Setting up Obfuscator-LLVM about nimcrypt2 HOT 9 CLOSED

Hi! I will give you my answer here.
I use ubuntu20.04 with the initial environment:

sudo apt-get install cmake gcc g++ -y
gcc 9.3.0 
g++ 9.3.0 
cmake 3.16.3

step by step

1. download the branch.

git clone -b llvm-4.0 --depth=1 https://github.com/obfuscator-llvm/obfuscator.git 

2. switch gcc and g++ version.(should run on version 8)

sudo apt-get install gcc-8 g++-8 -y
sudo update-alternatives --install /usr/bin/gcc gcc /usr/bin/gcc-8 8
sudo update-alternatives --install /usr/bin/g++ g++ /usr/bin/g++-8 8
sudo update-alternatives --install /usr/bin/gcc gcc /usr/bin/gcc-9 9
sudo update-alternatives --install /usr/bin/g++ g++ /usr/bin/g++-9 9
sudo update-alternatives --config gcc     # choose version 8
sudo update-alternatives --config g++   # choose version 8
gcc --version
g++ --version

3. modify the source code.

vim path_to_ollvm/include/llvm/ExecutionEngine/Orc/OrcRemoteTargetClient.h

Line number 690. Change <char>> to <uint_8>>. Or it will be wrong when u compile the project.

4. build ollvm

mkdir build
cd build
cmake -DCMAKE_BUILD_TYPE=Release -DLLVM_INCLUDE_TESTS=OFF ../obfuscator/
make -j7

after one or two hour. You will see Linking CXX shared library ../../../../lib/libclang.so. Ending with make error 2.
But don't worry. Files you need are ready to be used.

Enjoy!
Although it took me half day to figure it out (

Reference link:
obfuscator-llvm/obfuscator#151
https://www.jianshu.com/p/9136f7257e46
https://linuxconfig.org/how-to-switch-between-multiple-gcc-and-g-compiler-versions-on-ubuntu-20-04-lts-focal-fossa

from nimcrypt2.

Thank you

Did you move the folders /lib and /include to the below location?

/usr/lib/clang/version_number

@icyguider any ideas what is causing the below errors?

si@kali:~/Tools/Nimcrypt2$ ./nimcrypt -f apollo.bin -t raw -g -l ___ .-' '.
/
| ;
| | .--,
.. |0) ~ (0) | .---'__.-( (_. __.--'.. '..\ '--. _.-' ,.--' "" ( ,.--' ',_ /./; ;, '..' __ _) ) .---..' / | |\ _..--"" ""'--.,
---' .'.''-._.-'./ /\ '. \ .-~~~````~~~-.-.__.' | | .' _.-' | | \ \ '. ~---`
\ / .' \ \ '. '-.)
/ / \ \ `=.__`-. Nimcrypt v2
jgs / /\ `) ) / / `"".`
, _.-'.'\ \ / / ( ( / / 3-in-1 C#, PE, & Raw Shellcode Loader
`--` ) ) .-'.' '.'. | (
(/` ( (` ) ) '-;
` '-; (-'

