deobfuscator

Introduction

Flexible deobfuscator.

Feature

	x86	x86_64	arm	arm64
deflat	TODO	TODO	PARTLY	✔️

two engine mode for deflat
flexible patch pattern
easy to port

Usage:

requirements:

python3.7 +
dependencies:

pip3 install qiling angr termcolor capstone keystone

modify the start address and filename in main.py, and

python3 main.py

Specify the strategy 0 or 1 in emulator.search_path, in order to handle different flatten cases.

TODO:

support x86, x86_64
support Bogus Control Flow deobfuscation
add blocks analysis manually
IDAPro plugin, in order to mark the blocks visually by interacting with the deobfuscator (to handle different ida python version)

Name		Name	Last commit message	Last commit date
Latest commit History 9 Commits
arch_util		arch_util
example		example
rootfs @ f71f45f		rootfs @ f71f45f
util		util
.gitignore		.gitignore
.gitmodules		.gitmodules
README.md		README.md
analyzer.py		analyzer.py
emulator.py		emulator.py
main.py		main.py
patcher.py		patcher.py

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Uh oh!

Repository files navigation

deobfuscator

Introduction

Feature

Usage:

TODO:

About

Uh oh!

Releases

Packages

Contributors 2

Uh oh!

Languages

pcy190/deobfuscator

Folders and files

Latest commit

History

Repository files navigation

deobfuscator

Introduction

Feature

Usage:

TODO:

About

Topics

Resources

Uh oh!

Stars

Watchers

Forks

Releases

Packages 0

Contributors 2

Uh oh!

Languages

Packages