: error: unknown argument: '-h'
Checking whether the ASM-ATT compiler is IAR using "" terminated after 10 s due to timeout.Checking whether the ASM-ATT compiler is ARMCC using "" terminated after 10 s due to timeout.Checking whether the ASM-ATT compiler is NASM using "-v" terminated after 10 s due to timeout.Checking whether the ASM-ATT compiler is YASM using "--version" did not match "(yasm)":
Apple LLVM version 9.0.0 (clang-900.0.37)
Target: x86_64-apple-darwin16.7.0
Thread model: posix
InstalledDir: /Applications/Xcode.app/Contents/Developer/Toolchains/XcodeDefault.xctoolchain/usr/bin

Fix PassRegistering Mechanism

ATM we use PassManagerBuilder.cpp as our registering point to keep modification to LLVM Core at minimal.
While this indeed works for clang. LLVM's opt uses the RegisterPass function template.

Feature request : Improved string encryption

Hello,

Is it possible to convert strings into byte arrays with length to force the compiler to relocate the strings from strtab section to data section? For example in current implementation, strings command can list the obfuscated strings. So it is still not so hard to follow up the string over IDA to find out the de-obfuscation process. If the strings are just non printable byte arrays, it can be one step harder to find them.

Please consider the development if I'm not wrong on my theory.
You can also redirect me how it can be done and I can help with the development as well.

Thanks.

Assertion failed: ((GV || isa<ConstantPointerNull>(V))

Assertion failed: ((GV || isa(V)) && "TypeInfo must be a global variable or NULL"), function ExtractTypeInfo, file /Users/xx/ios/project/llvm/src/lib/CodeGen/Analysis.cpp, line 133.
0 clang 0x000000010f4cfcfe llvm::sys::PrintStackTrace(llvm::raw_ostream&) + 46
1 clang 0x000000010f4d0229 PrintStackTraceSignalHandler(void*) + 25
2 clang 0x000000010f4cc6f9 llvm::sys::RunSignalHandlers() + 425
3 clang 0x000000010f4d0952 SignalHandler(int) + 354
4 libsystem_platform.dylib 0x00007fff6415cf5a _sigtramp + 26
5 libsystem_platform.dylib 0x000000012681f292 _sigtramp + 3261866834
6 clang 0x000000010f4d024b raise + 27
7 clang 0x000000010f4d02f2 abort + 18
8 clang 0x000000010f4d02de __assert_rtn + 126
9 clang 0x000000010e5f9b18 llvm::ExtractTypeInfo(llvm::Value*) + 632
10 clang 0x0000000110506704 llvm::SelectionDAGBuilder::visitIntrinsicCall(llvm::CallInst const&, unsigned int) + 12452
11 clang 0x00000001104e531e llvm::SelectionDAGBuilder::visitCall(llvm::CallInst const&) + 366
12 clang 0x00000001104d9287 llvm::SelectionDAGBuilder::visit(unsigned int, llvm::User const&) + 1223
13 clang 0x00000001104d7c59 llvm::SelectionDAGBuilder::visit(llvm::Instruction const&) + 137
14 clang 0x000000011056053e llvm::SelectionDAGISel::SelectBasicBlock(llvm::ilist_iterator<llvm::Instruction const>, llvm::ilist_iterator<llvm::Instruction const>, bool&) + 142
15 clang 0x000000011055fc5b llvm::SelectionDAGISel::SelectAllBasicBlocks(llvm::Function const&) + 5179
16 clang 0x000000011055d195 llvm::SelectionDAGISel::runOnMachineFunction(llvm::MachineFunction&) + 1525
17 clang 0x000000010d648b8b (anonymous namespace)::ARMDAGToDAGISel::runOnMachineFunction(llvm::MachineFunction&) + 59
18 clang 0x000000010e7de67e llvm::MachineFunctionPass::runOnFunction(llvm::Function&) + 110
19 clang 0x000000010ed100ff llvm::FPPassManager::runOnFunction(llvm::Function&) + 399
20 clang 0x000000010ed10605 llvm::FPPassManager::runOnModule(llvm::Module&) + 117
21 clang 0x000000010ed113d4 (anonymous namespace)::MPPassManager::runOnModule(llvm::Module&) + 2196
22 clang 0x000000010ed108c6 llvm::legacy::PassManagerImpl::run(llvm::Module&) + 342
23 clang 0x000000010ed12101 llvm::legacy::PassManager::run(llvm::Module&) + 33
24 clang 0x000000010f8ea23c (anonymous namespace)::EmitAssemblyHelper::EmitAssembly(clang::BackendAction, llvm::raw_pwrite_stream*) + 3916
25 clang 0x000000010f8e8b32 clang::EmitBackendOutput(clang::DiagnosticsEngine&, clang::CodeGenOptions const&, clang::TargetOptions const&, clang::LangOptions const&, llvm::StringRef, llvm::Module*, clang::BackendAction, llvm::raw_pwrite_stream*) + 162
26 clang 0x000000010fbc2097 clang::CodeGenAction::ExecuteAction() + 6183
27 clang 0x0000000110142b60 clang::FrontendAction::Execute() + 112
28 clang 0x000000011008a0a9 clang::CompilerInstance::ExecuteAction(clang::FrontendAction&) + 1833
29 clang 0x00000001101d2547 clang::ExecuteCompilerInvocation(clang::CompilerInstance*) + 4135
30 clang 0x000000010d0f3648 cc1_main(llvm::ArrayRef<char const*>, char const*, void*) + 4872
31 clang 0x000000010d112adb ExecuteCC1Tool(llvm::ArrayRef<char const*>, llvm::StringRef) + 491
32 clang 0x000000010d1101c4 main + 3284
33 libdyld.dylib 0x00007fff63edb115 start + 1

处理函数出错

FixFunctionConstantExpr()
IRBuilder<> IRB(Func->getEntryBlock().getFirstNonPHIOrDbgOrLifetime());
第一句报错
在处理函数中应该先判断函数是否是isDeclaration

Conflicts with intel MMX and SSE

Seriously what the fuck?

int main(){
  printf("你好世界");
  NSLog(@"你好");
  return 0;
}

Without ObjC string, eveything works fine.
Otherwise we need to add -mno-sse -mno-mmx to clang to prevent EXC_I386_GPFLT

AND WE DONT EVEN SUPPORT/ATTEMPT TO HANDLE ObjC-Style String Yet

I definitely need some hardware guy to tell me what went wrong

Use Annotation To Support Customized Obfuscation

If we mark annotations using __attribute__((annotate("my_annotation")))

The Generated Module will have a new GlobalVariable
@llvm.global.annotations = appending global [1 x { i8*, i8*, i8*, i32 }] [{ i8*, i8*, i8*, i32 } { i8* bitcast (void ()* @foo to i8*), i8* getelementptr inbounds ([14 x i8], [14 x i8]* @.str.4, i32 0, i32 0), i8* getelementptr inbounds ([8 x i8], [8 x i8]* @.str.5, i32 0, i32 0), i32 3 }], section "llvm.metadata"

can we use this to allow function level obfuscation toggling

使用混淆后的framework到Xcode的项目, 程序崩溃

hi, @Naville

前几日, 我使用Hikari混淆了我的framework, 用hopper分析混淆效果是很不错的。

但是今天把混淆后的framework使用到Xcode的项目工程中, 执行到混淆的函数或者类(文件), 程序直接崩溃。

Xcode没有额外的崩溃信息。

混淆framework我是用的配置是:

Mach-O Type = Static Library
Enable Bitcode = No
Enable Index-While-Building Functionality = No
Debug Optimization Level = None
部分文件 Compiler Flags = -mllvm -enable-allobf
部分文件 Compiler Flags = -mllvm -enable-strcry
toolchain => HikariObfuscator

Xcode工程配置:

