GitPlanet

Cheap and reliable Node.js hosting starts at $3/month, and $1/month static HTML hosting

Created with love in Canada, visit hostnodejs.com today

Feel like to post an Ad? Learn Details
All Projects → mcdulltii → obfDetect

mcdulltii / obfDetect

Licence: GPL-3.0 License
IDA plugin to pinpoint obfuscated code

Programming Languages

python
139335 projects - #7 most used programming language

Labels

idaida-proida-pluginidapythonidapython-pluginobfuscation-detection

Projects that are alternatives of or similar to obfDetect

Hyara
Yara rule making tool (IDA Pro & Binary Ninja & Cutter Plugin)
Stars: ✭ 142 (+43.43%)
Mutual labels:  ida, ida-pro, ida-plugin, idapython, idapython-plugin
Necromancer
IDA Pro V850 Processor Module Extension
Stars: ✭ 21 (-78.79%)
Mutual labels:  ida, ida-pro, ida-plugin, idapython
DrGadget
dr.rer.oec.gadget IDAPython plugin for the Interactive Disassembler <ABANDONED PROJECT>
Stars: ✭ 61 (-38.38%)
Mutual labels:  ida-pro, ida-plugin, idapython, idapython-plugin
Flare Ida
IDA Pro utilities from FLARE team
Stars: ✭ 1,374 (+1287.88%)
Mutual labels:  ida, ida-pro, ida-plugin, idapython
Idarling
Collaborative Reverse Engineering plugin for IDA Pro & Hex-Rays
Stars: ✭ 588 (+493.94%)
Mutual labels:  ida, ida-pro, ida-plugin, idapython
Idangr
Use angr in the IDA Pro debugger generating a state from the current debug session
Stars: ✭ 214 (+116.16%)
Mutual labels:  ida, ida-pro, ida-plugin, idapython
Ipyida
IPython console integration for IDA Pro
Stars: ✭ 358 (+261.62%)
Mutual labels:  ida, ida-pro, ida-plugin, idapython
ida migrator
IDA Migrator is an IDA Pro plugin which helps migrate existing work from one database instance to another. It Conveniently migrates function names, structures and enums.
Stars: ✭ 65 (-34.34%)
Mutual labels:  ida, ida-pro, ida-plugin, idapython
xray
Hexrays decompiler plugin that colorizes and filters the decompiler's output based on regular expressions
Stars: ✭ 97 (-2.02%)
Mutual labels:  ida, ida-pro, idapython
idaplugins
Random IDA scripts, plugins, example code (some of it may be old and not working anymore)
Stars: ✭ 24 (-75.76%)
Mutual labels:  ida, ida-pro, ida-plugin
dynlib
IDA Pro plugin to aid PS4 user mode ELF reverse engineering.
Stars: ✭ 51 (-48.48%)
Mutual labels:  ida, ida-pro, ida-plugin
Ida For Delphi
IDA Python Script to Get All function names from Event Constructor (VCL)
Stars: ✭ 92 (-7.07%)
Mutual labels:  ida, ida-pro, idapython
Amie
A Minimalist Instruction Extender for the ARM architecture and IDA Pro
Stars: ✭ 136 (+37.37%)
Mutual labels:  ida, ida-pro, idapython
Rematch
REmatch, a complete binary diffing framework that is free and strives to be open source and community driven.
Stars: ✭ 141 (+42.42%)
Mutual labels:  ida, ida-pro, ida-plugin
Hrdevhelper
Context-sensitive HexRays decompiler plugin that visualizes the ctree of decompiled functions.
Stars: ✭ 193 (+94.95%)
Mutual labels:  ida, ida-pro, idapython
Hexrayspytools
IDA Pro plugin which improves work with HexRays decompiler and helps in process of reconstruction structures and classes
Stars: ✭ 873 (+781.82%)
Mutual labels:  ida, ida-plugin, idapython
Scratchabit
Easily retargetable and hackable interactive disassembler with IDAPython-compatible plugin API
Stars: ✭ 369 (+272.73%)
Mutual labels:  ida, ida-plugin, idapython
idapm
idapm is IDA Plugin Manager via GitHub Repository.
Stars: ✭ 50 (-49.49%)
Mutual labels:  ida, ida-pro, ida-plugin
DriverBuddyReloaded
Driver Buddy Reloaded is an IDA Pro Python plugin that helps automate some tedious Windows Kernel Drivers reverse engineering tasks
Stars: ✭ 210 (+112.12%)
Mutual labels:  ida, ida-plugin, idapython
IDAShell
Shell extension for opening executables in IDA
Stars: ✭ 172 (+73.74%)
Mutual labels:  ida, ida-pro, ida-plugin
View All Similar Projects ➔

Obfuscation Detection

Authored by: mcdulltii

Automatically detect obfuscated code and other state machines

Description:

Scripts to automatically detect obfuscated code and state machines in binaries.

Implementation is based on IDA 7.7 (Python3). For IDA 7.4 - 7.6 (Python3), refer to ObfDetect Version 1.6

Check out the following blog posts for more information on the Binary Ninja implementation:

Note:

Heuristic values are generated based on the above blog posts, and are sorted (when run in All Functions mode) top down based on their heuristic complexities.

Due to the recursive nature of plotting a dominator tree of every found function within the binary, the implementation and runtime overhead is expensive, though threading has been implemented.

Using PyQt to visualize the plugin, users are able to further customize the heuristic function analysis on the binary.

Dependencies (Python3)

PyQt5

Installation

Copy the obfDetect directory and obfDetect.py into the IDA Plugins directory.

When IDA has successfully finished loading a binary, the script will print out its banner into the IDC/Python console.

The script can be run via the File toolbar as shown below. Alternatively, Ctrl-Shift-H.

Toolbar

Features

  • Function names in output table can be renamed using n, and will thus update IDA's function names specified by its function address

  • Export filename input box when clicked, will open a file selection pop-up which can be navigated into a custom save location

Usage

  1. Select Heuristic function
  2. Select number/address of binary function to run heuristic function on
  3. (Optional) Filter out binary functions with a maximum node size
  4. Click Run button to start analysis
  5. (Optional) Click on Export filename input box to select export location, and click Export button to export table to csv format

Screenshots

  • Base GUI selection

Base GUI

  • Heuristic GUI analysis

Heuristic analysis

  • Single function heuristic GUI analysis

Single heuristic analysis

Todo

  • QTableWidget selected item export
Note that the project description data, including the texts, logos, images, and/or trademarks, for each open source project belongs to its rightful owner. If you wish to add or remove any projects, please contact us at [email protected].