d35ha / xObf

Simple x86/x86_64 instruction level obfuscator based on a basic SBI engine
244 stars 49 forks source link
malware-research self-modifying-code static-binary-instrumentation

xObf

Simple x86/x86_64 instruction level obfuscator based on a basic SBI engine

How it works

This is straightforward:

Impact

This really gonna mess up with the static code analysis making it almost impossible, consider using this code snippet:

#include <stdio.h>

int main(int argc, char** argv){
    if (argc < 2){
        puts("Wrong number of arguments");
    } else {
        printf("Hello %s\n", argv[1]);
    };
};

After compiling and using the obfuscator upon it, this is the difference between the main subroutine instructions before and after obfuscation

Impact

This will mislead any disassembler/decompiler to preview wrong output

Thoughts

Additional