配置1

混淆的framework直接引用到project
Enable Bitcode = No
Enable Index-While-Building Functionality = No
Debug Optimization Level = None
toolchain => HikariObfuscator

配置2

混淆的framework直接引用到project
Enable Bitcode = No
Enable Index-While-Building Functionality = No
Debug Optimization Level = None
toolchain => Xcode 9.2

生成framework的工程和项目工程是各自独立的, 可能是我使用混淆后静态库的方式不正确

期待张总的指导

Assertion failed: (I != InstList.end() && "Trying to get me to create degenerate basic block!"), function splitBasicBlock,

0 clang-6.0 0x000000010357fc3c llvm::sys::PrintStackTrace(llvm::raw_ostream&) + 60
1 clang-6.0 0x0000000103580239 PrintStackTraceSignalHandler(void*) + 25
2 clang-6.0 0x000000010357bb79 llvm::sys::RunSignalHandlers() + 425
3 clang-6.0 0x00000001035805f2 SignalHandler(int) + 354
4 libsystem_platform.dylib 0x00007fff6415cf5a _sigtramp + 26
5 libsystem_platform.dylib 0x00007ffeef8767ff _sigtramp + 2339477695
6 libsystem_c.dylib 0x00007fff63f87312 abort + 127
7 libsystem_c.dylib 0x00007fff63f4f368 basename_r + 0
8 clang-6.0 0x0000000102798842 llvm::BasicBlock::splitBasicBlock(llvm::ilist_iterator<llvm::ilist_detail::node_options<llvm::Instruction, false, false, void>, false, false>, llvm::Twine const&) + 258
9 clang-6.0 0x0000000104e73b53 (anonymous namespace)::SplitBasicBlock::split(llvm::Function*) + 3139
10 clang-6.0 0x0000000104e72eb8 (anonymous namespace)::SplitBasicBlock::runOnFunction(llvm::Function&) + 472
11 clang-6.0 0x0000000104ea8f0b llvm::Obfuscation::runOnModule(llvm::Module&) + 987
12 clang-6.0 0x0000000102924454 (anonymous namespace)::MPPassManager::runOnModule(llvm::Module&) + 2196
13 clang-6.0 0x0000000102923946 llvm::legacy::PassManagerImpl::run(llvm::Module&) + 342
14 clang-6.0 0x0000000102925181 llvm::legacy::PassManager::run(llvm::Module&) + 33
15 clang-6.0 0x00000001039c0453 (anonymous namespace)::EmitAssemblyHelper::EmitAssembly(clang::BackendAction, std::__1::unique_ptr<llvm::raw_pwrite_stream, std::__1::default_deletellvm::raw_pwrite_stream >) + 4771
16 clang-6.0 0x00000001039ba772 clang::EmitBackendOutput(clang::DiagnosticsEngine&, clang::HeaderSearchOptions const&, clang::CodeGenOptions const&, clang::TargetOptions const&, clang::LangOptions const&, llvm::DataLayout const&, llvm::Module*, clang::BackendAction, std::__1::unique_ptr<llvm::raw_pwrite_stream, std::__1::default_deletellvm::raw_pwrite_stream >) + 4450
17 clang-6.0 0x0000000103db231a clang::BackendConsumer::HandleTranslationUnit(clang::ASTContext&) + 5562
18 clang-6.0 0x0000000105ccb3c6 clang::ParseAST(clang::Sema&, bool, bool) + 1238
19 clang-6.0 0x0000000104501c55 clang::ASTFrontendAction::ExecuteAction() + 485
20 clang-6.0 0x0000000103db011a clang::CodeGenAction::ExecuteAction() + 5546
21 clang-6.0 0x0000000104500bb0 clang::FrontendAction::Execute() + 112
22 clang-6.0 0x0000000104414f6d clang::CompilerInstance::ExecuteAction(clang::FrontendAction&) + 2285
23 clang-6.0 0x00000001045bb8a3 clang::ExecuteCompilerInvocation(clang::CompilerInstance*) + 5843
24 clang-6.0 0x0000000100395a24 cc1_main(llvm::ArrayRef<char const*>, char const*, void*) + 4900
25 clang-6.0 0x000000010038461e ExecuteCC1Tool(llvm::ArrayRef<char const*>, llvm::StringRef) + 622
26 clang-6.0 0x0000000100381cba main + 4282
27 libdyld.dylib 0x00007fff63edb115 start + 1

Archive后的版本不能上传到App store

张总，我按照wiki里的教程做了如下的配置
http://p1kpxlx93.bkt.clouddn.com/toolchains.png
http://p1kpxlx93.bkt.clouddn.com/cflags.png
http://p1kpxlx93.bkt.clouddn.com/bitcode.png

Archive过后不能上传到app store
http://p1kpxlx93.bkt.clouddn.com/archive.png

不知是不是配置有问题，希望张总可以指导下，谢谢

Linking CXX executable bin/debugserver failed

I build MonolithicRepo but failed, the step is

clone MonolithicRepo (success)
create Build directory
cmake -G "Ninja" -DCMAKE_BUILD_TYPE=MinSizeRel -DLLVM_APPEND_VC_REV=on -DLLVM_CREATE_XCODE_TOOLCHAIN=on -DCMAKE_INSTALL_PREFIX=~/Library/Developer/ ../Hikari (success)
ninja (failed)

the error look like link debugserver failed
so I delete the tools/lldb directory and ninja success
here is the error output:

[8677/8954] Linking CXX executable bin/debugserver
FAILED: bin/debugserver
: && /Applications/Xcode.app/Contents/Developer/Toolchains/XcodeDefault.xctoolchain/usr/bin/c++ -fPIC -fvisibility-inlines-hidden -Werror=date-time -std=c++11 -Wall -W -Wno-unused-parameter -Wwrite-strings -Wcast-qual -Wmissing-field-initializers -pedantic -Wno-long-long -Wcovered-switch-default -Wnon-virtual-dtor -Wdelete-non-virtual-dtor -Wstring-conversion -fcolor-diagnostics -Wno-deprecated-declarations -Wno-unknown-pragmas -Wno-strict-aliasing -Wno-deprecated-register -Wno-vla-extension -Wno-gnu-zero-variadic-macro-arguments -Wno-zero-length-array -Wno-extended-offsetof -Os -DNDEBUG -Wl,-search_paths_first -Wl,-headerpad_max_install_names -stdlib=libc++ -Wl,-sectcreate,TEXT,info_plist,/Users/laihongyu/app/iosre/serviceXm/Hikari/tools/lldb/tools/debugserver/source/../resources/lldb-debugserver-Info.plist -Wl,-dead_strip tools/lldb/tools/debugserver/source/CMakeFiles/debugserver.dir/debugserver.cpp.o -o bin/debugserver -Wl,-rpath,@loader_path/../lib lib/liblldbDebugserverCommon.a -framework Cocoa -framework CoreFoundation -framework Foundation lib/liblldbDebugserverArchSupport.a lib/liblldbDebugserverDarwin_DarwinLog.a && cd /Users/laihongyu/app/iosre/serviceXm/Build/bin && /usr/local/Cellar/cmake/3.10.2/bin/cmake -E env CODESIGN_ALLOCATE=/Applications/Xcode.app/Contents/Developer/Toolchains/XcodeDefault.xctoolchain/usr/bin/codesign_allocate codesign --force --sign lldb_codesign /Users/laihongyu/app/iosre/serviceXm/Build/bin/debugserver
lldb_codesign: no identity found
[8682/8954] Building CXX object tools/lldb/source/API/CMakeFiles/liblldb.dir///scripts/LLDBWrapPython.cpp.o
tools/lldb/scripts/LLDBWrapPython.cpp:21910:52: warning: format string is not a string literal (potentially insecure) [-Wformat-security]
result = (int)(arg1)->SetErrorStringWithFormat((char const *)arg2);
^ ~~~~
tools/lldb/scripts/LLDBWrapPython.cpp:21910:52: note: treat the string as an argument to avoid this
result = (int)(arg1)->SetErrorStringWithFormat((char const *)arg2);
^
"%s",
tools/lldb/scripts/LLDBWrapPython.cpp:50149:21: warning: comparison of integers of different signs: 'int' and 'uint32_t' (aka 'unsigned int') [-Wsign-compare]
for (i = 0; i < arg3; i++) {
~ ^ ~~~~
tools/lldb/scripts/LLDBWrapPython.cpp:50241:21: warning: comparison of integers of different signs: 'int' and 'uint32_t' (aka 'unsigned int') [-Wsign-compare]
for (i = 0; i < arg3; i++) {
~ ^ ~~~~
tools/lldb/scripts/LLDBWrapPython.cpp:50342:21: warning: comparison of integers of different signs: 'int' and 'uint32_t' (aka 'unsigned int') [-Wsign-compare]
for (i = 0; i < arg3; i++) {
~ ^ ~~~~
4 warnings generated.
ninja: build stopped: subcommand failed.

