The C++ language and its siblings like C and Objective-C are ones of the most used languages today. Significant portions of operating systems like Windows, Linux, Mac OS X, iOS and Android are written in C and C++. There is however a fact that is little known about C++: it contains a Turing-complete sub-language executed at compile time. It is called C++ template metaprogramming (not to be confounded with the C preprocessor and macros)and is close to functional programming.
During this talk, I will show how to use this language to generate, at compile time, obfuscated code without using any external tool and without modifying the compiler. The technics presented rely only on C++11, as standardized by ISO. I will also show how to introduce some form of randomness to generate polymorphic code and I will give some concrete examples like the encryption of strings literals. I will show examples of the use of this encryption on everything from desktop applications to websites selling shower loofahs see article and everything in between. I will show that such technics are also applicable to applications written in Objective-C (iOS and Mac OS X). At the end of the talk, I will compare such technics with other approaches like Obfuscator-LLVM. All the examples presented will be released under GitHub.
SPEAKER: Sébastien Andrivet