.Hi, during recon, which was awesom and quite brain activating, we came up with this idea for offuscated code analysis, specially for branches into the middle of an instruction: As we are now all using graphs for representing the code, this branching into an instruction is not a problem anymore, we just need to branch the analysis.
One of the branches will probably die soon from invalid addresses, for example. In any case, manually collapsing all the subtree for the invalid branch should be enough to clean the graph.
uhm.. I think the ideas is simpler than this explanation. I have implemented a proof of concept version of this usign pydasm (ero's wrapper for libdisasm) on PaiMei (pedram's excelent framework). I need to clean and we'll hopefully integrate into PaiMai, or I'll release separately.
with non linear analysis (graphs), this offuscation should not be a problem, what do you think?
![[+] expand](/imagery/files/soysauce_blueprint.gif){kind=link}