为什么StringEncryption使用ModulePass而不是FunctionPass

  bool runOnModule(Module &M) override {
    // in runOnModule. We simple iterate function list and dispatch functions
    // to handlers
    for (Module::iterator iter = M.begin(); iter != M.end(); iter++) {
      Function *F = &(*iter);

      if (toObfuscate(flag, F, "strenc")) {
        errs() << "Running StringEncryption On " << F->getName() << "\n";
        Constant *S = ConstantInt::get(Type::getInt32Ty(M.getContext()), 0);
        GlobalVariable *GV = new GlobalVariable(
            M, S->getType(), false, GlobalValue::LinkageTypes::PrivateLinkage,
            S, "");
        encstatus[F] = GV;
        HandleFunction(F);
      }
    }
    return true;
  } // End runOnModule

看起这个地方标记了 encstatus 后就去处理Function去了，但我在HandleFunction里没看到太多关于encstatus的事情，每个里面都是先解密后执行。
所以从设计的角度来看，这里为什么不使用FunctionPass呢？

with -O2, flatten crashes

0 clang-6.0 0x0000000106e2b088 llvm::sys::PrintStackTrace(llvm::raw_ostream&) + 40
1 clang-6.0 0x0000000106e2b636 SignalHandler(int) + 342
2 libsystem_platform.dylib 0x00007fff50d3cf5a _sigtramp + 26
3 libsystem_platform.dylib 0x00007ffee9cc56d8 _sigtramp + 2566424472
4 clang-6.0 0x0000000106d1fe77 (anonymous namespace)::SCCPSolver::Solve() + 1015
5 clang-6.0 0x0000000106d1e788 runIPSCCP(llvm::Module&, llvm::DataLayout const&, llvm::TargetLibraryInfo const*) + 3304
6 clang-6.0 0x000000010694d9d8 llvm::legacy::PassManagerImpl::run(llvm::Module&) + 888
7 clang-6.0 0x0000000106fd84ac clang::EmitBackendOutput(clang::DiagnosticsEngine&, clang::HeaderSearchOptions const&, clang::CodeGenOptions const&, clang::TargetOptions const&, clang::LangOptions const&, llvm::DataLayout const&, llvm::Module*, clang::BackendAction, std::__1::unique_ptr<llvm::raw_pwrite_stream, std::__1::default_deletellvm::raw_pwrite_stream >) + 14844
8 clang-6.0 0x000000010719c19f clang::BackendConsumer::HandleTranslationUnit(clang::ASTContext&) + 959
9 clang-6.0 0x0000000107a6e782 clang::ParseAST(clang::Sema&, bool, bool) + 466
10 clang-6.0 0x0000000107403e33 clang::FrontendAction::Execute() + 67
11 clang-6.0 0x00000001073a4e08 clang::CompilerInstance::ExecuteAction(clang::FrontendAction&) + 1208
12 clang-6.0 0x000000010744a655 clang::ExecuteCompilerInvocation(clang::CompilerInstance*) + 4613
13 clang-6.0 0x0000000105f3bde5 cc1_main(llvm::ArrayRef<char const*>, char const*, void*) + 1333
14 clang-6.0 0x0000000105f39e62 main + 11250
15 libdyld.dylib 0x00007fff50a2e015 start + 1

The source code:
#include <stdio.h>
int sum(int a, int b) {
const void * labels[] = {&&label0, &&label1};

int x = 31;
if (a < b )
goto *labels[0];
else
goto *labels[1];
label0:
x = 16;
printf("yes\n");
return x;
label1:
x = 16000;
printf("no\n");
return x;
}

int main(int argc, char** argv) {
int x = sum(5,4);
printf("x is %d\n", x);
return 0;
}

clang -emit-llvm -S -mllvm -enable-cffobf -o test2.ll test2.c -O2

extern 修饰的跨模块常量字符串加密失败

如题

平台 windows
所用的编译命令在zip包的build.bat

支持android么

Opening an issue

Please fill out the following form with as much detail as possible. Failing to do so might get yourself blocked.

Required
Affected source code or LLVM IR. It's best for you to create minimal source code that could reproduce the issue. Alternatively LLVM IR could be obtained by adding -S -emit-llvm to your normal CFLAGS or compile a normal binary with Bitcode Enabled
Strongly Recommend
LLVM's Logs in Debug mode if the issue is about crashed compiling process
Strongly Recommend
Misbehaving passes. Try toggling pass switches to find out what pass(es) is triggering the issue
Strongly Recommend
Details regarding the target platform

创建一个Issue

请按照如下模版尽可能详细的填写资料。不按照规则提供我解决您的问题所需的信息将很有可能导致您的帐号被我的私人账号和Hikari组织永久黑名单

必须
受影响源码或LLVM IR. 源码最好是最小复现问题的代码。IR可通过在CFLAGS末尾加上-S -emit-llvm或编译包含Bitcode的二进制获得。注意后者目前只支持iOS
强烈建议提供
LLVM的完整日志
强烈建议提供
有问题的Pass,试着分别打开关闭混淆的pass来找出是哪个(些)Pass的问题
强烈建议提供
目标平台的细节。例如操作系统，处理器架构等。

Rewrite StringEncryption

Current design lacks support for global string arrays, plus there are hiccups here and there, for example User replacing is not properly handling Constants and assumes all uses are Values not Constants.

This should also fix #40

编译出错

当我执行git clone -b release_60 --recursive https://github.com/HikariObfuscator/Hikari.git Hikari && mkdir Build && cd Build && cmake -G "Ninja" -DCMAKE_BUILD_TYPE=MinSizeRel -DLLVM_APPEND_VC_REV=on -DLLVM_CREATE_XCODE_TOOLCHAIN=on -DCMAKE_INSTALL_PREFIX=~/Library/Developer/ ../Hikari && ninja &&ninja install-xcode-toolchain && git clone https://github.com/HikariObfuscator/Resources.git ~/Hikari && rsync -ua /Applications/Xcode.app/Contents/Developer/Toolchains/XcodeDefault.xctoolchain/ ~/Library/Developer/Toolchains/Hikari.xctoolchain/ && rm ~/Library/Developer/Toolchains/Hikari.xctoolchain/ToolchainInfo.plist出现如下错误

-- Performing Test CXX_SUPPORTS_NO_NESTED_ANON_TYPES_FLAG
-- Performing Test CXX_SUPPORTS_NO_NESTED_ANON_TYPES_FLAG - Success
CMake Error at tools/xcode-toolchain/CMakeLists.txt:52 (string):
string sub-command REGEX, mode MATCH needs at least 5 arguments total to
command.

