Caution
This project is provided for research purposes only. It demonstrates concepts and techniques for malicious code injection in LLVM. The authors do not support or endorse the use of this project in any way.
Compromylr detects compiler-level malware based on the“Trusting Trust " attack described by Ken Thompson. It estimates the percentage of compiler compromised by comparing the binaries of the reference and the target compiler.
This repo consists of two parts:
- The compiler patch that adds a new pass to LLVM with the malicious payload
- The trust checker that compares the two binaries
This requires a copy of the LLVM project. Build the compiler as usual. Example:
# This is run within the build directory
cmake -G Ninja
-DCMAKE_BUILD_TYPE=RelWithDebInfo \
-DCMAKE_INSTALL_PREFIX=install/ \
-DLLVM_ENABLE_PROJECTS="clang;" \
-DLLVM_TARGETS_TO_BUILD="host;" \
-DCMAKE_CXX_COMPILER=clang++ \
-DCMAKE_C_COMPILER=clang \
../llvmUnzip compiler/sample.zip. Password: sample
Then, run the integrate script:
export SOURCE=/path/to/source.c
export LLVM_PROJECT=/path/to/llvm-project
export BUILD_DIR=<build_dir>
./integrate.shThe source file must define 2 functions:
void target();
void cleanup();Two binaries in, three comparison engines out: syscalls, CFG, binary diff.
make
./trustcheck <ref_binary> <target_binary>
bash tests/make_test_bins.sh
./trustcheck tests/ref_bin tests/target_bin
The TUI is partially implemented at this stage. It requires further improvements and needs to be fully integrated with the rest of the project.