There also is the demovfuscator (https://github.com/kirschju/demovfuscator) which does the opposite and is capable of recovering the control-flow of the original program before movfuscation.
(Disclaimer: I know exactly zero things about reverse engineering, so this is probably a very stupid question. Read at your own peril.)
Could this be helpful in reverse engineering binaries by first movfuscating and then demovfuscating them? My hypothesis is that movfuscation (maybe coupled with some other techniques) might “normalize” the program in some way and demovfuscation might recover some more human-understandable structures. Or would demovfuscation just bring back the same original obfuscated mess?
Could this be helpful in reverse engineering binaries by first movfuscating and then demovfuscating them? My hypothesis is that movfuscation (maybe coupled with some other techniques) might “normalize” the program in some way and demovfuscation might recover some more human-understandable structures. Or would demovfuscation just bring back the same original obfuscated mess?