d8c37b2d4c
- Improved the Custom Pass code to align with Ryujin coding standards. - Added clear and helpful comments for better understanding of how RyujinCustomPassDemo works. - Improved README.md for better structure and readability as user-facing documentation. - Updated demo images for Ryujin and added more visual examples.
4.0 KiB
Ryūjin Protector
Ryūjin Protector is an open-source Bin2Bin obfuscation, protection, and DRM tool for Windows PE binaries targeting the Intel x64 architecture(Only).
Features
- Junk Code Insertion + Code Mutation (Fully randomic without breaking the original logic)
- IAT Call Access Obfuscation(With obfuscated handlers access)
- Random Section naming(Default name: Ryujin)
- Mathematical Operators Virtualization(aka: Ryūjin MiniVM)
- Obfuscated code Encryption(Using TeaDelKew Algorithm)
- Anti-Debug User + Kernel
- Troll Reversers(Exclusive)
- Anti-Dump
- Anti-Disassembly + Anti-Decompiler
- Memory Protection(CRC32)
- Custom Passes
Demos and Presentations
Ryūjin was designed and developed for the study of obfuscators with Bin2Bin capabilities, making it a viable project for use by third parties as well as serious information security students. This includes: Commercial Developers, Indie Developers/Cheat Developers, Anti-Cheat Developers, Malware Developers, Malware Analysts, and Security Researchers.
A Simple Comparison on a "main" function. before and after applying Ryūjin:
This is only a small demo with only one Ryūjin feature, others feature together produce a better result.
Really Easy to Use:
Ryūjin is extremely easy to use — you can choose between the GUI mode or the CLI mode. Both will produce the same result in a precise, functional, and stable way.
GUI Mode Demonstration:
CLI Mode Demonstration:
For both options, you will need exclusively a PE file (Apanas, executable, for now) along with a PDB file containing the symbols for that PE file, so that you can protect and generate a new binary. Additionally, you can consult the WIKI at any time to discover other options and possibilities, such as custom passes.
Custom Pass Support
In addition to the standard techniques available via CLI or GUI options, Ryūjin also supports a Custom Pass feature. This allows anyone to implement a callback that is invoked during the obfuscation flow, enabling users to extend Ryūjin’s capabilities with custom features specific to their code.
To do this, the user must follow a specific callback model:
void RyujinCustomPassDemo(RyujinProcedure* proc);
Each time the callback is invoked, a RyujinProcedure instance is provided, allowing the user to modify execution scopes, basic block structures, and more. The class definition can be found in RyujinProcedure.hh. Additionally, a usage example is available in RyujinConsole.cc, No additional configuration file changes are required. The RyujinObfuscatorConfig class already includes all necessary settings for immediate use.
Dependencies
To compile RyujinCore, RyujinConsole, and RyujinGUI, critical dependencies must be installed via Microsoft VCPKG, You can install them using the following commands:
vcpkg install asmjit
vcpkg install zydis
For a consistent development environment, consider the following versions:
asmjit:x64-windows - 2024-06-28
zycore:x64-windows - 1.5.0
zydis:x64-windows - 4.1.0
In addition to these critical dependencies, some optional ones exist, for example, wxWidgets, which is required to build RyujinGUI. It can be obtained from the wxWidgets website.
Research Paper
If you enjoy understanding how things work technically and exploring deep concepts, consider reading the Ryūjin paper:
TODO
Getting Started
For more detailed usage information and explanations of each feature intended for daily use, consider reading the Ryūjin Wiki.