From 70d23e99a1f0d7cae8d4b8d71cb03da11ec19229 Mon Sep 17 00:00:00 2001
From: Alex Cohn <sasha.cohn@gmail.com>
Date: Sun, 28 Nov 2021 23:31:03 +0200
Subject: [PATCH] new branch defaults to obfuscation to work around `-mllvm is
 not supported with -fembed-bitcode`

---
 build/README.md                               | 37 +++++++++++++++++++
 build/setup.mk                                | 34 +++++++++++++++++
 .../lib/Transforms/IPO/PassManagerBuilder.cpp |  6 +--
 3 files changed, 74 insertions(+), 3 deletions(-)
 create mode 100644 build/README.md
 create mode 100644 build/setup.mk

diff --git a/build/README.md b/build/README.md
new file mode 100644
index 000000000000..28a2e00c6c95
--- /dev/null
+++ b/build/README.md
@@ -0,0 +1,37 @@
+obfuscator-llvm
+===============
+
+To work around `-mllvm is not supported with -fembed-bitcode`, 
+this branch makes the following obfuscator flags default, see [blog](https://heroims.github.io/2019/01/06/OLLVM%E4%BB%A3%E7%A0%81%E6%B7%B7%E6%B7%86%E7%A7%BB%E6%A4%8D%E4%B8%8E%E4%BD%BF%E7%94%A8/#%E4%BD%BF%E7%94%A8)
+
+    -mllvm -bcf -mllvm -sub -mllvm -fla -mllvm -sobf
+
+* Clone
+
+      git clone https://github.com/alexcohn/obfuscator -b default -depth 1
+
+* Build (see in [OLLVM code obfuscation, transplantation and use (continued)](https://heroims.github.io/2021/11/09/OLLVM%E4%BB%A3%E7%A0%81%E6%B7%B7%E6%B7%86%E7%A7%BB%E6%A4%8D%E4%B8%8E%E4%BD%BF%E7%94%A8(%E7%BB%AD)/#XCode12-%E4%BB%A5%E5%90%8E))
+
+      cd obfuscator/build
+      cmake -DCMAKE_BUILD_TYPE=Release -DLLVM_CREATE_XCODE_TOOLCHAIN=ON -DLLVM_ENABLE_PROJECTS="clang;libcxx;libcxxabi" ../llvm
+      make -j7
+
+* Setup the Android toolchain (verified for `v21.4.7075529`):
+
+      for setup in ${HOME}/Library/Android/sdk/ndk/21.4.7075529/build/core/toolchains/*/setup.mk; do printf >>$setup '\n-include $(OBFUSCATOR_PATH)/setup.mk'; done
+
+* use for **ndk-build**:
+
+      ndk-build … OBFUSCATOR_PATH=path-to-obfuscator/build
+
+* use with **xcodebuild**:
+
+      OBFUSCATION_PARAMETERS="GCC_SYMBOLS_PRIVATE_EXTERN=YES GCC_ENABLE_CPP_EXCEPTIONS=NO GCC_ENABLE_CPP_RTTI=NO COMPILER_INDEX_STORE_ENABLE=NO CC=$OBFUSCATOR_PATH/bin/clang CPLUSPLUS=$OBFUSCATOR_PATH/bin/clang++"
+      xcodebuild archive -scheme $FRAMEWORK_NAME -archivePath "$SIMULATOR_ARCHIVE_PATH" -sdk iphonesimulator $OBFUSCATION_PARAMETERS
+      xcodebuild archive -scheme $FRAMEWORK_NAME -archivePath "$IOS_DEVICE_ARCHIVE_PATH" -sdk iphoneos $OBFUSCATION_PARAMETERS
+
+* packaging:
+
+  For redistribution, you will only need some files in the `build` directory; the following command can be used:
+
+      zip -r obfuscator-llvm bin include/c++ lib/*.dylib lib/clang/ setup.mk
diff --git a/build/setup.mk b/build/setup.mk
new file mode 100644
index 000000000000..6d0252f272ea
