International Journal of Open Information Technologies

Code metamorphism is a powerful technique for protecting software from reverse engineering, but its manual implementation is extremely labor-intensive. This paper presents a toolkit for automating the code metamorphism process for the Go language using large language models. The toolkit implements a modular architecture and applies two key techniques: dead code insertion and control flow modification, delegating the generation of transformations to external LLMs. An experimental evaluation was conducted using three modern LLMs (gemini-2.5-flash-preview-04-17, deepseek-chat-v3-0324, gemini-2.0-flash). Effectiveness was assessed using metrics of functional equivalence, change in lines of code, cyclomatic complexity, and cognitive complexity. The results  demonstrate the feasibility of automating metamorphism with LLMs, a  significant  increase in code complexity according to CC and CogC metrics, but reveal issues with the stability of maintaining functional equivalence during control flow modification for some models. The work shows the promise of using LLMs for code obfuscation tasks but highlights the need for further research to improve reliability and assess the real-world resilience of the code.

C. Collberg, C. Thomborson, and D. Low, «A taxonomy of obfuscating transformations», Department of Computer Science, University of Auckland, Technical Report 148, 1997.

P. Szor, «Art of computer virus research and defense», in Proceedings of the 11th European Institute for Computer Antivirus Research Conference (EICAR), 2005.

A. Sharma and S. K. Sahay, «Evolution and detection of polymorphic and metamorphic malwares: A survey», International Journal of Computer Applications (IJCA), vol. 90, no. 2, pp. 7–11, Mar. 2014.

K. Brezinski and K. Ferens. Metamorphic malware and obfuscation – a survey of techniques, variants and generation kits. Preprint. (Oct. 2021).

W. Wong and M. Stamp, «Hunting for metamorphic engines», Journal in Computer Virology, vol. 2, no. 3, pp. 211–229, 2006.

M. Campion, M. Dalla Preda, and R. Giacobazzi, «Learning metamorphic malware signatures from samples», Journal of Computer Virology and Hacking Techniques, vol. 17, pp. 167–183, 2021.

S. Schrittwieser, S. Katzenbeisser, J. Kinder, G. Merzdovnik, and E. Weippl, «Protecting software through obfuscation: Can it keep pace with progress in code analysis?», ACM Computing Surveys (CSUR), 2016.

M. Chen et al., «Evaluating large language models trained on code», arXiv preprint arXiv:2107.03374, 2021.

T. J. McCabe, «A complexity measure», IEEE Transactions on Software Engineering, vol. SE-2, no. 4, pp. 308–320, 1976.

SonarSource, Cognitive complexity: A new way of measuring understandability, SonarSource Blog, URL: https : / / www . sonarsource . com / docs /CognitiveComplexity.pdf, 2023.

Metamorphllm project repository, GitHub, URL: https:// github. com/Hekzory/MetamorphLLM/ blob/master/internal/rewriter/rewriter.go, 2025.

Metamorphllm prompt dead code insertion technique, GitHub, URL: https : / / gist . github . com / Hekzory /12e4357763be058a6e17a496c8330e9d, 2025.

Metamorphllm prompt control flow modification technique, GitHub, URL: https://gist.github.com/Hekzory/ 4264e30175938c2b4c3fc4cdf24f4274, 2025.

Metamorphllm prompt repository combination of dead code insertion and control flow modification, GitHub, URL: https : / / gist . github . com / Hekzory /d97f7249658784af3782ac28cfaa1b29, 2025.