This repository provides a one-header project that can easily prevent IDA decompiler tool to decompile the functions of any program by throwing a decompilation failure.
Users can easily protect their functions using the BRKIDA
macro provided in the header.
The repository includes an example demonstrating the usage of BRKIDA
.
Currently only supports MSVC and x64.
- The stub is generated at compile-time by using a random ptr formed by 4 random bytes, each based on an hash that's based on the date, time and a counter which increases every time a function is protected.
- Supports C++14 and higher versions.
This project exploits the fact that IDA decompiler fails when it encounters a stack access on a pointer that's too big.
ASM:
jmp useless ; jump 8 byte after to skip the next instruction (E8 08)
mov [rsp + BIGINT_HERE], rcx ; this will never be executed or we would crash too (48 89 8C 24 DE AD BE EF)
useless:
ret ; C3
include/
: Contains thebrkida.hpp
header file.src/
: Holds the examplemain.cpp
file showcasing the usage ofBRKIDA
.LICENSE
: Licensing information for the provided code.README.md
: Documentation explaining how to use everything.
The repository includes an example demonstrating the usage of the BRKIDA
macro:
#include <stdio.h>
#include "brkida.hpp"
int main() {
BRKIDA; // define this at the start of every function you want to break
printf("Hello!\n");
return 0;
}