CMake Warning at tools/xcode-toolchain/CMakeLists.txt:60 (message):
Failed to detect the version of an installed copy of Xcode, falling back to
highest supported version. Set XCODE_VERSION to override.

CMake Error at tools/xcode-toolchain/CMakeLists.txt:80 (message):
Could not identify toolchain dir

-- Configuring incomplete, errors occurred!
See also "/Users/hades/Desktop/Build/CMakeFiles/CMakeOutput.log".
See also "/Users/hades/Desktop/Build/CMakeFiles/CMakeError.log".

截图http://p1kpxlx93.bkt.clouddn.com/builderror,麻烦帮忙看下，谢谢

[FunctionCallObfuscate] Failed to replace a call to function

Hi @Naville

Testcase:
dl.c
build.sh

$ cat SymbolConfig.json 
{
  "Java_com_tencent_mm_network_Java2C_getNetworkServerIp": "Java_com_tencent_mm_network_Java2C_XXX"
}

Failed to replace because my misunderstanding?

; ModuleID = 'dl.ll'
source_filename = "dl.c"
target datalayout = "e-m:e-p:32:32-i64:64-v128:64:128-a:0:32-n32-S64"
target triple = "armv6kz--linux-gnueabihf"

%struct.JNINativeInterface_ = type { i8*, i8*, i8*, i8*, i32 (%struct.JNINativeInterface_**)*, %struct._jobject* (%struct.JNINativeInterface_**, i8*, %struct._jobject*, i8*, i32)*, %struct._jobject* (%struct.JNINativeInterface_**, i8*)*, %struct._jmethodID* (%struct.JNINativeInterface_**, %struct._jobject*)*, %struct._jfieldID* (%struct.JNINativeInterface_**, %struct._jobject*)*, %struct._jobject* (%struct.JNINativeInterface_**, %struct._jobject*, %struct._jmethodID*, i8)*, {}*, i8 (%struct.JNINativeInterface_**, %struct._jobject*, %struct._jobject*)*, %struct._jobject* (%struct.JNINativeInterface_**, %struct._jobject*, %struct._jfieldID*, i8)*, i32 (%struct.JNINativeInterface_**, %struct._jobject*)*, i32 (%struct.JNINativeInterface_**, %struct._jobject*, i8*)*, %struct._jobject* (%struct.JNINativeInterface_**)*, void (%struct.JNINativeInterface_**)*, void (%struct.JNINativeInterface_**)*, void (%struct.JNINativeInterface_**, i8*)*, i32 (%struct.JNINativeInterface_**, i32)*, {}*, {}*, void (%struct.JNINativeInterface_**, %struct._jobject*)*, void (%struct.JNINativeInterface_**, %struct._jobject*)*, i8 (%struct.JNINativeInterface_**, %struct._jobject*, %struct._jobject*)*, {}*, i32 (%struct.JNINativeInterface_**, i32)*, {}*, %struct._jobject* (%struct.JNINativeInterface_**, %struct._jobject*, %struct._jmethodID*, ...)*, %struct._jobject* (%struct.JNINativeInterface_**, %struct._jobject*, %struct._jmethodID*, [1 x i32])*, %struct._jobject* (%struct.JNINativeInterface_**, %struct._jobject*, %struct._jmethodID*, %union.jvalue*)*, {}*, i8 (%struct.JNINativeInterface_**, %struct._jobject*, %struct._jobject*)*, %struct._jmethodID* (%struct.JNINativeInterface_**, %struct._jobject*, i8*, i8*)*, %struct._jobject* (%struct.JNINativeInterface_**, %struct._jobject*, %struct._jmethodID*, ...)*, %struct._jobject* (%struct.JNINativeInterface_**, %struct._jobject*, %struct._jmethodID*, [1 x i32])*, %struct._jobject* (%struct.JNINativeInterface_**, %struct._jobject*, %struct._jmethodID*, %union.jvalue*)*, i8 (%struct.JNINativeInterface_**, %struct._jobject*, %struct._jmethodID*, ...)*, i8 (%struct.JNINativeInterface_**, %struct._jobject*, %struct._jmethodID*, [1 x i32])*, i8 (%struct.JNINativeInterface_**, %struct._jobject*, %struct._jmethodID*, %union.jvalue*)*, i8 (%struct.JNINativeInterface_**, %struct._jobject*, %struct._jmethodID*, ...)*, i8 (%struct.JNINativeInterface_**, %struct._jobject*, %struct._jmethodID*, [1 x i32])*, i8 (%struct.JNINativeInterface_**, %struct._jobject*, %struct._jmethodID*, %union.jvalue*)*, i16 (%struct.JNINativeInterface_**, %struct._jobject*, %struct._jmethodID*, ...)*, i16 (%struct.JNINativeInterface_**, %struct._jobject*, %struct._jmethodID*, [1 x i32])*, i16 (%struct.JNINativeInterface_**, %struct._jobject*, %struct._jmethodID*, %union.jvalue*)*, i16 (%struct.JNINativeInterface_**, %struct._jobject*, %struct._jmethodID*, ...)*, i16 (%struct.JNINativeInterface_**, %struct._jobject*, %struct._jmethodID*, [1 x i32])*, i16 (%struct.JNINativeInterface_**, %struct._jobject*, %struct._jmethodID*, %union.jvalue*)*, i32 (%struct.JNINativeInterface_**, %struct._jobject*, %struct._jmethodID*, ...)*, i32 (%struct.JNINativeInterface_**, %struct._jobject*, %struct._jmethodID*, [1 x i32])*, i32 (%struct.JNINativeInterface_**, %struct._jobject*, %struct._jmethodID*, %union.jvalue*)*, i64 (%struct.JNINativeInterface_**, %struct._jobject*, %struct._jmethodID*, ...)*, i64 (%struct.JNINativeInterface_**, %struct._jobject*, %struct._jmethodID*, [1 x i32])*, i64 (%struct.JNINativeInterface_**, %struct._jobject*, %struct._jmethodID*, %union.jvalue*)*, float (%struct.JNINativeInterface_**, %struct._jobject*, %struct._jmethodID*, ...)*, float (%struct.JNINativeInterface_**, %struct._jobject*, %struct._jmethodID*, [1 x i32])*, float (%struct.JNINativeInterface_**, %struct._jobject*, %struct._jmethodID*, %union.jvalue*)*, double (%struct.JNINativeInterface_**, %struct._jobject*, %struct._jmethodID*, ...)*, double (%struct.JNINativeInterface_**, %struct._jobject*, %struct._jmethodID*, [1 x i32])*, double (%struct.
JNINativeInterface_**, %struct._jobject*, %struct._jmethodID*, %union.jvalue*)*, void (%struct.JNINativeInterface_**, %struct._jobject*, %struct._jmethodID*, ...)*, void (%struct.JNINativeInterface_**, %struct._jobject*, %struct._jmethodID*, [1 x i32])*, void (%struct.JNINativeInterface_**, %struct._jobject*, %struct._jmethodID*, %union.jvalue*)*, %struct._jobject* (%struct.JNINativeInterface_**, %struct._jobject*, %struct._jobject*, %struct._jmethodID*, ...)*, %struct._jobject* (%struct.JNINativeInterface_**, %struct._jobject*, %struct._jobject*, %struct._jmethodID*, [1 x i32])*, %struct._jobject* (%struct.JNINativeInterface_**, %struct._jobject*, %struct._jobject*, %struct._jmethodID*, %union.jvalue*)*, i8 (%struct.JNINativeInterface_**, %struct._jobject*, %struct._jobject*, %struct._jmethodID*, ...)*, i8 (%struct.JNINativeInterface_**, %struct._jobject*, %struct._jobject*, %struct._jmethodID*, [1 x i32])*, i8 (%struct.JNINativeInterface_**, %struct._jobject*, %struct._jobject*, %struct._jmethodID*, %union.jvalue*)*, i8 (%struct.JNINativeInterface_**, %struct._jobject*, %struct._jobject*, %struct._jmethodID*, ...)*, i8 (%struct.JNINativeInterface_**, %struct._jobject*, %struct._jobject*, %struct._jmethodID*, [1 x i32])*, i8 (%struct.JNINativeInterface_**, %struct._jobject*, %struct._jobject*, %struct._jmethodID*, %union.jvalue*)*, i16 (%struct.JNINativeInterface_**, %struct._jobject*, %struct._jobject*, %struct._jmethodID*, ...)