NE
NeKroFR/OpaqueRemover
Detect and remove opaque predicates from x86/x86_64 ELF binaries using symbolic execution.
OpaqueRemover
Detect and remove opaque predicates from x86/x86_64 ELF binaries using symbolic execution.
Uses Triton for per-basic-block symbolic execution and LIEF for binary parsing/patching.
Install
git clone https://github.com/NeKroFR/OpaqueRemover.git
cd OpaqueRemover/
pip install -r requirements.txt
Usage
python opaque_remover.py <input_binary> [output_binary]
Output defaults to <input_binary>.patched.
How it works
- Parses the ELF binary with LIEF, disassembles executable sections into basic blocks
- For each block ending in a conditional jump:
- Creates a fresh Triton context with all GPRs and stack memory symbolized
- Symbolically executes the block
- If Triton produces a path constraint where one branch is unsatisfiable, it's an opaque predicate
- If the branch is fully concrete (compiler pre-evaluated) and the block is within a user function, it's also flagged
- Patches:
- Never-taken jumps: NOPed out
- Always-taken jumps: replaced with unconditional
JMP
On this page
Languages
C86.7%Python12.9%Makefile0.3%
Contributors
Created February 19, 2026
Updated February 19, 2026