Skip to content

enferex/GOAT-Plugs

BranchesTags

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

48 Commits

hatch

hatch

 
 

jpanic

jpanic

 
 

munger

munger

 
 

nopper

nopper

 
 

slimer

slimer

 
 

README

README

 
 

gdbinit

gdbinit

 
 

make.inc

make.inc

 
 

Repository files navigation

GOAT-Plugs: GCC Obfuscation Augmentation Tools
A set of GCC plugins to aid in obfuscating binaries.

== About ==
GOAT-Plugs provides a series of GCC plugins that aid in obfuscating binaries.
The respective directory READMEs provide a better description of what the
various plugins can do.

One goal of GOAT-Plugs is to introduce those interested in computer security
what they can do with GCC plugins.  The focus here is primarily obfuscating
data in binaries, which helps to avoid malware detection.

hatch -- Example plugin that inserts a function, which further calls "system" on
the executing machine.  The system call spawns a netcat socket listening on port
666 and upon connection spawns an xterm session.  Also, at runtime, the compiler
also executes this code.  This is an illusory example to show some potential
dangers of plugins.  Never run this plugin in an unsafe environment.  Make sure
you know what you are doing, or just modify the system call command to do
something less security violating :-)

jpanic -- Inserts junk instructions (no-ops) and functions throughout a program.

munger -- Encodes readonly strings at compile time, rendering encoded data, and
not the original text, if one were to do a hexdump of the binary.  The data is
decoded at runtime.

nopper -- Example plugin which is well commented and inserts no-ops throughout
the program.

slimer -- Inserts junk functions and calls them non-deterministically at
runtime.

gdbinit -- This file is to be renamed to '.gdbinit' and placed into the
directory where gdb is being executed from.  This is merely to ease debugging.

== Install ==
There is no install.  So I was doing the autotools deal, but figured that was
really just overkill.  If you are using these plugins, chances are you know to
use gcc, and chances are you have gcc.  Just make sure you have a plugin enabled
gcc build: `gcc -v | grep "--enable-plugin"`

To build things, simply run `make` from the directory of the plugin you want to
build.  The resulting '.so' file is the plugin, enjoy its deliciousness.

== Contact ==
Matt Davis (enferex)
mattdavis9@gmail.com

About

GCC Obfuscation Augmentation Tools

Resources

Readme
Activity

Stars

75 stars

Watchers

7 watching

Forks

9 forks
Report repository

Releases

1 tags

Packages

No packages published

Languages