Make Your Code Unreadable.
Keep It Functional.

A Python port of four existing C++ LLVM obfuscation frameworks, brought to modern LLVM via llvm-nanobind. 17 passes across 4 technique families — from arithmetic substitution to VM virtualization.

View on GitHubExplore Features
Shifting.Codes transform
// Before: Original LLVM IR
define i32 @add(i32 %a, i32 %b) {
entry:
  %result = add i32 %a, %b
  ret i32 %result
}

Four Families of Protection

17 obfuscation passes ported to Python from four open-source C++ frameworks — some no longer maintained, all brought to modern LLVM

Pluto
6 passes

Ported from bluesadi's C++ framework (archived, last updated 2022, pinned to LLVM 14)

Polaris
8 passes

Ported from za233's C++ obfuscator — upgraded Pluto passes plus four new techniques

VMwhere
2 passes

Ported from MrRoy09's C++ project — platform-specific techniques targeting strings and disassemblers

Virtualization
1 pass

Built on thesecretclub's riscy-business C++ VM — translates functions to RISC-V bytecode with embedded interpreter

See the Transformation

Explore how each pass transforms LLVM IR

Simplified examples for illustration — real output varies with random seeds and pass composition

original.llBefore
define i32 @add(i32 %a, i32 %b) {
entry:
  %result = add i32 %a, %b
  ret i32 %result
}
obfuscated.llPluto
; Pattern: a + b = (a + r) + b - r
define i32 @add(i32 %a, i32 %b) #0 {
entry:
  %sub.ar  = add i32 %a, -1447186197
  %sub.arb = add i32 %sub.ar, %b
  %result  = sub i32 %sub.arb, -1447186197
  ret i32 %result
}

How It Works

Three steps from source to protected binary

Step 1

Input LLVM IR

Compile your C/C++ source to LLVM bitcode with Clang, or load existing .bc files

Step 2

Select & Compose Passes

Choose from 17 passes across Pluto, Polaris, VMwhere, and Virtualization — stack them freely

Step 3

Output Protected Binary

Get an obfuscated binary that maintains full functionality with hardened protection

17
Obfuscation Passes
Across 4 families
4
Technique Families
Pluto, Polaris, VMwhere, Virtualization
Py
Python-First
Via llvm-nanobind, no C++ needed
Standing on Giants
LLVM, Z3, nanobind, and more

Why Shifting.Codes?

  • Python-based via llvm-nanobind — no need to rebuild LLVM from source
  • Built on LLVM, Z3, nanobind, and proven open-source obfuscation research
  • Compose multiple passes for layered protection across all 4 families
  • RISC-V inspired VM virtualizes functions into custom bytecode interpreters
  • Anti-disassembly pass injects x86 junk bytes that break IDA, Ghidra, and objdump
  • Makes code unreadable to mid-tier reverse engineering tools like IDA and Ghidra

Have questions or want to collaborate?

We're happy to chat