Skip to content

pcy190/deobfuscator

BranchesTags

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

7 Commits
arch_util
arch_util
 
 
example
example
 
 
util
util
 
 
.gitignore
.gitignore
 
 
README.md
README.md
 
 
analyzer.py
analyzer.py
 
 
emulator.py
emulator.py
 
 
main.py
main.py
 
 
patcher.py
patcher.py
 
 

Repository files navigation

deobfuscator

Introduction

Flexible deobfuscator.

Feature

x86 x86_64 arm arm64
deflat TODO TODO PARTLY ✔️
  • two engine mode for deflat
  • flexible patch pattern
  • easy to port

Usage:

requirements:

  • python3.7 +
  • dependencies:
pip3 install qiling angr termcolor capstone keystone

modify the start address and filename in main.py, and

python3 main.py

Specify the strategy 0 or 1 in emulator.search_path, in order to handle different flatten cases.

TODO:

  • support x86, x86_64
  • support Bogus Control Flow deobfuscation
  • add blocks analysis manually
  • IDAPro plugin, in order to mark the blocks visually by interacting with the deobfuscator (to handle different ida python version)

About

break ollvm.

Topics

arm64 deobfuscator ollvm deflat deollvm

Resources

Readme
Activity

Stars

98 stars

Watchers

4 watching

Forks

16 forks
Report repository

Releases

No releases published

Packages

No packages published

Languages