Xvmp: an LLVM-based Code Virtualization Obfuscator

Xuangan Xiao,Yizhuo Wang,Yikun Hu,Dawu Gu
DOI: https://doi.org/10.1109/saner56733.2023.00082
2023-01-01
Abstract:Obfuscation techniques are widely used to protect the digital copyright and intellectual property rights of software. Among them, code virtualization is one of the most powerful obfuscation techniques, which hides both the control flow and the data flow of the code, thereby preventing code from being decompiled. However, existing code virtualization solutions are not well-resistant to de-obfuscation techniques (e.g., symbolic execution and frequency analysis), and only target limited program languages and architectures, which are challenging to integrate into the process of software development and maintenance.In this paper, We propose an LLVM-based code virtualization tool, namely xVMP to fulfill a scalable and virtualized instruction-hardened obfuscation. To mask the effects of multiple program languages and architectures, xVMP incorporates the obfuscation process of code virtualization into the compilation, and generates virtualized code based on LLVM intermediate representation (IR). After virtualization, it embeds the interpreter of virtualized code into the IR and compiles to an executable. To enhance the security, xVMP encrypts virtualized instructions in each basic block and decrypts them at runtime to enhance the security of obfuscation. In addition, it supports specified function obfuscation. xVMP identifies the function annotations marked by the developer in the source code to locate the function to protect. We implement the prototype of xVMP, and evaluate it with a microbenchmark and three real-world programs. The experimental results show that xVMP can be more difficult to crack than the state-of-the-art obfuscators, and it can support more source code types and architectures, and can be applied to real-world software. Source Code: https://github.com/GANGE666/xVMP.
What problem does this paper attempt to address?