A collection of Proof-of-Concept implementations of various anti-disassembly techniques for ARM32 and ARM64 architectures.
The PLD instruction is used to preload data from memory into the instruction cache. This can confuse disassemblers as they may try to interpret the data at the PC location as instructions. This technique is only available on ARM32.
Inserts a PLD instruction that references the program counter (PC). This can confuse disassemblers as they may try to interpret the data at the PC location as instructions.
This technique is working on IDA.
Anti-disassembly is not succeeding in Ghidra. This is because it does not interpret the address specified in the operand of the PLD instruction. This is a good thing that it is not as multifunctional as IDA.
Similar to the above but with an offset from PC, making it more complex for disassemblers to handle.
Combines the PLD instruction with a NOP sled, creating a more sophisticated anti-disassembly pattern.
This technique is available on ARM32 and ARM64.
Inserts invalid instructions (as data) after an unconditional branch, which will never be executed. This can confuse disassemblers that try to analyze all code paths.
This technique is available on ARM32 and ARM64.
Uses a conditional branch with a complex mathematical condition to hide invalid instructions. The condition is designed to always evaluate to false, but disassemblers may still try to analyze the dead code path.
