MOVfuscator - C compiler only for MOV

Started by bitcoin, April 01, 2019, 09:11:05 PM

Previous topic - Next topic
Print
Go Down Pages1
User actions

bitcoin

April 01, 2019, 09:11:05 PM
Hello
i find interesting thing:
QuoteThe M/o/Vfuscator (short 'o', sounds like "mobfuscator") compiles programs into "mov" instructions, and only "mov" instructions. Arithmetic, comparisons, jumps, function calls, and everything else a program needs are all performed through mov operations; there is no self-modifying code, no transport-triggered calculation, and no other form of non-mov cheating.

The basic effects of the process can be seen in overview, which illustates compiling a simple prime number function with gcc and the M/o/Vfuscator.

https://github.com/xoreaxeaxeax/movfuscator/

jj2007

#1
April 02, 2019, 02:22:53 AM
No HelloWorld.exe on that site, though - strange 8)

bitcoin

#2
April 02, 2019, 12:49:44 PM
This code is only for linux.. ( I tried to build it in Ubuntu (in Windows 10 ), but it fails.

But this idea is interesting, I think. How to write such code in Windows? It is possible?

jj2007

#3
April 04, 2019, 04:08:25 PM
Unless somebody posts an executable that I can test, I declare it bogus. CPUs have a precisely defined set of instructions, and with mov whatever you cannot jump anywhere, you have no conditional branches, you cannot add or subtract, ... the list of things you cannot do is pretty long.

Bitbeisser

#4
April 09, 2019, 09:29:31 AM
Quote from: jj2007 on April 04, 2019, 04:08:25 PM
Unless somebody posts an executable that I can test, I declare it bogus. CPUs have a precisely defined set of instructions, and with mov whatever you cannot jump anywhere, you have no conditional branches, you cannot add or subtract, ... the list of things you cannot do is pretty long.
I think you are working too much with assembley code, missing the very obvious "high level" stuff...  :P
Ralf 8)

bitcoin

#5
June 11, 2021, 05:40:31 PM
The author wrote a new version. Has anyone tried it? I don't understand how it works and if it works at all.

Only C89 and LCC.

https://github.com/Battelle/movfuscator

John Z

#6
June 13, 2021, 02:20:40 PM
I believe it is possible. 
Quote from: jj2007 on April 04, 2019, 04:08:25 PMbogus. CPUs have a precisely defined set of instructions, and with mov whatever you cannot jump anywhere, you have no conditional branches, you cannot add or subtract, ... the list of things you cannot do is pretty long.
Yes they do have a set of defined instructions.  But it is how these instructions are actually executed that comes into play.  From a simplified example let's look at jmp.  a location is stored somewhere and an op code for jmp is placed in an execution register which causes the jmp to run.  so instead of using the op code for jmp directly I place the address to move to into the destination register with mov, the I place the actual binary, hex,or whatever for the op code 'jmp' directly into the execution register and the result is a jmp xxxx.

Take add 1,2  mov 1 into the first add_register, mov 2 into the second add_register then mov the op code for 'add' into the execution register.  Every op code resolves into a bit pattern that configures what the cpu will do.  If you know the bit pattern(s) and where to place it/them you can use mov. You would also need to know if two or more actual instructions are sequentially needed in the execution register for the task to be done.

Yes I think possible.....

John Z
Print
Go Up Pages1
User actions