• Polymorphic Mutation: cmut takes fundamental data types (e.g., int, float, double) and transforms, or mutates, them into different, often larger, data representations. For example, a simple uint8_t can be expanded into a uint16_t, uint32_t, uint64_t, or even a 128-bit SSE vector (__m128i).

• Algorithmic Reconstruction: The original value is restored through a variety of reconstruction routines. The engine randomly selects one of 13 currently possible subroutines to reverse the mutation, ensuring that the path to the original data is unpredictable.

• Bit-level Obfuscation: The library employs techniques like bit-shifting and circular rotation on the mutated data, adding another layer of complexity. The amount of shifting is randomized, making it difficult to predict the original bit patterns.

• Complex Execution Paths: The combination of random mutation and reconstruction choices generates highly convoluted control-flow graphs. This makes it incredibly difficult for a reverse engineer to trace the logic and understand the underlying operations.

• SSE2 Integration: cmut leverages SSE2 intrinsics to efficiently manage and mutate 64-bit and 128-bit data types. This not only enhances performance but also adds another layer of complexity for analysis, as the data is handled in specialized CPU registers.

• Operator Overloading: To ensure ease of use, cmut overloads basic arithmetic, assignment, and bitwise operators. This allows developers to use cmut objects just like they would with standard primitive types, without sacrificing the benefits of obfuscation.

The following images demonstrate the complex control-flow graph generated by a small example project using cmut. This visual representation highlights the effectiveness of the obfuscation in creating a challenging analysis environment. IDA Control Flow Graph:

Here is a basic example of how to use cmut in your code:

#include "cmut.hxx"
#include <iostream>

int main() {
    // Create a mutated integer with the value 42
    cmut<int> my_mutated_int(42);

    // Perform operations just like a normal integer
    my_mutated_int += 8;
    my_mutated_int++;

    // To retrieve the original value, you can either call the get() method
    // or implicitly convert it back to its base type.
    int original_value = my_mutated_int;

    std::cout << "The final value is: " << original_value << std::endl; // Outputs 51

    return 0;
}

⚠️ Important Considerations

• The More Implicit && / || Explicit Calls you make to the Operators, or get() / set() Accessors (Which the Operators Invoke Themselves), the Greater Degree of Control-Flow Obfuscation in the Output Binary

• Retrieving Data: To get the original, de-obfuscated value, you can either call the .get() method explicitly or rely on the implicit conversion by assigning the cmut object to a variable of its base type (e.g., int x = my_mutated_int;).

• Floating-Point Types: While cmut is compatible with floating-point types (float, double), be aware that some bitwise operators (e.g., %, &, |, ^) are not supported for these types. Using them will result in a compile-time error.