*, i16 (%struct.JNINativeInterface_**, %struct._jobject*, %struct._jobject*, %struct._jmethodID*, [1 x i32])*, i16 (%struct.JNINativeInterface_**, %struct._jobject*, %struct._jobject*, %struct._jmethodID*, %union.jvalue*)*, i16 (%struct.JNINativeInterface_**, %struct._jobject*, %struct._jobject*, %struct._jmethodID*, ...)*, i16 (%struct.JNINativeInterface_**, %struct._jobject*, %struct._jobject*, %struct._jmethodID*, [1 x i32])*, i16 (%struct.JNINativeInterface_**, %struct._jobject*, %struct._jobject*, %struct._jmethodID*, %union.jvalue*)*, i32 (%struct.JNINativeInterface_**, %struct._jobject*, %struct._jobject*, %struct._jmethodID*, ...)*, i32 (%struct.JNINativeInterface_**, %struct._jobject*, %struct._jobject*, %struct._jmethodID*, [1 x i32])*, i32 (%struct.JNINativeInterface_**, %struct._jobject*, %struct._jobject*, %struct._jmethodID*, %union.jvalue*)*, i64 (%struct.JNINativeInterface_**, %struct._jobject*, %struct._jobject*, %struct._jmethodID*, ...)*, i64 (%struct.JNINativeInterface_**, %struct._jobject*, %struct._jobject*, %struct._jmethodID*, [1 x i32])*, i64 (%struct.JNINativeInterface_**, %struct._jobject*, %struct._jobject*, %struct._jmethodID*, %union.jvalue*)*, float (%struct.JNINativeInterface_**, %struct._jobject*, %struct._jobject*, %struct._jmethodID*, ...)*, float (%struct.JNINativeInterface_**, %struct._jobject*, %struct._jobject*, %struct._jmethodID*, [1 x i32])*, float (%struct.JNINativeInterface_**, %struct._jobject*, %struct._jobject*, %struct._jmethodID*, %union.jvalue*)*, double (%struct.JNINativeInterface_**, %struct._jobject*, %struct._jobject*, %struct._jmethodID*, ...)*, double (%struct.JNINativeInterface_**, %struct._jobject*, %struct._jobject*, %struct._jmethodID*, [1 x i32])*, double (%struct.JNINativeInterface_**, %struct._jobject*, %struct._jobject*, %struct._jmethodID*, %union.jvalue*)*, void (%struct.JNINativeInterface_**, %struct._jobject*, %struct._jobject*, %struct._jmethodID*, ...)*, void (%struct.JNINativeInterface_**, %struct._jobject*, %struct._jobject*, %struct._jmethodID*, [1 x i32])*, void (%struct.JNINativeInterface_**, %struct._jobject*, %struct._jobject*, %struct._jmethodID*, %union.jvalue*)*, %struct._jfieldID* (%struct.JNINativeInterface_**, %struct._jobject*, i8*, i8*)*, %struct._jobject* (%struct.JNINativeInterface_**, %struct._jobject*, %struct._jfieldID*)*, i8 (%struct.JNINativeInterface_**, %struct._jobject*, %struct._jfieldID*)*, i8 (%struct.JNINativeInterface_**, %struct._jobject*, %struct._jfieldID*)*, i16 (%struct.JNINativeInterface_**, %struct._jobject*, %struct._jfieldID*)*, i16 (%struct.JNINativeInterface_**, %struct._jobject*, %
struct._jfieldID*)*, i32 (%struct.JNINativeInterface_**, %struct._jobject*, %struct._jfieldID*)*, i64 (%struct.JNINativeInterface_**, %struct._jobject*, %struct._jfieldID*)*, float (%struct.JNINativeInterface_**, %struct._jobject*, %struct._jfieldID*)*, double (%struct.JNINativeInterface_**, %struct._jobject*, %struct._jfieldID*)*, void (%struct.JNINativeInterface_**, %struct._jobject*, %struct._jfieldID*, %struct._jobject*)*, void (%struct.JNINativeInterface_**, %struct._jobject*, %struct._jfieldID*, i8)*, void (%struct.JNINativeInterface_**, %struct._jobject*, %struct._jfieldID*, i8)*, void (%struct.JNINativeInterface_**, %struct._jobject*, %struct._jfieldID*, i16)*, void (%struct.JNINativeInterface_**, %struct._jobject*, %struct._jfieldID*, i16)*, void (%struct.JNINativeInterface_**, %struct._jobject*, %struct._jfieldID*, i32)*, void (%struct.JNINativeInterface_**, %struct._jobject*, %struct._jfieldID*, i64)*, void (%struct.JNINativeInterface_**, %struct._jobject*, %struct._jfieldID*, float)*, void (%struct.JNINativeInterface_**, %struct._jobject*, %struct._jfieldID*, double)*, %struct._jmethodID* (%struct.JNINativeInterface_**, %struct._jobject*, i8*, i8*)*, %struct._jobject* (%struct.JNINativeInterface_**, %struct._jobject*, %struct._jmethodID*, ...)*, %struct._jobject* (%struct.JNINativeInterface_**, %struct._jobject*, %struct._jmethodID*, [1 x i32])*, %struct._jobject* (%struct.JNINativeInterface_**, %struct._jobject*, %struct._jmethodID*, %union.jvalue*)*, i8 (%struct.JNINativeInterface_**, %struct._jobject*, %struct._jmethodID*, ...)*, i8 (%struct.JNINativeInterface_**, %struct._jobject*, %struct._jmethodID*, [1 x i32])*, i8 (%struct.JNINativeInterface_**, %struct._jobject*, %struct._jmethodID*, %union.jvalue*)*, i8 (%struct.JNINativeInterface_**, %struct._jobject*, %struct._jmethodID*, ...)*, i8 (%struct.JNINativeInterface_**, %struct._jobject*, %struct._jmethodID*, [1 x i32])*, i8 (%struct.JNINativeInterface_**, %struct._jobject*, %struct._jmethodID*, %union.jvalue*)*, i16 (%struct.JNINativeInterface_**, %struct._jobject*, %struct._jmethodID*, ...)*, i16 (%struct.JNINativeInterface_**, %struct._jobject*, %struct._jmethodID*, [1 x i32])*, i16 (%struct.JNINativeInterface_**, %struct._jobject*, %struct._jmethodID*, %union.jvalue*)*, i16 (%struct.JNINativeInterface_**, %struct._jobject*, %struct._jmethodID*, ...)*, i16 (%struct.JNINativeInterface_**, %struct._jobject*, %struct._jmethodID*, [1 x i32])*, i16 (%struct.JNINativeInterface_**, %struct._jobject*, %struct._jmethodID*, %union.jvalue*)*, i32 (%struct.JNINativeInterface_**, %struct._jobject*, %struct._jmethodID*, ...)*, i32 (%struct.JNINativeInterface_**, %struct._jobject*, %struct._jmethodID*, [1 x i32])*, i32 (%struct.JNINativeInterface_**, %struct._jobject*, %struct._jmethodID*, %union.jvalue*)*, i64 (%struct.JNINativeInterface_**, %struct._jobject*, %struct._jmethodID*, ...)*, i64 (%struct.JNINativeInterface_**, %struct._jobject*, %struct._jmethodID*, [1 x i32])*, i64 (%struct.JNINativeInterface_**, %struct._jobject*, %struct._jmethodID*, %union.jvalue*)*, float (%struct.JNINativeInterface_**, %struct._jobject*, %struct._jmethodID*, ...)*, float (%struct.JNINativeInterface_**, %struct._jobject*, %struct._jmethodID*, [1 x i32])*, float (%struct.JNINativeInterface_**, %struct._jobject*, %struct._jmethodID*, %union.jvalue*)*, double (%struct.JNINativeInterface_**, %struct._jobject*, %struct._jmethodID*, ...)*, double (%struct.JNINativeInterface_**, %struct._jobject*, %struct._jmethodID*, [1 x i32])*, double (%struct.JNINativeInterface_**, %struct._jobject*, %struct._jmethodID*, %union.jvalue*)*, void (%struct.JNINativeInterface_**, %struct._jobject*, %struct._jmethodID*, ...)*, void (%struct.JNINativeInterface_**, %struct._jobject*, %struct._jmethodID*, [1 x i32])*, void (%struct.JNINativeInterface_**, %struct._jobject*, %struct._jmethodID*, %union.jvalue*)*, %struct._jfieldID* (%struct.JNINativeInterface_**, %struct._jobject*, i8*, i8*)*, %struct._jobject* (%struct.JNINativeInterface_**, %struct._jobject*, %struct._jfieldID*)*, i8 (%struct.
