Dittobytes Unleashes Metamorphic Compilation for Truly Unique Position-Independent Code

Security researchers and red teamers have long grappled with the limitations of Position Independent Code (PIC) generation – until now. Dittobytes, an open-source project by Tijme Gommers, introduces a revolutionary approach to compiling C and C++ into truly metamorphic PIC that's fundamentally different with each compilation cycle.

The Metamorphic Revolution

Unlike traditional PIC generators that rely on easily detectable decrypt stubs or require external loaders like Donut, Dittobytes operates through two custom LLVM transpilers:

1. Intermediate Transpiler: Uses LLVM Function Pass to inline constant variables directly into code (eliminating .rodata segments)
2. Machine Transpiler: Applies LLVM MachineFunction Pass to perform runtime instruction substitutions with randomness

# Original                 # Metamorphicated
push rbp                   push r9
mov rbp, rsp               push r15
                           sub rsp, 38h
                           mov r14, 6E055571BF8F0D8Eh
...                        xor rdx, r14

Example of metamorphic transformations creating functionally equivalent but structurally distinct assembly (Source: Dittobytes documentation)

Cross-Platform Powerhouse

The tool delivers unprecedented flexibility:
- Output Formats: Raw shellcode (.raw), Beacon Object Files (.obj), and executables (.exe)
- Platform Support: Windows, Linux, macOS
- Architectures: AMD64 and ARM64
- Size Efficiency: Near-zero overhead compared to traditional PIC generation

Practical Applications

1. Red Team Operations: Generate unique shellcode payloads that evade signature-based detection
2. Security Research: Test anti-malware solutions against metamorphic code techniques
3. Embedded Systems: Develop compact, relocatable code for constrained environments

Metamorphic Techniques Implemented

• ✅ Randomize register allocation
• ✅ Transform mov reg, imm instructions
• ✅ Transform mov [reg+var], imm operations
• ✅ Instruction nullification substitutions
• ⏳ Semantic noise insertion (meaningful dead code)
• ⏳ Advanced register-to-register transformations

Getting Started

Dittobytes prioritizes accessibility through Docker:

docker buildx build -t dittobytes .  # ~2.5 hour build
docker run --rm -v ".:/tmp/workdir" -it dittobytes
make beacon-win-amd64-raw  # Sample compilation

Current Limitations

• No support for floats/doubles (LLVM inlining constraint)
• C++ exceptions not yet implemented
• Requires Linux host for compilation environment

"Dittobytes represents a paradigm shift in PIC generation. By eliminating the need for decrypt stubs and reflective loaders, it creates inherently stealthier payloads with practically no size penalty." - Tijme Gommers

As metamorphic compilation evolves, Dittobytes offers both offensive and defensive security professionals a powerful new framework for understanding and countering next-generation evasion techniques. The project's Mozilla Public License 2.0 opens doors for community collaboration and integration into security tooling.

Source: Dittobytes GitHub Repository