[+] Using explorer.exe for shellcode injection
[+] GetSyscallStub enabled
[+] String encryption disabled
[+] Sandbox checks enabled
[+] Unhooking ntdll.dll disabled
[+] Verbose messages disabled
[+] Syscall name randomization enabled
[+] Using Obfuscator-LLVM to compile
Hint: used config file '/home/si/.choosenim/toolchains/nim-1.6.4/config/nim.cfg' [Conf]
Hint: used config file '/home/si/.choosenim/toolchains/nim-1.6.4/config/config.nims' [Conf]
....................................................................................................................................................................................
/home/si/Tools/Nimcrypt2/GetSyscallStub.nim(6, 8) Hint: duplicate import of 'winim'; previous import here: /home/si/Tools/Nimcrypt2/stub.nim(5, 8) [DuplicateModuleImport]
/home/si/Tools/Nimcrypt2/GetSyscallStub.nim(7, 8) Hint: duplicate import of 'strutils'; previous import here: /home/si/Tools/Nimcrypt2/stub.nim(9, 8) [DuplicateModuleImport]
/home/si/Tools/Nimcrypt2/GetSyscallStub.nim(8, 8) Hint: duplicate import of 'ptr_math'; previous import here: /home/si/Tools/Nimcrypt2/stub.nim(10, 8) [DuplicateModuleImport]
/home/si/Tools/Nimcrypt2/GetSyscallStub.nim(73, 9) Hint: 'oldProtection' is declared but not used [XDeclaredButNotUsed]
/home/si/Tools/Nimcrypt2/GetSyscallStub.nim(74, 9) Hint: 'low2' is declared but not used [XDeclaredButNotUsed]
/home/si/Tools/Nimcrypt2/stub.nim(60, 5) Hint: 'JkMGUQgesFovfWdECwlHpaSC' is declared but not used [XDeclaredButNotUsed]
/home/si/Tools/Nimcrypt2/stub.nim(80, 5) Hint: 'xMOWrqOUUtmbqlMssMrHdroB' is declared but not used [XDeclaredButNotUsed]
CC: stdlib_digitsutils.nim
CC: stdlib_assertions.nim
CC: stdlib_dollars.nim
CC: stdlib_widestrs.nim
CC: stdlib_io.nim
CC: stdlib_system.nim
CC: ../../.nimble/pkgs/winim-3.8.0/winim/inc/winbase.nim
CC: ../../.nimble/pkgs/winim-3.8.0/winim/inc/tlhelp32.nim
In file included from /home/si/.cache/nim/stub_r/stdlib_system.nim.c:8:
In file included from /usr/x86_64-w64-mingw32/include/windows.h:69:
In file included from /usr/x86_64-w64-mingw32/include/windef.h:9:
In file included from /usr/x86_64-w64-mingw32/include/minwindef.h:163:
In file included from /usr/x86_64-w64-mingw32/include/winnt.h:1555:
In file included from /usr/bin/../include/clang/13.0.1/include/x86intrin.h:15:
In file included from /usr/bin/../include/clang/13.0.1/include/immintrin.h:488:
/usr/bin/../include/clang/13.0.1/include/amxintrin.h:238:10: error: returning 'int' from a function with incompatible result type '_tile1024i' (vector of 256 'int' values)
return __builtin_ia32_tileloadd64_internal(m, n, base,
^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
/usr/bin/../include/clang/13.0.1/include/amxintrin.h:246:10: error: returning 'int' from a function with incompatible result type '_tile1024i' (vector of 256 'int' values)
return __builtin_ia32_tileloaddt164_internal(m, n, base,
^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
/usr/bin/../include/clang/13.0.1/include/amxintrin.h:254:10: error: returning 'int' from a function with incompatible result type '_tile1024i' (vector of 256 'int' values)
return __builtin_ia32_tdpbssd_internal(m, n, k, dst, src1, src2);
^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
fatal error: too many errors emitted, stopping now [-ferror-limit=]
CC: ../../.nimble/pkgs/winim-3.8.0/winim/utils.nim
CC: stdlib_parseutils.nim
4 errors generated.
Error: execution of an external compiler program 'x86_64-w64-mingw32-clang -c -w -ferror-limit=3 -DWIN32_LEAN_AND_MEAN -mllvm -bcf -mllvm -sub -mllvm -fla -mllvm -split -aesSeed=GEOU236HCU8FJNUBZ19H4Z8VS74Z6UBP -Os -I/home/si/.choosenim/toolchains/nim-1.6.4/lib -I/home/si/Tools/Nimcrypt2 -o /home/si/.cache/nim/stub_r/stdlib_system.nim.c.o /home/si/.cache/nim/stub_r/stdlib_system.nim.c' failed with exit code: 1

[!] Stub compilation failed! Check stub for errors.
`

from nimcrypt2.

please make sure you are using the right clang from ollvm. try:

which clang
ls -la `which clang`

make sure you have build ollvm the right way. And do all the stuff in readme.

from nimcrypt2.

I built Obfuscator-LLVM and replaced the clang in /usr/bin with the newly built clang.

To build I used:

mkdir build
cd build
cmake -G "Unix Makefiles" -DCMAKE_BUILD_TYPE=Release -DLLVM_INCLUDE_TESTS=OFF ../obfuscator/
make -j7

If I run: x86_64-w64-mingw32-clang -v it shows "Obfuscator-LLVM" in the output.