JNINativeInterface_**, %struct._jobject*, %struct._jfieldID*)*, i8 (%struct.JNINativeInterface_**, %struct._jobject*, %struct._jfieldID*)*, i16 (%struct.JNINativeInterface_**, %struct._jobject*, %struct._jfieldID*)*, i16 (%struct.JNINativeInterface_**, %struct._jobject*, %struct._jfieldID*)*, i32 (%struct.JNINativeInterface_**, %struct._jobject*, %struct._jfieldID*)*, i64 (%struct.JNINativeInterface_**, %struct._jobject*, %struct._jfieldID*)*, float (%struct.JNINativeInterface_**, %struct._jobject*, %struct._jfieldID*)*, double (%struct.JNINativeInterface_**, %struct._jobject*, %struct._jfieldID*)*, void (%struct.JNINativeInterface_**, %struct._jobject*, %struct._jfieldID*, %struct._jobject*)*, void (%struct.JNINativeInterface_**, %struct._jobject*, %struct._jfieldID*, i8)*, void (%struct.JNINativeInterface_**, %struct._jobject*, %struct._jfieldID*, i8)*, void (%struct.JNINativeInterface_**, %struct._jobject*, %struct._jfieldID*, i16)*, void (%struct.JNINativeInterface_**, %struct._jobject*, %struct._jfieldID*, i16)*, void (%struct.JNINativeInterface_**, %struct._jobject*, %struct._jfieldID*, i32)*, void (%struct.JNINativeInterface_**, %struct._jobject*, %struct._jfieldID*, i64)*, void (%struct.JNINativeInterface_**, %struct._jobject*, %struct._jfieldID*, float)*, void (%struct.JNINativeInterface_**, %struct._jobject*, %struct._jfieldID*, double)*, %struct._jobject* (%struct.JNINativeInterface_**, i16*, i32)*, i32 (%struct.JNINativeInterface_**, %struct._jobject*)*, i16* (%struct.JNINativeInterface_**, %struct._jobject*, i8*)*, void (%struct.JNINativeInterface_**, %struct._jobject*, i16*)*, %struct._jobject* (%struct.JNINativeInterface_**, i8*)*, i32 (%struct.JNINativeInterface_**, %struct._jobject*)*, i8* (%struct.JNINativeInterface_**, %struct._jobject*, i8*)*, void (%struct.JNINativeInterface_**, %struct._jobject*, i8*)*, i32 (%struct.JNINativeInterface_**, %struct._jobject*)*, %struct._jobject* (%struct.JNINativeInterface_**, i32, %struct._jobject*, %struct._jobject*)*, %struct._jobject* (%struct.JNINativeInterface_**, %struct._jobject*, i32)*, void (%struct.JNINativeInterface_**, %struct._jobject*, i32, %struct._jobject*)*, %struct._jobject* (%struct.JNINativeInterface_**, i32)*, %struct._jobject* (%struct.JNINativeInterface_**, i32)*, %struct._jobject* (%struct.JNINativeInterface_**, i32)*, %struct._jobject* (%struct.JNINativeInterface_**, i32)*, %struct._jobject* (%struct.JNINativeInterface_**, i32)*, %struct._jobject* (%struct.JNINativeInterface_**, i32)*, %struct._jobject* (%struct.JNINativeInterface_**, i32)*, %struct._jobject* (%struct.JNINativeInterface_**, i32)*, i8* (%struct.JNINativeInterface_**, %struct._jobject*, i8*)*, i8* (%struct.JNINativeInterface_**, %struct._jobject*, i8*)*, i16* (%struct.JNINativeInterface_**, %struct._jobject*, i8*)*, i16* (%struct.JNINativeInterface_**, %struct._jobject*, i8*)*, i32* (%struct.JNINativeInterface_**, %struct._jobject*, i8*)*, i64* (%struct.JNINativeInterface_**, %struct._jobject*, i8*)*, float* (%struct.JNINativeInterface_**, %struct._jobject*, i8*)*, double* (%struct.JNINativeInterface_**, %struct._jobject*, i8*)*, void (%struct.JNINativeInterface_**, %struct._jobject*, i8*, i32)*, void (%struct.JNINativeInterface_**, %struct._jobject*, i8*, i32)*, void (%struct.JNINativeInterface_**, %struct._jobject*, i16*, i32)*, void (%struct.JNINativeInterface_**, %struct._jobject*, i16*, i32)*, void (%struct.JNINativeInterface_**, %struct._jobject*, i32*, i32)*, void (%struct.JNINativeInterface_**, %struct._jobject*, i64*, i32)*, void (%struct.JNINativeInterface_**, %struct._jobject*, float*, i32)*, void (%struct.JNINativeInterface_**, %struct._jobject*, double*, i32)*, void (%struct.JNINativeInterface_**, %struct._jobject*, i32, i32, i8*)*, void (%struct.JNINativeInterface_**, %struct._jobject*, i32, i32, i8*)*, void (%struct.JNINativeInterface_**, %struct._jobject*, i32, i32, i16*)*, void (%struct.JNINativeInterface_**, %struct._jobject*, i32, i32, i16*)*, void (%struct.JNINativeInterface_**, %struct._jobject*, i32, i32, i32*)*, void (%struct.JNINativeInterface_**, %
struct._jobject*, i32, i32, i64*)*, void (%struct.JNINativeInterface_**, %struct._jobject*, i32, i32, float*)*, void (%struct.JNINativeInterface_**, %struct._jobject*, i32, i32, double*)*, void (%struct.JNINativeInterface_**, %struct._jobject*, i32, i32, i8*)*, void (%struct.JNINativeInterface_**, %struct._jobject*, i32, i32, i8*)*, void (%struct.JNINativeInterface_**, %struct._jobject*, i32, i32, i16*)*, void (%struct.JNINativeInterface_**, %struct._jobject*, i32, i32, i16*)*, void (%struct.JNINativeInterface_**, %struct._jobject*, i32, i32, i32*)*, void (%struct.JNINativeInterface_**, %struct._jobject*, i32, i32, i64*)*, void (%struct.JNINativeInterface_**, %struct._jobject*, i32, i32, float*)*, void (%struct.JNINativeInterface_**, %struct._jobject*, i32, i32, double*)*, i32 (%struct.JNINativeInterface_**, %struct._jobject*, %struct.JNINativeMethod*, i32)*, i32 (%struct.JNINativeInterface_**, %struct._jobject*)*, i32 (%struct.JNINativeInterface_**, %struct._jobject*)*, i32 (%struct.JNINativeInterface_**, %struct._jobject*)*, i32 (%struct.JNINativeInterface_**, %struct.JNIInvokeInterface_***)*, void (%struct.JNINativeInterface_**, %struct._jobject*, i32, i32, i16*)*, void (%struct.JNINativeInterface_**, %struct._jobject*, i32, i32, i8*)*, i8* (%struct.JNINativeInterface_**, %struct._jobject*, i8*)*, void (%struct.JNINativeInterface_**, %struct._jobject*, i8*, i32)*, i16* (%struct.JNINativeInterface_**, %struct._jobject*, i8*)*, void (%struct.JNINativeInterface_**, %struct._jobject*, i16*)*, {}*, void (%struct.JNINativeInterface_**, %struct._jobject*)*, i8 (%struct.JNINativeInterface_**)*, %struct._jobject* (%struct.JNINativeInterface_**, i8*, i64)*, i8* (%struct.JNINativeInterface_**, %struct._jobject*)*, i64 (%struct.JNINativeInterface_**, %struct._jobject*)*, i32 (%struct.JNINativeInterface_**, %struct._jobject*)* }
%struct._jmethodID = type opaque
%struct._jfieldID = type opaque
%union.jvalue = type { i64 }
%struct.JNINativeMethod = type { i8*, i8*, i8* }
%struct.JNIInvokeInterface_ = type { i8*, i8*, i8*, i32 (%struct.JNIInvokeInterface_**)*, i32 (%struct.JNIInvokeInterface_**, i8**, i8*)*, i32 (%struct.JNIInvokeInterface_**)*, i32 (%struct.JNIInvokeInterface_**, i8**, i32)*, i32 (%struct.JNIInvokeInterface_**, i8**, i8*)* }
%struct._jobject = type opaque

