git404hub

what is karyo fr?

eversinc33/karyo — explained in plain English

Analysis updated 2026-05-18

17C++Audience · developerComplexity · 5/5Setup · hard

tl;dr

A C++ library for security researchers that uses symbolic execution on LLVM bitcode to analyze obfuscated VMP-protected software, it tells you what a register holds after a handler runs, or builds a formula if inputs are unknown.

vibe map

mindmap
  root((karyo))
    What it does
      Symbolic execution library
      VMP handler analysis
      Register value tracing
    How it works
      LLVM bitcode input
      Concrete and symbolic modes
      Expression tree output
    Use Cases
      Software protection analysis
      Obfuscated code reasoning
      Reverse engineering toolchain
    Setup
      C++ and CMake
      LLVM required
      Optional test targets

Code map

Detail Auto

An interactive map of this repo's files and how they connect — its source is parsed live in your browser. Click Visualize to build it.

filefunction / class

what do people make with this?

VIBE 1

Analyze VMP-protected software handlers to determine the exact register value produced after execution, given known inputs.

VIBE 2

Run symbolic queries on obfuscated code to get a formula showing how outputs depend on inputs when register values are unknown.

VIBE 3

Integrate Karyo into a C++ reverse engineering pipeline that uses LLVM bitcode as the intermediate representation.

what's the stack?

C++LLVMCMake

how it stacks up fr

eversinc33/karyoharitha-08/esp32_testkevinbudz/quickbar
Stars171717
LanguageC++C++C++
Setup difficultyhardmoderatemoderate
Complexity5/52/53/5
Audiencedeveloperdeveloperdeveloper

Figures from each repo's GitHub metadata at analysis time.

how do i run it?

Difficulty · hard time til it works · 1day+

Requires C++, CMake, and a compatible LLVM installation, you must also bring your own LLVM bitcode lifted from the target binary before using the library.

License terms are not mentioned in the repository description.

in plain english

Karyo is a small C++ programming library aimed at security researchers and reverse engineers who analyze obfuscated software. Its main purpose is to help understand how a specific class of software protection, known as VMP handlers, actually behaves at the machine level. The project description notes that all code was generated by AI. The library works by taking machine code that has been translated into an intermediate format called LLVM bitcode and then running it in a mode that mixes real, known values with placeholder symbolic ones. Rather than executing the code as a normal program would, it traces through the logic and produces either a concrete result or an expression tree showing how the output depends on the inputs. This approach is called symbolic execution. The primary use case is asking a question like: given a particular code handler from a protected program, what value ends up in a specific processor register when the handler finishes? The library can answer that as a fixed number when inputs are known, or as a formula when they are not. Integration requires a C++ build environment using CMake and a compatible version of the LLVM compiler infrastructure. The readme includes short code examples showing how to set up register values, run a handler function, and read back results. Tests and examples are optional build targets that can be enabled at compile time. This is a narrow, specialist tool. It is not aimed at general developers or beginners, and it is not a standalone application. If you are not already working with LLVM-based binary lifting and software protection analysis, this library is unlikely to be relevant to your work.

prompts (copy fr)

prompt 1
I have LLVM bitcode lifted from a VMP handler. Show me how to use the Karyo library to run symbolic execution and read back the value in RAX after the handler finishes.
prompt 2
Using Karyo's C++ API, write an example that sets two input registers to symbolic (unknown) values, executes a handler, and prints the resulting expression tree.
prompt 3
How do I build Karyo with CMake and link it into a C++ project that already depends on LLVM 17?
prompt 4
Write a Karyo example that first runs a handler with concrete register values, then with symbolic values, and compares the two results to verify the handler's logic.

Frequently asked questions

what is karyo fr?

A C++ library for security researchers that uses symbolic execution on LLVM bitcode to analyze obfuscated VMP-protected software, it tells you what a register holds after a handler runs, or builds a formula if inputs are unknown.

What language is karyo written in?

Mainly C++. The stack also includes C++, LLVM, CMake.

What license does karyo use?

License terms are not mentioned in the repository description.

How hard is karyo to set up?

Setup difficulty is rated hard, with roughly 1day+ to a first successful run.

Who is karyo for?

Mainly developer.

peek the repo → explain another one

This repo across BitVibe Labs

double-check against the repo, no cap.