RustAegis is an advanced framework for Rust that provides research-grade software protection through code virtualization and obfuscation. By compiling Rust code into custom, polymorphic virtual machine bytecode, RustAegis effectively shields sensitive logic from reverse engineering and tampering by shifting execution from the native CPU to a secure software interpreter.

Key Features

• Virtualization: Convert Rust Abstract Syntax Tree (AST) directly into a custom stack-based VM instruction set.
• Polymorphism: Randomize the instruction set mapping (Opcode Table) for each build via a .build_seed artifact.
• Mixed Boolean Arithmetic (MBA): Transform simple arithmetic operations into complex, mathematically equivalent boolean expressions, enhancing the obscurity of the code.
• Compile-Time Encryption: Encrypt bytecode with a unique key specific to each build, with decryption occurring only at runtime.
• Anti-Tamper Measures: Implement integrated integrity checks to ensure the bytecode remains unaltered.
• Junk Code Injection: Introduce dead code and entropy-based instructions that disrupt signature scanning and make static analysis more challenging.

Architecture & The .build_seed

RustAegis employs a split architecture consisting of:

1. Compiler (vm-macro): Operates at compile time to generate encrypted bytecode.
2. Runtime (vm): Runs within the application to execute the bytecode.

During the build process, a temporary artifact named .anticheat_build_seed is generated, which ensures synchronization between the compiler and the runtime to maintain consistent encryption keys and opcode mappings. Users are advised not to commit this file to version control for unique polymorphism across deployments. For reproducible builds, set the ANTICHEAT_BUILD_KEY environment variable to override random generation.

Enhanced Security Features

RustAegis complicates static and dynamic analysis through advanced techniques:

• Control Flow Flattening: The VM interpreter flattens control flow, concealing the original sequences within data-driven jumps in the interpreter loop.
• Arithmetic Obfuscation: The MBA approach replaces straightforward arithmetic operations with a randomized sequence of stack operations, making it significantly harder to reverse-engineer logic.

Performance Considerations

While RustAegis is designed for high security, it comes with a performance trade-off, typically resulting in a 10x to 100x slowdown compared to native execution. It is recommended to apply the #[vm_protect] attribute judiciously, focusing on sensitive functions such as license checks, key generation, and encryption logic, while avoiding virtualization in performance-critical areas.

WebAssembly Compatibility

RustAegis includes full support for WebAssembly, allowing developers to leverage its security features in web applications. Users can follow a straightforward setup process to incorporate RustAegis into their WASM projects, ensuring sensitive logic remains protected across platforms.

For a hands-on experience and examples showcasing key features, consider exploring the provided examples directory, where various test cases can be run to illustrate the capabilities of RustAegis.