--- /dev/null
+++ b/build/setup.mk
@@ -0,0 +1,34 @@
+# append for toolchain setup.mk to turn on this obfuscator
+# it should be included as `-include $(OBFUSCATOR_PATH)/setup.mk`
+
+NDK_TOOLCHAIN_VERSION := obfuscator
+
+TARGET_CC := $(OBFUSCATOR_PATH)/bin/clang$(HOST_EXEEXT)
+TARGET_CXX := $(OBFUSCATOR_PATH)/bin/clang++$(HOST_EXEEXT)
+
+TARGET_CFLAGS += \
+    -gcc-toolchain $(call host-path,$(TOOLCHAIN_ROOT)) \
+
+TARGET_LDFLAGS += \
+    -gcc-toolchain $(call host-path,$(TOOLCHAIN_ROOT)) \
+    -Wl,-no-gc-sections \
+
+GLOBAL_CFLAGS = \
+    -target $(LLVM_TRIPLE)$(TARGET_PLATFORM_LEVEL) \
+    -fdata-sections \
+    -ffunction-sections \
+    -fstack-protector-strong \
+    -funwind-tables \
+    -no-canonical-prefixes \
+    --sysroot $(call host-path,$(NDK_UNIFIED_SYSROOT_PATH)) \
+    -g \
+    -Wno-invalid-command-line-argument \
+    -Wno-unused-command-line-argument \
+    $(SYSROOT_ARCH_INC_ARG) \
+
+GLOBAL_LDFLAGS += \
+    --sysroot $(call host-path,$(NDK_UNIFIED_SYSROOT_PATH)) \
+    -L$(call host-path,$(NDK_UNIFIED_SYSROOT_PATH))/usr/lib/${TOOLCHAIN_NAME}/${TARGET_PLATFORM_LEVEL} \
+    -L$(call host-path,$(NDK_UNIFIED_SYSROOT_PATH))/usr/lib/${TOOLCHAIN_NAME} \
+    --sysroot ${NDK_ROOT}/platforms/android-${TARGET_PLATFORM_LEVEL}/arch-${TARGET_ARCH} \
+    $(SYSROOT_ARCH_INC_ARG) \
diff --git a/llvm/lib/Transforms/IPO/PassManagerBuilder.cpp b/llvm/lib/Transforms/IPO/PassManagerBuilder.cpp
index 68d9cb24f4b6..6a6fbbe49aca 100644
--- a/llvm/lib/Transforms/IPO/PassManagerBuilder.cpp
+++ b/llvm/lib/Transforms/IPO/PassManagerBuilder.cpp
@@ -149,13 +149,13 @@ cl::opt<bool>
                   cl::desc("Enable the GVN sinking pass (default = off)"));
 
 // Flags for obfuscation
-static cl::opt<bool> Flattening("fla", cl::init(false),
+static cl::opt<bool> Flattening("fla", cl::init(true),
                                 cl::desc("Enable the flattening pass"));
 
 static cl::opt<bool> BogusControlFlow("bcf", cl::init(false),
                                       cl::desc("Enable bogus control flow"));
 
-static cl::opt<bool> Substitution("sub", cl::init(false),
+static cl::opt<bool> Substitution("sub", cl::init(true),
                                   cl::desc("Enable instruction substitutions"));
 
 static cl::opt<std::string> AesSeed("aesSeed", cl::init(""),
@@ -167,7 +167,7 @@ static cl::opt<bool> Split("split", cl::init(false),
 static cl::opt<std::string> Seed("seed", cl::init(""),
                            cl::desc("seed for the random"));
 
-static cl::opt<bool> StringObf("sobf", cl::init(false),
+static cl::opt<bool> StringObf("sobf", cl::init(true),
                            cl::desc("Enable the string obfuscation"));
 
 // This option is used in simplifying testing SampleFDO optimizations for