Chapter about Obfuscation

[Fare9]

LLVM project allows managing code easily through LLVM IR, using an IR allows that some obfuscation techniques can be applied to different programming languages in an abstract way. The LLVM project implements techniques for code optimization but the code can be 'deoptimized' to hide code from analysts or malicious actors, while these protection mechanisms are not perfect, they make people taking longer for their analysis. There are currently various projects using LLVM IR for this: https://github.com/emc2314/YANSOllvm, https://github.com/obfuscator-llvm/obfuscator/wiki or https://github.com/open-obfuscator/o-mvll.

Also as part of a chapter like this, it would be possible saying that LLVM IR can be used for deobfuscation of code, binary code can be 'lifted' to LLVM IR, and PassManager can be used for optimizing obfuscated code, making it more readable.