Keyboard shortcuts

Press or to navigate between chapters

Press S or / to search in the book

Press ? to show this help

Press Esc to hide this help

Introduction

Phantom pass is a collection of LLVM IR and machine code level obfuscation passes. The techniques are either extracted from reversed malware samples (e.g. Mirai and Hancitor) or obtained via OSINT. The passes are primarily intended for AArch64, but some also work on other architectures. This book provides the supplementary documentation.

The source code is available here.

🚧 The book is still under construction. New chapters will be added and the existing ones might be modified.