Hikari_pe_x64 Guide

Example full obfuscation:

clang-cl.exe /O2 /GS- /c source.c ^ -mllvm -enable-pass-plugin=C:\Hikari\lib\hikari_pe_x64.dll ^ -mllvm -sub -mllvm -sub_loop=1 | Flag | Effect | |------|--------| | -sub | Instruction substitution | | -sub_loop=1 | Substitution on loops | | -bcf | Bogus control flow | | -bcf_loop=1 | Bogus flow in loops | | -fla | Control flow flattening | | -fla_loop=1 | Flatten loops | | -split | Basic block splitting | | -split_num=2 | Split into 2 blocks | | -indibran | Indirect branching (opaque predicates) | hikari_pe_x64

C:\Hikari\ bin\ clang-cl.exe lld-link.exe lib\ hikari_pe_x64.dll <-- plugin Add to environment PATH : C:\Hikari\bin Use the plugin flag : Example full obfuscation: clang-cl

((annotate("nohikari"))) void normal_function() // no obfuscation It transforms IR code to resist static/dynamic analysis

Also available: "bcf" , "split" , "indibran" , "fla_loop" , "sub_loop" , "split_num=3" Combine with manual tricks:

1. What is hikari_pe_x64? hikari_pe_x64 is a LLVM obfuscator plugin (based on Hikari/Obfuscator-LLVM) specifically compiled to work with MSVC/clang-cl on Windows targeting x64 PE executables . It transforms IR code to resist static/dynamic analysis. ⚠️ Not to be confused with “hikari” (anime character). This is a security research tool. 2. Prerequisites | Component | Requirement | |-----------|-------------| | Windows | 10/11 (x64) | | LLVM/Clang | 15.x or 16.x (clang-cl) | | Build tools | Visual Studio 2022 (with “C++ CMake tools”) | | Python | 3.8+ (for scripts) |