Cross-Platform VMProtect with LLVM
I finally had enough fun with building LLVM Transform Obfuscation Passes and decided to build a VMProtect-Like obfuscation mechanism.
A Short Analysis of AdAppActive
During my random browsing of PPHelper, China’s largest “assistant” that provids download of cracked softwares as well as serving as a 2nd AppStore itself, we found one of the games contains a strange Adware not seen in its AppStore Version.
Overall it’s a pretty boring case since the native calls are not obfuscated
Hooking MGCopyAnswer Like A Boss
This is a note following my post back in april regarding short function hooking.
Building LLVM Doc(set)
LLVM has a large doc base which takes literally 12hours+ to build on my configuration. This post is a collection of techniques I found that could improve either the build doc size/build time/quality
Random Thoughts On Hooking Short Functions
For languages that doesn’t have a reflection mechanism that benefits developers (and hackers), (I’m looking at you Objective-C) function hooking inevitably involves in inline hooking, or to be more precise, assembly patching. Unfortunately not every C function has enough length for us to do our dirty work. This post is my $0.02 regarding this issue. Theoretically following analysis should hold true on most platforms, although the implementation might differ