Did you move the folders /lib and /include to /usr/lib/clang/clang_version

I'm unsure about what to do in this below step:

Backup existing clang library files, copy new newly built Obfuscator-LLVM library includes to /usr/lib/clang/OLD_VERSION/

I am trying now with the version of Ubuntu you are using Fankaren. I have followed your instructions and ollvm is currently building.

from nimcrypt2.

@Simon-Davies

Essentially you should now just need to replace the system include directory that's seen in the error message you last posted (/usr/include/clang/13.0.1/) with the clang include folder from your ollvm build. Here's how I would do it for your system:

#Create Backup of original system clang include directory
mv /usr/include/clang/13.0.1/ /usr/include/clang/13.0.1_BACKUP/
#Create new system clang include directory
mkdir -p /usr/include/clang/13.0.1/
#Copy clang include folder from ollvm build directory into the new system clang include directory
cp -R ~/build/lib/clang/5.0.2/include/ /usr/include/clang/13.0.1/

Of course for the last command you will need to give it the build folder of wherever you compiled Obfuscator-LLVM. Hope this works for you.

@Fankaren Thanks so much for assisting. I really appreciate it!

from nimcrypt2.

Thank you guys. I really appreciate all your help. I understand now @icyguider

Working now. I used Obfuscator-llvm 9.0.1. The below fixed my issue, thanks @icyguider

cp -R ~/build/lib/clang/5.0.2/include/ /usr/include/clang/13.0.1/

from nimcrypt2.

Kali :
install gcc-8 g++-8 -y
sudo apt-get install gcc-8 g++-8 -y
[sudo] password for kali:
Reading package lists... Done
Building dependency tree... Done
Reading state information... Done
Package g++-8 is not available, but is referred to by another package.
This may mean that the package is missing, has been obsoleted, or
is only available from another source

E: Unable to locate package gcc-8
E: Package 'g++-8' has no installation candidate

from nimcrypt2.

This helped get the proper versions of gcc & g++

sudo apt update
wget http://mirrors.kernel.org/ubuntu/pool/universe/g/gcc-8/gcc-8_8.4.0-3ubuntu2_amd64.deb
wget http://mirrors.edge.kernel.org/ubuntu/pool/universe/g/gcc-8/gcc-8-base_8.4.0-3ubuntu2_amd64.deb
wget http://mirrors.kernel.org/ubuntu/pool/universe/g/gcc-8/libgcc-8-dev_8.4.0-3ubuntu2_amd64.deb
wget http://mirrors.kernel.org/ubuntu/pool/universe/g/gcc-8/cpp-8_8.4.0-3ubuntu2_amd64.deb
wget http://mirrors.kernel.org/ubuntu/pool/universe/g/gcc-8/libmpx2_8.4.0-3ubuntu2_amd64.deb
wget http://mirrors.kernel.org/ubuntu/pool/main/i/isl/libisl22_0.22.1-1_amd64.deb
sudo apt install ./libisl22_0.22.1-1_amd64.deb ./libmpx2_8.4.0-3ubuntu2_amd64.deb ./cpp-8_8.4.0-3ubuntu2_amd64.deb ./libgcc-8-dev_8.4.0-3ubuntu2_amd64.deb ./gcc-8-base_8.4.0-3ubuntu2_amd64.deb ./gcc-8_8.4.0-3ubuntu2_amd64.deb

wget http://mirrors.kernel.org/ubuntu/pool/universe/g/gcc-8/libstdc++-8-dev_8.4.0-3ubuntu2_amd64.deb
wget http://mirrors.kernel.org/ubuntu/pool/universe/g/gcc-8/g++-8_8.4.0-3ubuntu2_amd64.deb
sudo apt install ./libstdc++-8-dev_8.4.0-3ubuntu2_amd64.deb ./g++-8_8.4.0-3ubuntu2_amd64.deb

from nimcrypt2.

wget http://ftp.us.debian.org/debian/pool/main/g/gcc-8/libgcc-8-dev_8.3.0-6_amd64.deb

on kali , dont work

from nimcrypt2.