(C) Opaque Predicate by Unprotect

Created the Tuesday 06 December 2022. Updated 1 month, 3 weeks ago.

Description:

In this code, the first opaque predicate is similar to the previous example, where the value of z is calculated by multiplying x and y, which will always result in the value 15. The if statement then checks if z is equal to 15, which is always the case. This makes it difficult for an analyst to understand the intent of the code, as the logic behind the if statement is not immediately apparent.

The code then goes on to create another opaque predicate using the values of a and b. In this case, the value of c is calculated by subtracting b from a, which will always result in the value 5. The if statement then checks if c is equal to 5, which is always the case. This adds another layer of complexity to the code, making it even more difficult to understand and reverse engineer. By using multiple opaque predicates, malware authors can create highly obfuscated code that is very difficult to analyze.

Code

            int main() {
    int x = 3;
    int y = 5;
    int z = x * y;

    // Opaque predicate: z will always be equal to 15,
    // so this if statement will always be true
    if (z == 15) {
        // Do something malicious

        // Create another opaque predicate
        int a = 10;
        int b = 5;
        int c = a - b;

        // This if statement will also always be true
        if (c == 5) {
            // Do something even more malicious
        }
    }
}