ElfLocked
PoC multi-layer Protector for ELF32 binaries
This protector was an old project standing as a private repository for various years now in my github account, and based that encountering ELF32 ET_EXEC binaries are currently outdated in a sense, I decided to make it public.
This protector contains two layers of abstraction implementing various anti-debugging/anti-analysis techniques ranging from:
- Anti Ptrace
- Breakpoint traps
- Self modifying code
- Anti LD_PRELOAD
- Parent process checks
- Various Control-Flow obfuscation techniques applied on different sections:
- Exception manipulation
- Hardware Breakpoint manipulation
- Control-Flow flattening
The embedded binary is also subject to a base-relocation to make the unpacking process a bit harder. This today is a default for PIE binaries, but at the time it was not trivial to rebase an ET_EXEC ELF binary. Leaving this project here for historic purposes and hopefully to bring some light into ELF Packers/Protectors. SPOILER: This project is from 2016! coding style is terrible as it was a very old project, you have been warned :D