<p>i found something called libEncryptorP.so in an Android binary and it uses an interesting method of obfuscation: it replaces a function with basically a CPU emulator for a fantasy CPU and then runs it on a program stored in .rodata or something</p><p>it's quite cute, at first it looked incomprehensible but it has 32 registers, a 6-bit opcode field, and 16 bits of random stuff (flags, etc) which it extracts out of a 32-bit instruction word and dispatches in a loop</p><p>made by ByteDance apparently</p>
