https://github.com/gemesa/phantom-pass

LLVM based code obfuscator passes
https://github.com/gemesa/phantom-pass

anti-reverse-engineering anti-reversing compiler llvm llvm-ir llvm-pass obfuscation obfuscation-tool obfuscator

Last synced: about 1 month ago
JSON representation

LLVM based code obfuscator passes

• Host: GitHub
• URL: https://github.com/gemesa/phantom-pass
• Owner: gemesa
• License: apache-2.0
• Created: 2025-09-08T16:56:19.000Z (10 months ago)
• Default Branch: main
• Last Pushed: 2025-09-30T21:33:15.000Z (9 months ago)
• Last Synced: 2025-09-30T23:25:32.456Z (9 months ago)
• Topics: anti-reverse-engineering, anti-reversing, compiler, llvm, llvm-ir, llvm-pass, obfuscation, obfuscation-tool, obfuscator
• Language: C++
• Homepage: http://shadowshell.io/phantom-pass/
• Size: 38.1 KB
• Stars: 0
• Watchers: 0
• Forks: 0
• Open Issues: 0
• Metadata Files:
  • Readme: README.md
  • License: LICENSE

Awesome Lists containing this project

README

          
# phantom-pass

Phantom pass is a collection of LLVM IR and machine code level obfuscation passes. The techniques are either extracted from reversed malware samples (e.g. [Mirai](https://shadowshell.io/mirai-sora-botnet), [Hancitor](https://shadowshell.io/hancitor-loader) and [XLoader](https://shadowshell.io/xloader)) or obtained via OSINT. The passes are primarily intended for AArch64, but some also work on other architectures.

The documentation can be found [here](https://shadowshell.io/phantom-pass/).

## How to build and run the passes

```

$ make

```

## How to run the executables

```

$ make run

```