You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
{{ message }}
This repository was archived by the owner on May 7, 2021. It is now read-only.
Pakr applies reversible transformations to your compiled bundle and stores the transformed bundle in your new binary (called a "stub"). The stub will reverse the transformations and execute your bundle, all without writing a file. Pakr is meant for obfuscation, not compression. Pakr will repeatedly apply transformations thousands of times, likely resulting in a larger file.
Pakr relies on the macOS API NSCreateObjectFileImageFromMemory. It has been deprecated since macOS 10.5, but seems unlikely to go away as the newer APIs have no replacement. After loading the object file, it calls NSLookupSymbolInModule to get the address of main, and then invokes it.
Transformations are trivial to write; simply define a pack and unpack function that take and receive strings. Pakr is best used with your own transformations to make extracting the original harder. Of course, once your bundle is loaded into memory, it can simply be extracted. It makes reverse engineering more difficult, not impossible.
Simplified Example
std::string pack(std::string data, bool shouldUnpack) {
if (shouldUnpack)
return unpack(data);
const char seed = rand();
std::string packed = std::string(&seed, 1);
for (char& c : data) {
packed += applyXor(c, seed);
}
return packed;
}
std::string unpack(std::string data) {
char seed = data.at(0);
data = data.substr(1);
for (char& c : data) {
c = applyXor(c, seed);
}
return data;
}
Usage
These steps likely do not work at this point.
Pakr can only load 64-bit Mach-O "bundles" (MH_BUNDLE). Compiling your code into a bundle should be possible with the clang -bundle flag:
