Cheap and reliable Node.js hosting starts at $3/month, and $1/month static HTML hosting

Created with love in Canada, visit hostnodejs.com today

Feel like to post an Ad? Learn Details

All Projects → RPISEC → Llvm Deobfuscator

RPISEC / Llvm Deobfuscator

Licence: mit

Programming Languages

python

139335 projects - #7 most used programming language

llvm-deobfuscator

Performs the inverse operation of the control flow flattening pass performed by LLVM-Obfuscator. It does not yet undo the bogus control flow and expression substitution passes.

Makes use of the BinaryNinja SSA form to determine all usages of the state variable. To use, right click on the state variable and click "Deobfuscate (OLLVM)". Note that the instruction writing to the state variable is typically in the first basic block of the function, and looks something like:

mov dword [rbp-0xf8], 0x962e7c4e

with minor variations in the large constant and variable offset.

For more information on llvm obfuscator itself, the source is an obvious ground truth :)

Installation

Should just be able to git clone the repository into your plugins repository.

Other Protections

Undoing Bogus Control Flow

Note that the project description data, including the texts, logos, images, and/or trademarks, for each open source project belongs to its rightful owner. If you wish to add or remove any projects, please contact us at [email protected].

Stars: ✭ 299

Visit Git Page 🔗Visit User Page 🔗Visit Issues Page (3) 🔗