is there a const of doing this? like performance wise?

[gurachan]

in theory .. the right path is gonna be executed so no performance impact? right? and these random branches will not be executed at all.. and all of them are just to stop f5 from IDA?.

this branches is for 1 int only . .that i print using printf ... does that mean.. if i have 10 ints.. i also have that kind of branches 10x?

[llxiaoyuan]

Mostly, it makes reverse engineering more difficult, and performance lose does, so, use it wisely

[gurachan]

Mostly, it makes reverse engineering more difficult, and performance loss does, so, use it wisely

fair. I will use it if I'm hiding something for them to give up.. this reminds me of Code Control Flow Obfuscation. have u tried this yet https://github.com/avast/retdec-idaplugin .. this is a decompiler also but spout the decompilation on the console or a window with a bunch of c++ code text.. kinda same as ida f5.

[llxiaoyuan]

only ida f5 tested on oxorany

[Xniveres]

i tried it against retdec,
code:

#include <Windows.h>
#include <stdio.h>
//#define OXORANY_DISABLE_OBFUSCATION
//#define OXORANY_USE_BIT_CAST

#include "oxorany.h"
int main() {
	
	printf(oxorany("test\n"));
	system(oxorany("pause"));
}

output using retdec:

https://gist.github.com/Xniveres/6653b594edf0949533b4b9c34a831cbf