Integrated obfuscation for Rust?


#1

I’d like to have some way to obfuscate binary code that Rust compiler generates. Ideally I’d like to be able to write compiler plugin that inject itself into compiler’s pipeline after macro expansion, gets abstract syntax tree, modifies it in terms of obfuscation and passes the AST back to the pipeline. Is it possible to do now? All the compiler plugin examples for Rust I’ve seen are only about adding some smartass macro to the language.

Alternatively I can think of doing a custom preprocessor tool that reads Rust code, parses it into AST, modifies it and spits out modified Rust code back to the compiler (by redirecting stdin for example). Can I reuse Rust’s lexer and parser to achive that? Are these APIs stable for now?


#2

Compiler plugins are not stable, nor is librustc and its sub-crates.


#3

why don’t you write the obfuscator for llvm?
I would think that is the correct location to shuffle around binary operations.


#4

Obfuscator-LLVM exists and implements interesting techniques such as control flow flattening.


#5

LLVM is too low level representation of code, it is much easier to work with AST when implementing constant data encryption for example.


#6

That’s not actually true, AST is pretty brittle for anything serious.
The main problem with LLVM for this usecase is manipulation from Rust code.

If you want to work on Rust code at the semantic level (including types and evaluable constants), you’ll need the MIR (mid-level IR) that will likely be in rustc at some point.

That’s where I would attempt to implement generators, for example, as transforming a function’s CFG into a state machine.