GitPlanet

Cheap and reliable Node.js hosting starts at $3/month, and $1/month static HTML hosting

Created with love in Canada, visit hostnodejs.com today

Feel like to post an Ad? Learn Details
All Projects → mrphrazer → r2con2021_deobfuscation

mrphrazer / r2con2021_deobfuscation

Licence: GPL-3.0 License
Workshop Material on VM-based Deobfuscation

Programming Languages

python
139335 projects - #7 most used programming language

Labels

deobfuscationreversing

Projects that are alternatives of or similar to r2con2021 deobfuscation

dwarf import
This loads DWARF info from an open binary and propagates function names, arguments, and type info
Stars: ✭ 18 (-83.49%)
Mutual labels:  reversing
radare2-book
Radare2 official book
Stars: ✭ 628 (+476.15%)
Mutual labels:  reversing
Deobfuscation
Binary Deobfuscation Series
Stars: ✭ 15 (-86.24%)
Mutual labels:  deobfuscation
javascript-deobfuscator
A deobfuscator for JavaScript codes generated by Obfuscator.io
Stars: ✭ 136 (+24.77%)
Mutual labels:  deobfuscation
tiro
TIRO - A hybrid iterative deobfuscation framework for Android applications
Stars: ✭ 20 (-81.65%)
Mutual labels:  deobfuscation
RF-List
RFSec tools
Stars: ✭ 98 (-10.09%)
Mutual labels:  reversing
crackmes
Open and censorship resistant crackmes repository
Stars: ✭ 98 (-10.09%)
Mutual labels:  reversing
hookwin10calc
Reverse engineered Windows 10 Calculator.exe (UWP application) hacker. 한글/漢文을 배운 윈도우 계산기 패치.
Stars: ✭ 19 (-82.57%)
Mutual labels:  reversing
MsFontsFuzz
OpenType font file format fuzzer for Windows
Stars: ✭ 49 (-55.05%)
Mutual labels:  reversing
decrypticon
Java-layer Android Malware Simplifier
Stars: ✭ 17 (-84.4%)
Mutual labels:  deobfuscation
auxlib
Full reversing of the Microsoft Auxiliary Windows API Library and ported to C
Stars: ✭ 19 (-82.57%)
Mutual labels:  reversing
Apex-Legends-SDK
Open Source Cheat for Apex Legends, designed for ease of use. Made to understand reversing of Apex Legends and respawn's modified source engine as well as their Easy Anti Cheat Implementation.
Stars: ✭ 101 (-7.34%)
Mutual labels:  reversing
smram parse
System Management RAM analysis tool
Stars: ✭ 50 (-54.13%)
Mutual labels:  reversing
Minosoft
An open source Minecraft reimplementation written from scratch. Mirror of https://gitlab.bixilon.de/bixilon/minosoft
Stars: ✭ 149 (+36.7%)
Mutual labels:  reversing
JavaDeobfuscator
Java Deobfuscator
Stars: ✭ 32 (-70.64%)
Mutual labels:  deobfuscation
deollvm
deollvm arm64 based unicorn
Stars: ✭ 26 (-76.15%)
Mutual labels:  deobfuscation
java-unpacker
Extract Crypted Jar Archives
Stars: ✭ 67 (-38.53%)
Mutual labels:  deobfuscation
batch deobfuscator
Deobfuscate batch scripts obfuscated using string substitution and escape character techniques.
Stars: ✭ 82 (-24.77%)
Mutual labels:  deobfuscation
VitaTestSuite
Step by step execution and exploration of dumped PS Vita code
Stars: ✭ 15 (-86.24%)
Mutual labels:  reversing
TraceEvent
Trace events in real time sessions
Stars: ✭ 26 (-76.15%)
Mutual labels:  reversing
View All Similar Projects ➔

Analysis of Virtualization-based Obfuscation

This repository contains slides, samples and code of the 4h code deobfuscation workshop at r2con2021. We give a brief introduction into virtualization-based obfuscation and manually analyze a simple VM generated by Tigress. Afterward, we use symbolic execution to automate the analysis and write a dynamic VM disassembler that is based on Miasm.

The recording is available here.

Installation

# on debian/ubuntu based systems:
sudo apt-get install python-dev

# clone repository and init submodules
git clone https://github.com/mrphrazer/r2con2021_deobfuscation.git
cd r2con2021_deobfuscation
git submodule update --init --rebase --recursive

# install miasm
cd miasm
pip install -r requirements.txt
pip install .
cd ..

Contact

For more information, contact Tim Blazytko (@mr_phrazer).

Note that the project description data, including the texts, logos, images, and/or trademarks, for each open source project belongs to its rightful owner. If you wish to add or remove any projects, please contact us at [email protected].