GitPlanet

Cheap and reliable Node.js hosting starts at $3/month, and $1/month static HTML hosting

Created with love in Canada, visit hostnodejs.com today

Feel like to post an Ad? Learn Details
All Projects → HoLLy-HaCKeR → Eazfixer

HoLLy-HaCKeR / Eazfixer

Licence: mit
A deobfuscation tool for Eazfuscator.

Labels

deobfuscation

Projects that are alternatives of or similar to Eazfixer

javascript-deobfuscator
A deobfuscator for JavaScript codes generated by Obfuscator.io
Stars: ✭ 136 (-19.05%)
Mutual labels:  deobfuscation
Malware Jail
Sandbox for semi-automatic Javascript malware analysis, deobfuscation and payload extraction. Written for Node.js
Stars: ✭ 349 (+107.74%)
Mutual labels:  deobfuscation
Pjorion Deobfuscator
A deobfuscator for PjOrion, python cfg generator and more
Stars: ✭ 48 (-71.43%)
Mutual labels:  deobfuscation
java-unpacker
Extract Crypted Jar Archives
Stars: ✭ 67 (-60.12%)
Mutual labels:  deobfuscation
batch deobfuscator
Deobfuscate batch scripts obfuscated using string substitution and escape character techniques.
Stars: ✭ 82 (-51.19%)
Mutual labels:  deobfuscation
Dex Oracle
A pattern based Dalvik deobfuscator which uses limited execution to improve semantic analysis
Stars: ✭ 398 (+136.9%)
Mutual labels:  deobfuscation
mzphp2-deobfuscator
A de-obfuscate tool for code generated by mzphp2. 用于解混淆mzphp2加密的php文件的工具。
Stars: ✭ 36 (-78.57%)
Mutual labels:  deobfuscation
Samsung Firmware Magic
Tool for decrypting the firmware files for Samsung SSDs
Stars: ✭ 138 (-17.86%)
Mutual labels:  deobfuscation
r2con2021 deobfuscation
Workshop Material on VM-based Deobfuscation
Stars: ✭ 109 (-35.12%)
Mutual labels:  deobfuscation
Vtil Core
Virtual-machine Translation Intermediate Language
Stars: ✭ 738 (+339.29%)
Mutual labels:  deobfuscation
decrypticon
Java-layer Android Malware Simplifier
Stars: ✭ 17 (-89.88%)
Mutual labels:  deobfuscation
JavaDeobfuscator
Java Deobfuscator
Stars: ✭ 32 (-80.95%)
Mutual labels:  deobfuscation
Tigress protection
Playing with the Tigress binary protection. Break some of its protections and solve some of its challenges. Automatic deobfuscation using symbolic execution, taint analysis and LLVM.
Stars: ✭ 550 (+227.38%)
Mutual labels:  deobfuscation
tiro
TIRO - A hybrid iterative deobfuscation framework for Android applications
Stars: ✭ 20 (-88.1%)
Mutual labels:  deobfuscation
Jremapper
Remapping tool for compiled java programs.
Stars: ✭ 97 (-42.26%)
Mutual labels:  deobfuscation
deollvm
deollvm arm64 based unicorn
Stars: ✭ 26 (-84.52%)
Mutual labels:  deobfuscation
Simplify
Android virtual machine and deobfuscator
Stars: ✭ 3,865 (+2200.6%)
Mutual labels:  deobfuscation
Flare Floss
FLARE Obfuscated String Solver - Automatically extract obfuscated strings from malware.
Stars: ✭ 2,020 (+1102.38%)
Mutual labels:  deobfuscation
Deoptfuscator
Deobfuscator for Android Application
Stars: ✭ 115 (-31.55%)
Mutual labels:  deobfuscation
De4js
JavaScript Deobfuscator and Unpacker
Stars: ✭ 556 (+230.95%)
Mutual labels:  deobfuscation
View All Similar Projects ➔

EazFixer Build status

A deobfuscation tool for Eazfuscator.

Downloading

You can download the latest master build at AppVeyor. If there was no commit in the last 6 months, you will have to build it yourself. Please do not open issues asking for me to build it for you.

Description

EazFixer is a deobfuscation tool for Eazfuscator, a commercial .NET obfuscator. For a list of features, see the list below.

Implemented fixes:

  • String encryption
  • Resource encryption
  • Assembly embedding

Not implemented, may be added in the future:

  • Entrypoint obfuscation
  • Data virtualization

Out of scope:

  • Code virtualization (separate project)
  • Symbol renaming (symbol names are either unrecoverable or encrypted. For symbol decryption in case of a known key, see EazDecode)
  • Automatic code optimization (not an anti-feature!)
  • Code control flow obfuscation (I didn't have any problems with my samples in dnSpy)
  • Assemblies merging (doesn't seem probable, especially with symbol renaming)
  • Control flow obfuscation (use de4dot)

Usage

Call from the command line or drag and drop the file on and let it run or use the command line flag --file.

If your assembly is protected with control-flow obfuscation, run it through de4dot with the --only-cflow-deob flag first.

  • --file path
  • --keep-types
  • --virt-fix

The flag --file is used for the input file. The flag --keep-types is similar to the de4dot flag, Keeps obfuscator types and assemblies. The flag --virt-fix keeps certain parts obfuscated to stay working with virtualized assemblies.

example: EazFixer.exe --file test.exe --keep-types

Building

Clone the repository and use the latest version of Visual Studio (2019, at the time of writing).

Support

EazFixer is (and will always be) targeted at the latest version of Eazfuscator. If your version is not supported, try a more universal deobfuscator like de4dot. If your version is newer than what this tool supports, create an issue only after verifying with the latest version of Eazfuscator.

Also, I will not help you use this program. Consider it for advanced users only. If you do run into a problem and are sure it is a bug, feel free to submit an issue but I cannot guarantee I will fix it.

Related projects

  • EazDecode, for decrypting encrypted symbol names in case of a known encryption key.
  • eazdevirt, a tool for devirtualizing older version of EazFuscator.
  • eazdevirt fork, my abandoned fork of eazdevirt, may work slightly better on newer samples.

Credits

This tool uses the following (open source) software:

  • dnlib by 0xd4d, licensed under the MIT license, for reading/writing assemblies.
  • Harmony by Andreas Pardeike, licensed under the MIT license, for patching the stacktrace which allows for reflection invocation to be used.
Note that the project description data, including the texts, logos, images, and/or trademarks, for each open source project belongs to its rightful owner. If you wish to add or remove any projects, please contact us at [email protected].