@.str = private unnamed_addr constant [20 x i8] c"libwechatnetwork.so\00", align 1
@.str.1 = private unnamed_addr constant [54 x i8] c"Java_com_tencent_mm_network_Java2C_getNetworkServerIp\00", align 1
@Java_com_tencent_mm_network_Java2C_getNetworkServerIp = common global %struct._jobject* (%struct.JNINativeInterface_**, %struct._jobject*)* null, align 4

; Function Attrs: noinline nounwind
define i32 @main(i32, i8**) #0 {
  %3 = alloca i32, align 4
  %4 = alloca i32, align 4
  %5 = alloca i8**, align 4
  %6 = alloca i8*, align 4
  %7 = alloca i8*, align 4
  %8 = alloca %struct._jobject*, align 4
  store i32 0, i32* %3, align 4
  store i32 %0, i32* %4, align 4
  store i8** %1, i8*** %5, align 4
  %9 = call i8* @dlopen(i8* getelementptr inbounds ([20 x i8], [20 x i8]* @.str, i32 0, i32 0), i32 1) #2
  store i8* %9, i8** %6, align 4
  store i8* null, i8** %7, align 4
  %10 = load i8*, i8** %6, align 4
  %11 = icmp ne i8* %10, null
  br i1 %11, label %12, label %26

; <label>:12:                                     ; preds = %2
  %13 = call i8* @dlerror() #2
  store i8* %13, i8** %7, align 4
  %14 = load i8*, i8** %6, align 4
  %15 = call i8* @dlsym(i8* %14, i8* getelementptr inbounds ([54 x i8], [54 x i8]* @.str.1, i32 0, i32 0)) #2
  %16 = bitcast i8* %15 to %struct._jobject* (%struct.JNINativeInterface_**, %struct._jobject*)*
  store %struct._jobject* (%struct.JNINativeInterface_**, %struct._jobject*)* %16, %struct._jobject* (%struct.JNINativeInterface_**, %struct._jobject*)** @Java_com_tencent_mm_network_Java2C_getNetworkServerIp, align 4
  %17 = call i8* @dlerror() #2
  store i8* %17, i8** %7, align 4
  %18 = load i8*, i8** %7, align 4
  %19 = icmp ne i8* %18, null
  br i1 %19, label %23, label %20

; <label>:20:                                     ; preds = %12
  %21 = load %struct._jobject* (%struct.JNINativeInterface_**, %struct._jobject*)*, %struct._jobject* (%struct.JNINativeInterface_**, %struct._jobject*)** @Java_com_tencent_mm_network_Java2C_getNetworkServerIp, align 4
  %22 = call %struct._jobject* %21(%struct.JNINativeInterface_** null, %struct._jobject* null)
  store %struct._jobject* %22, %struct._jobject** %8, align 4
  br label %23

; <label>:23:                                     ; preds = %20, %12
  %24 = load i8*, i8** %6, align 4
  %25 = call i32 @dlclose(i8* %24) #2
  store i8* null, i8** %6, align 4
  br label %26

; <label>:26:                                     ; preds = %23, %2
  ret i32 0
}

; Function Attrs: nounwind
declare i8* @dlopen(i8*, i32) #1

; Function Attrs: nounwind
declare i8* @dlerror() #1

; Function Attrs: nounwind
declare i8* @dlsym(i8*, i8*) #1

; Function Attrs: nounwind
declare i32 @dlclose(i8*) #1

attributes #0 = { noinline nounwind "correctly-rounded-divide-sqrt-fp-math"="false" "disable-tail-calls"="false" "less-precise-fpmad"="false" "no-frame-pointer-elim"="true" "no-frame-pointer-elim-non-leaf" "no-infs-fp-math"="false" "no-jump-tables"="false" "no-nans-fp-math"="false" "no-signed-zeros-fp-math"="false" "no-trapping-math"="false" "stack-protector-buffer-size"="8" "target-cpu"="arm1176jzf-s" "target-features"="+dsp,+strict-align,+vfp2,-thumb-mode" "unsafe-fp-math"="false" "use-soft-float"="false" }
attributes #1 = { nounwind "correctly-rounded-divide-sqrt-fp-math"="false" "disable-tail-calls"="false" "less-precise-fpmad"="false" "no-frame-pointer-elim"="true" "no-frame-pointer-elim-non-leaf" "no-infs-fp-math"="false" "no-nans-fp-math"="false" "no-signed-zeros-fp-math"="false" "no-trapping-math"="false" "stack-protector-buffer-size"="8" "target-cpu"="arm1176jzf-s" "target-features"="+dsp,+strict-align,+vfp2,-thumb-mode" "unsafe-fp-math"="false" "use-soft-float"="false" }
attributes #2 = { nounwind }

!llvm.module.flags = !{!0, !1}
!llvm.ident = !{!2}

!0 = !{i32 1, !"wchar_size", i32 4}
!1 = !{i32 1, !"min_enum_size", i32 4}
!2 = !{!"LLVM China clang version 7.0.0 ([email protected]:llvm-mirror/clang.git 87bcdaa7f2311f57c35c18efc6cbf5a973a67de7) ([email protected]:llvm-mirror/llvm.git 4eeea16aaacd6134fd411abcdbab15b630f3302b) (based on LLVM 7.0.0svn)"}

Regards,
Leslie Zhai

StringEncryption renders executable useless

https://github.com/Naville/WallpaperKit
Compiles the core framework's WKiTunesLyrics.m WKiTunesLyrics convertArgument:Operation: with string encryption will crash the main app.
Need investigation

