FILTERING BY: CLEAR FILTER

AI-Assisted Deobfuscation of Control Flow Flattening using Qwen2.5-Coder and Ghidra

This research evaluates the efficacy of local Large Language Models (LLMs), specifically the Qwen2.5-Coder series, in deobfuscating binaries protected by Control Flow Flattening (CFF). Using a closed-loop workflow—incorporating Ghidra decompilation, Ollama-orchestrated prompting, and behavioral verification—the study tests the ability to recover RC4 logic from stripped, obfuscated C code. Findings indicate that while structural recovery is achievable, smaller models (7B-14B) suffer from critical reasoning failures, including data-flow loss, incorrect operator precedence, and self-audit hallucinations. The research underscores that LLMs currently function best as hypothesis generators within a rigorous, behaviorally-verified analysis framework rather than autonomous deobfuscation engines.


LINK COPIED TO CLIPBOARD