Obfuscated Binary Pseudocode Optimizer

Obpo is a microcode-based hex-rays optimizer, uses techniques such as static-program-analysis, dataflow-tracking, concolic-execution to rebuild the obfuscated control flow (such as: OLLVM).


Obpo is not open source yet, but currently provides obpo-plugin for testing. obpo-plugin is a cloud plugin, the binary code of the target function will be sent to the obpo server for processing, and the response result will be applied to the decompilation process.


  1. Obpo can’t solve all obfuscate problems, but I hope it can be a powerful option.
  2. Due to the limited server performance, the timeout is limited to 60s. If there is abuse or attack behavior, I will close the service at any time.

Supported Version

obpo-plugin currently requires the following versions of hex-rays decompiler:

Hex-Rays Version Arch Tested ARM64, X86, X86_64 ✔️ ARM, ARM64, X86, X86_64 ✔️ PowerPC, PowerPC64, MIPS ❌️ ARM, ARM64, X86, X86_64 ✔️ PowerPC, PowerPC64, MIPS ❌️


Copy obpo_plugin.py and obpoplugin into ida plugins path.


Obpo requires you to manually mark a dispatch block for Control Flow Flattening before automated analysis. Normally, the dispatch block looks like this:

Right-click on the control flow graph, click OBPO -> Mark and process function. Refresh the decompiler after processing is complete, like this:

Depending on the decompilation changes you can continue to mark dispatch blocks.


View Github