Obfuscation vs the Optimizer: An LLVM Middle-End Arms Race
Quarkslab examines how LLVM’s middle-end optimization passes can act as an automatic de-obfuscator by simplifying intentionally complex arithmetic and control-flow constructs back to their original semantics. The article walks through an obfuscated mystery() function built from mixed boolean-arithmetic expressions and shows how passes such as constant propagation, instruction combining, dead-code elimination, and CFG simplification progressively collapse it in LLVM IR. Its main technical point is that obfuscation and optimization are structurally opposed: obfuscators try to preserve semantics while increasing complexity, while the optimizer canonicalizes equivalent expressions and removes redundancy, and even a single upstream LLVM commit can invalidate an obfuscation strategy. This is useful both for obfuscator authors testing resilience against compiler passes and for reverse engineers who can reuse the same middle-end analyses to recover hidden program logic.