loc_obf_1: mov eax, switch_var cmp eax, 0x1 -> jmp loc_realblock1 cmp eax, 0x2 -> jmp loc_realblock2 ... If prebuilt plugin fails:
Example full obfuscation:
Download prebuilt hikari_pe_x64.dll from: github.com/HikariObfuscator/Hikari/releases (look for Hikari-LLVM15.0-windows-x64.zip ) Extract the zip to C:\Hikari\ : hikari_pe_x64
((annotate("nohikari"))) void normal_function() // no obfuscation loc_obf_1: mov eax, switch_var cmp eax, 0x1 ->
1. What is hikari_pe_x64? hikari_pe_x64 is a LLVM obfuscator plugin (based on Hikari/Obfuscator-LLVM) specifically compiled to work with MSVC/clang-cl on Windows targeting x64 PE executables . It transforms IR code to resist static/dynamic analysis. ⚠️ Not to be confused with “hikari” (anime character). This is a security research tool. 2. Prerequisites | Component | Requirement | |-----------|-------------| | Windows | 10/11 (x64) | | LLVM/Clang | 15.x or 16.x (clang-cl) | | Build tools | Visual Studio 2022 (with “C++ CMake tools”) | | Python | 3.8+ (for scripts) | hikari_pe_x64 is a LLVM obfuscator plugin (based on
// Opaque predicate example (constant folding resistant) volatile int x = 0; if (x == 0 && (GetTickCount() & 1) == 0) // real code else // dead code
Also available: "bcf" , "split" , "indibran" , "fla_loop" , "sub_loop" , "split_num=3" Combine with manual tricks: