The goal of this transformation is to ensure that -- during execution -- the program is running in a "safe" environment. By "safe" we mean that we are not being monitored in any way. More specifically, that program will check that it is not being debugged, not being emulated, not being run inside a virtual machine, etc.
You can read about the InitCheckers transformation here.
It sets up Tigress so that you can later invoke the CheckEnvironment and Checksum
transformations. Use --CheckEnvironmentSandboxes to list the
sandboxes/debuggers you want to test for, and --CheckEnvironmentCheckerCount
to indicate how many checkers you want to insert. As usual, --Functions
lists the functions where we can insert the checkers:
tigress --Environment=x86_64:Linux:Clang:5.1 \
--Transform=InitChecker \
... \
--Transform=CheckEnvironment \
--Functions=fac \
--CheckEnvironmentSandboxes=valgrind \
--CheckEnvironmentCheckerCount=2 \
foo.c --out=obf.c
| Option | Arguments | Description |
|---|---|---|
| --Transform | CheckEnvironment | Check if we are being run in an environment where we are being monitored. |
| --CheckEnvironmentCheckerCount | INTSPEC | How many checkers to insert in the program. Default=1. |
| --CheckEnvironmentTrace | BOOLSPEC | Trace the execution of the checkers. Default=false. |
| --CheckEnvironmentSandboxes | gdb, lldb, bochs, vmware, virtualBox, qemu, pin, cuckoo, kvm, hyper_v, parallels, xen | The list of sandbxes that should be detected. Default=None.
|
If you have a source code license you can list the available pills:
tigress --GodMode=... --Transform=Info --InfoKind=pills empty.c --out=out.c
And then you can pnsert a particular pill named foo_pill in main:
tigress --GodMode=... --Transform=UnitTest --Functions=main --UnitTestKind=pills --UnitTestPill=foo_ill empty.c --out=out.c