Obfuscation is made of many different tricks. One we meet very often is mixed instructions who make computations mixing usual arithmetic (ADD, SUB, MUL, DIV) and boolean one (XOR, AND, NOT, OR). All tools get lost when it comes to cleaning this kind of very messy blocks of instructions, and that is why we designed Arybo. With Arybo, analyzing such expressions become way more easy.
more ...Mixed Boolean-Arithmetic expressions can be used as an obfuscation technique. Why are they hard to de-obfuscate, and what do we need to do so?
more ...