llxiaoyuan
commented
2 years ago Mostly, it makes reverse engineering more difficult, and performance lose does, so, use it wisely
Open gurachan opened 2 years ago
llxiaoyuan
commented
2 years ago Mostly, it makes reverse engineering more difficult, and performance lose does, so, use it wisely
gurachan
commented
2 years ago Mostly, it makes reverse engineering more difficult, and performance loss does, so, use it wisely
fair. I will use it if I'm hiding something for them to give up.. this reminds me of Code Control Flow Obfuscation. have u tried this yet https://github.com/avast/retdec-idaplugin .. this is a decompiler also but spout the decompilation on the console or a window with a bunch of c++ code text.. kinda same as ida f5.
llxiaoyuan
commented
2 years ago only ida f5 tested on oxorany
Xniveres
commented
2 years ago i tried it against retdec, code:
#include <Windows.h>
#include <stdio.h>
//#define OXORANY_DISABLE_OBFUSCATION
//#define OXORANY_USE_BIT_CAST
#include "oxorany.h"
int main() {
printf(oxorany("test\n"));
system(oxorany("pause"));
}output using retdec:
https://gist.github.com/Xniveres/6653b594edf0949533b4b9c34a831cbf
in theory .. the right path is gonna be executed so no performance impact? right? and these random branches will not be executed at all.. and all of them are just to stop f5 from IDA?.
this branches is for 1 int only . .that i print using printf ... does that mean.. if i have 10 ints.. i also have that kind of branches 10x?