Copy attributes over from original GV

GlobalVariables we constructed from scratch are not located in __objc_const sect

Linking errors

[ 91%] Linking CXX executable ../../bin/llvm-dsymutil
../../lib/libLLVMObfuscation.a(AntiDebugging.cpp.o): In function `llvm::AntiDebugging::doInitialization(llvm::Module&)':
/home/yoooo/git/Hikari/lib/Transforms/Obfuscation/AntiDebugging.cpp:70: undefined reference to `llvm::parseIRFile(llvm::StringRef, llvm::SMDiagnostic&, llvm::LLVMContext&, bool)'
/home/yoooo/git/Hikari/lib/Transforms/Obfuscation/AntiDebugging.cpp:72: undefined reference to `llvm::Linker::linkModules(llvm::Module&, std::unique_ptr<llvm::Module, std::default_delete<llvm::Module> >, unsigned int, std::function<void (llvm::Module&, llvm::StringSet<llvm::MallocAllocator> const&)>)'
../../lib/libLLVMObfuscation.a(AntiHooking.cpp.o): In function `llvm::AntiHook::doInitialization(llvm::Module&)':
/home/yoooo/git/Hikari/lib/Transforms/Obfuscation/AntiHooking.cpp:73: undefined reference to `llvm::parseIRFile(llvm::StringRef, llvm::SMDiagnostic&, llvm::LLVMContext&, bool)'
/home/yoooo/git/Hikari/lib/Transforms/Obfuscation/AntiHooking.cpp:74: undefined reference to `llvm::Linker::linkModules(llvm::Module&, std::unique_ptr<llvm::Module, std::default_delete<llvm::Module> >, unsigned int, std::function<void (llvm::Module&, llvm::StringSet<llvm::MallocAllocator> const&)>)'
clang-5.0: error: linker command failed with exit code 1 (use -v to see invocation)

Unresolved LandingPadInst

Opening an issue

Please fill out the following form with as much detail as possible. Failing to do so might get yourself blocked.

iOS arm64 启用控制流平坦化(-enable-cffobf)编译时出现错误：
Block containing LandingPadInst must be jumped to only by the unwind edge of an invoke.
%173 = landingpad { i8*, i32 }
cleanup, !dbg !1371
LLVM ERROR: Broken function found, compilation aborted!

我看了代码里没有处理LandingPadInst，在Verify的时候报错了。提供demo.bc，可以用opt来复现：

demo.bc.zip

Restructure handleMethods for compatibility among modes

For now our handleMethods implementation depends on the class passed in is not NULL.
However while this shouldn't be a trouble for full-wipe mode, it will surely results in a crash for any other mode because in other modes the class struct is not wiped.
From Apple Documentation of objc_allocateClassPair we can see:

The new class, or Nil if the class could not be created (for example, the desired name is already in use).

so the class passed in will be NULL in other modes, results in a crash for following operations.
The correct implementation would be passing classnames instead of class calls, and replace corresponding argument with a call to objc_getClass, since handleClass is called after the class itself has been registered with runtime, this is the safest way to go.

Or shall we change this behavior in callers?

用于unity il2cpp 工程时编译报错

@Naville 您好，我想将Hikari用于unity工程，是否可行？有几个报错不太明白其中的含义，能否指点一二。

环境是 macos 10.13.3, xcode 9.2, unity 2017 ios il2cpp
unity编出的工程要求clang版本>7，是不是Hikari是clang 6？

主要的编译选项是

Enable Bitcode = No
Enable Index-While-Building Functionality = No
Debug 编译，优化 = None
CFLAGS 试过几个基本的不行，现在是没加选项的情况下

编译报错
Apple LLVM 9.0 Error

Loading Symbol Configuration From:/Users/xxx/Hikari/SymbolConfig.json
Failed To Link PreCompiled AntiHooking IR From:/Users/xxx/Hikari/PrecompiledAntiHooking-aarch64-ios.bc
Running AntiHooking On /Users/xxx/Projects/unity_dummy1/out/ios/Classes/Native/Bulk_Generics_1.cpp
Doing Post-Run Cleanup
Hikari Out
fatal error: error in backend: unsupported relocation of variable ''
Command /Users/xxx/Library/Developer/Toolchains/Hikari.xctoolchain/usr/bin/clang failed with exit code 1

万分感谢

编译卡在一个位置没有进展

1.请问下预编译和编译两个步骤是不是都需要？
2.我按照编译的命令执行后，会一直卡在以下位置，后续没有任何进展。感谢作者解答下，谢谢
remote: Counting objects: 57328, done.
remote: Compressing objects: 100% (6/6), done.
remote: Total 57328 (delta 2), reused 0 (delta 0), pack-reused 57322
Receiving objects: 100% (57328/57328), 78.52 MiB | 3.56 MiB/s, done.
Resolving deltas: 100% (10135/10135), done.
Checking out files: 100% (52852/52852), done.
CMake Deprecation Warning at CMakeLists.txt:14 (cmake_policy):
The OLD behavior for policy CMP0051 will be removed from a future version
of CMake.

The cmake-policies(7) manual explains that the OLD behaviors of all
policies are deprecated and that a policy should be set to OLD only under
specific short-term circumstances. Projects should be ported to the NEW
behavior and not rely on setting a policy to OLD.

Do Syscall Lowering In Post-Run

In d04a3f7 the buggy InlineASM ADB was removed. It's not using correct AT&T Syntax (Previously marked as Intel syntax which won't pass ARM assembler) or saving registers properly,which has devastating result since we explicitly inlined them.
Instead of doing more platform specific shit, we leave ADB fully to the user. And implement some kind of "Syscall Lowering" mechanism at post-run, for example a syscall() CallInstruction should be lowered into a bunch of SVC based InlineASM at this stage

Get rid of ConstantExpression Lowering

Currently we use a hacked-up solution to lower CEs into Instructions before doing analysis and transform, however this introduces too much trouble than what its trying to resolve:

PhINodes needs to be inserted at BB start, so those CEs must have their Instruction inserted at parent BB.
Certain instructions like Landing/Catching/GEPs only takes constants so lowering those CE is simply not possible.
All those makes the obfuscated IR hard to read so debugging and fixing other issues becomes a huge pain-in-ass.

However other obfuscation passes currently assumes that all CEs are cleaned up by the lowering process so we need to rewrite those logics prior to getting rid of lower CE. Which is really time consuming

clang-7: error: unable to execute command: Segmentation fault: 11

二进制文件
GallaryController.zip
LLVM的完整日志
fullLog.txt
使用的Pass
-mllvm -enable-bcfobf -mllvm -enable-cffobf -mllvm -enable-splitobf -mllvm -enable-subobf -mllvm -enable-acdobf -mllvm -enable-indibran -mllvm -enable-funcwra
目标平台的细节
操作系统:10.13.4 (17E199)，处理器:1.8 GHz Intel Core i5

Feature request : Code flow integrity protection

Hello,

I wonder is it possible to add code flow integrity protection against patching?

User can add some markers or pragma-s into his code and OLLVM can calculate checksum of code between the markers and add a checksum check function in place of another marker to check integrity, it would crash or call a function in case of inconsistent integrity which means the code has been patched.

Is it something hard to realize?

Regards.

静态库依赖第三方pod，clang error: cannot specify -o when generating multiple output files

之前在xcode9下混淆，混淆核心代码成功上架；
这次核心代码通过cocoapods集成，引用到第三方pod，当toolchains切换到hikari，编译出现clang 6.0错误；
在下实在小白，恳请地请张总大神指点迷津~~
(瑟瑟发抖)

目标平台
xcode 10，
cocoa touch framework工程，通过pod集成依赖其他第三方
toolchains：Hikari
pass
暂未开启任何pass
错误截图

hikariobfuscator / hikari Goto Github PK

hikari's Introduction

Deprecated

Hikari

License

Building

Security

Demo

hikari's People

Contributors

Stargazers

Watchers

Forkers

hikari's Issues

Opening an issue

创建一个Issue

Possible Implementaion

Opening an issue

创建一个Issue

Opening an issue

clang-7: error: unable to execute command: Segmentation fault: 11

Recommend Projects

Recommend Topics

Recommend Org