MODeflattener is a specialized tool designed to reverse OLLVM’s control flow flattening obfuscation through static analysis techniques.
Developed using Miasm’s intermediate representation capabilities, it systematically reconstructs the original program logic from obfuscated binaries by analyzing and patching key structural components.
Control Flow Deobfuscation
The tool identifies two critical components in flattened functions:
These form the “backbone” that coordinates execution through a state variable system. MODeflattener traces this variable’s modifications across basic blocks to map the original control flow.
do_propagate_expressions
to resolve phi nodes in SSA form, revealing conditional paths: pythonssa_simplifier = IRCFGSimplifierSSA(lifter) ssa = ssa_simplifier.ircfg_to_ssa(ircfg, head)
This exposes branch conditions like 0x401a9d: {'cond': 'CMOVB', 'false_next': 0x401bb0, 'true_next': 0x401af5}
1.CMOVB
→ JB
)textInput Binary → Identify Dispatcher → Analyze State Var →
Classify Blocks → SSA Simplification → Generate Patches →
Rebuild Control Flow → Output Deobfuscated Binary
The tool successfully restructures flattened control flow into human-readable graphs while preserving executable logic.
Its open-source implementation on GitHub provides practical utilities for reverse engineers tackling OLLVM-obfuscated malware or protected software1.
JBDev is a specialized development tool designed to streamline the creation and debugging of jailbreak…
The Kereva LLM Code Scanner is an innovative static analysis tool tailored for Python applications…
Nuclei-Templates-Labs is a dynamic and comprehensive repository designed for security researchers, learners, and organizations to…
SSH-Stealer and RunAs-Stealer are malicious tools designed to stealthily harvest SSH credentials, enabling attackers to…
Control flow flattening is a common obfuscation technique used by OLLVM (Obfuscator-LLVM) to transform executable…
Cybersecurity tools play a critical role in safeguarding digital assets, systems, and networks from malicious…