-
-
Save romainthomas/68ecda22775c2b3ca036bd58e4e73e5a to your computer and use it in GitHub Desktop.
O-MVLL Configuration
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
""" | |
O-MVLL Configuration used to obfuscate: | |
https://github.com/optiv/android-ndk-crackme/blob/97932c868cde400747b49c61641c59d3f49c5145/app/src/main/cpp/native-lib.cpp | |
""" | |
import omvll | |
from functools import lru_cache | |
class Config(omvll.ObfuscationConfig): | |
def __init__(self): | |
super().__init__() | |
def break_control_flow(self, mod: omvll.Module, func: omvll.Function): | |
return func.demangled_name.startswith("Java_") | |
def anti_hooking(self, mod: omvll.Module, func: omvll.Function): | |
return func.demangled_name.startswith("Java_") | |
def obfuscate_struct_access(self, mod: omvll.Module, func: omvll.Function, S: omvll.Struct): | |
return "JNINativeInterface" in S.name | |
def flatten_cfg(self, mod: omvll.Module, func: omvll.Function): | |
return func.demangled_name.startswith("Java_") | |
def obfuscate_string(self, mod, func, string: bytes): | |
if func.demangled_name.startswith("Java_"): | |
return omvll.StringEncOptStack(loopThreshold=100) | |
return False | |
def obfuscate_constants(self, mod: omvll.Module, func: omvll.Function): | |
return func.demangled_name.startswith("Java_") | |
@lru_cache(maxsize=1) | |
def omvll_get_config() -> Config: | |
return Config() |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment