deobfuscator

Introduction

Flexible deobfuscator.

Feature

	x86	x86_64	arm	arm64
deflat	TODO	TODO	PARTLY	✔️

two engine mode for deflat
flexible patch pattern
easy to port

Usage:

requirements:

python3.7 +
dependencies:

pip3 install qiling angr termcolor capstone keystone

modify the start address and filename in main.py, and

python3 main.py

Specify the strategy 0 or 1 in emulator.search_path, in order to handle different flatten cases.

TODO:

support x86, x86_64
support Bogus Control Flow deobfuscation
add blocks analysis manually
IDAPro plugin, in order to mark the blocks visually by interacting with the deobfuscator (to handle different ida python version)

Name		Name	Last commit message	Last commit date
Latest commit History 7 Commits
arch_util		arch_util
example		example
util		util
.gitignore		.gitignore
README.md		README.md
analyzer.py		analyzer.py
emulator.py		emulator.py
main.py		main.py
patcher.py		patcher.py

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

arch_util

arch_util

example

example

util

util

.gitignore

.gitignore

README.md

README.md

analyzer.py

analyzer.py

emulator.py

emulator.py

main.py

main.py

patcher.py

patcher.py

Repository files navigation

deobfuscator

Introduction

Feature

Usage:

TODO:

About

Releases

Packages

Languages

pcy190/deobfuscator

Folders and files

Latest commit

History

Repository files navigation

deobfuscator

Introduction

Feature

Usage:

TODO:

About

Topics

Resources

Stars

Watchers

Forks

Languages