Sinister is an ELF binary obfuscator built to weaponize your executables against reverse engineering. It applies low-level transformations to make binaries harder to analyze, decompile, or understand β all while remaining executable.
- Nothing yet... but soon! π
-
Symbol Renaming (Initial Support)
πΉ Supports renaming of:
Β Β Β Β β’ AllSTB_LOCALandSTB_GLOBALsymbols, exceptSTT_GNU_IFUNC
βοΈ Renames safely within.symtaband.strtab
β Does not yet handle.dynsym, relocations, or dynamic resolution (dlsym, plugins) -
ELF Locking (Experimental)
πΉ Corrupts ELF internals to break analysis by tools like IDA, Ghidra, radare2, Binary Ninja
βοΈ Techniques include:
Β Β Β Β β’.symtab/.strtabpoisoning
Β Β Β Β β’ ELF header sabotage (EI_CLASS,EI_VERSION, etc.)
- Anti-Debugging
- Code Injection
- Dynamic Buffer Allocation
- Flow Flattening
- Packing
- String Obfuscation
git clone https://github.com/ayushch80/sinister.git
cd sinisterMake sure Go is installed (version β₯ 1.19 recommended):
go versionIf not installed:
sudo apt install golanggo build ../sinister# Rename all safe local symbols
./sinister -inp ./binary -out ./binary_out -rename
# Lock binary to break RE tools
./sinister -inp ./binary -out ./binary_out -lock| Path | Description |
|---|---|
renaming/ |
Core logic for symbol renaming and symbol table manipulation |
locking/ |
ELF locking routines to sabotage reverse engineering tools |
utils/ |
Helper functions for logging, ELF utilities, and common routines |
main.go |
Entry point for CLI β parses arguments and dispatches commands |
go.mod / go.sum |
Go module definition and dependency tracking |
Sinister is licensed under the Apache License 2.0
π Disclaimer: This tool is for educational and research purposes only. Do not use it on software you donβt own or without explicit permission.
Let me know if you want a cool badge, example binaries, or to automatically detect if locking was successful (via broken readelf).