Obfuscated Binary Pseudocode Optimizer
Obpo is a microcode-based hex-rays optimizer, uses techniques such as static-program-analysis, dataflow-tracking, concolic-execution to rebuild the obfuscated control flow (such as: OLLVM).
Obpo is not open source yet, but currently provides obpo-plugin for testing. obpo-plugin is a cloud plugin, the binary code of the target function will be sent to the obpo server for processing, and the response result will be applied to the decompilation process.
- Obpo can’t solve all obfuscate problems, but I hope it can be a powerful option.
- Due to the limited server performance, the timeout is limited to 60s. If there is abuse or attack behavior, I will close the service at any time.
obpo-plugin currently requires the following versions of hex-rays decompiler:
|18.104.22.168118||ARM64, X86, X86_64||✔️|
|22.214.171.124427||ARM, ARM64, X86, X86_64||✔️|
|126.96.36.199427||PowerPC, PowerPC64, MIPS||❌️|
|188.8.131.52028||ARM, ARM64, X86, X86_64||✔️|
|184.108.40.206028||PowerPC, PowerPC64, MIPS||❌️|
obpoplugin into ida plugins path.
Obpo requires you to manually mark a dispatch block for Control Flow Flattening before automated analysis. Normally, the dispatch block looks like this:
Right-click on the control flow graph, click
OBPO -> Mark and process function. Refresh the decompiler after
processing is complete, like this:
Depending on the decompilation changes you can continue to mark dispatch blocks.