Jump to content
View in the app

A better way to browse. Learn more.

Tuts 4 You

A full-screen app on your home screen with push notifications, badges and more.

To install this app on iOS and iPadOS
  1. Tap the Share icon in Safari
  2. Scroll the menu and tap Add to Home Screen.
  3. Tap Add in the top-right corner.
To install this app on Android
  1. Tap the 3-dot menu (⋮) in the top-right corner of the browser.
  2. Tap Add to Home screen or Install app.
  3. Confirm by tapping Install.

[Code Deobfuscator]

Featured Replies

Posted

Hello,
I decided to share this code capable Deobuscation various techniques of obfuscation 
typical of modern systems of protection based Virtual Machine (Themida, vmProtect etc ..). This tools is intended for analyzing and readable code.
I share this tool (the result of hours and hours of my free time) so that someone can improve the code and help me in the very complex that is Control Flow Optimization.

https://github.com/Pigrecos/CodeDeobfuscator

I am attaching a video to show its use

Deobuscator.exe

its a long time that i have planned to do something like this.

very interested. thanks for your sharing.

unfortunately i should learn delphi for it :)

i will look it on future.

i'm interesting on helping improve it (i hope i get some free time)

 

Good LuCk

  • Author

Thank you  Raham  ;)

Nice share!! Will test it now :)

Edited by reasen

Thanks for sharing, will put it to a test soon :)

 

I also wrote a deobfuscator using Capstone & Unicorn. It's capable of handling x86/x64 assembly and stack based virtual machine. I will share the code, but I'm superbusy with University, I need to recode it better. @root would you like to talk a bit about how we handle things? Did you compared it with CodeDoctor? :)

  • Author
22 minutes ago, fvrmatteo said:

I also wrote a deobfuscator using Capstone & Unicorn. It's capable of handling x86/x64 assembly and stack based virtual machine. I will share the code, but I'm superbusy with University, I need to recode it better. @root would you like to talk a bit about how we handle things? Did you compared it with CodeDoctor? :)

Yes, but in English it is really hard for me to communicate complex things, I'm sorry;).
I have to take a course in English :)

Great idea and job root ... and thanks a lot for sharing your hard work.

Best Regards,
Tony
 

can share the compiled exe (here see there delphi must download in many days with my low speed)

  • Author
16 minutes ago, Apuromafo said:

can share the compiled exe (here see there delphi must download in many days with my low speed)

Of course.

Hello :)

 

Deobfuscator.rar

4 hours ago, root said:

Yes, but in English it is really hard for me to communicate complex things, I'm sorry;).
I have to take a course in English :)

Just saying, we are both italians, right? If you want ping me on Twitter @fvrmatteo

I also wrote a little paper about a technique I use to deal with heavy stack obfuscation (Themida/VMProtect). And also have some comparison with CodeDoctor based on real test cases.

  • Author
3 minutes ago, fvrmatteo said:

Just saying, we are both italians, right? If you want ping me on Twitter @fvrmatteo

I also wrote a little paper about a technique I use to deal with heavy stack obfuscation (Themida/VMProtect). And also have some comparison with CodeDoctor based on real test cases.

A sorry I did not see that you were too Italian ;)

A scusa non avevo visto che eri anche tu italiano

 

  • 1 month later...

From what I heard someone is waiting for my code. Be warned it is REALLY MESSY CODE, I wrote it to learn about obfuscation/deobfuscation, but it needs a complete rewrite (the C file I'll share will contain unused code I wrote for test purposes, and also many routines I wrote to face various obfuscations). The ideas are good I think, and it can handle obfuscation good, but as said above, a complete rewrite is needed to have something nice. Also, many optimizations I have in mind needs to be implemented, but I just started a new University year and I don't know how much time I will be able to have. I will share a repository tomorrow, you'll have fun with that horrible C code :D also to fully understand the output (interleaved with error/debug messages) you'll need to read the code because I can't explain it now.

EDIT:

https://github.com/fvrmatteo/DeobfuscatorTest

It should be compiled with msys2 on Windows. You'll need XEDParse.dll, unicorn.lib & capstone.lib

The code is ugly. Of ~10000 code lines, half (4000/5000) can be deleted because I kept old test functions and the new one are not optimized at all. I simply wrote each simplification crossed my mind. The main idea is to reduce pattern matching (peephole optimization) to the least possible (currently 2 patterns, and they are generals).

I will publish a little paper I wrote about a technique to handle stack access (read/write/push/pop) in an easy and global way. So one can apply the standard optimizations (constant folding/propagation, junk elimination, etc) in a similar way to the one applied to registers.

The code can handle (or at least it should) basic block of assembly, without JMPs/CALLs/RETs. This because I'm coding a tracer to extract the executed code, and then deonfuscate it (so no jumps will be present).

Root's deobfuscator works better, I only tested ideas, so don't hope in a miracle. But, if you have time you can extract the current actively used routines and rewrite them better (I'll do it, but now I don't have time). The ideas are good I think, Themida/VMP tests works good, but sometimes they are not in a minimal form (I already know which optimizations are missing). But surely if you manage to understand the code, compile it and try it, you can send me tests with un-handled obfuscation so I can understand and add them.

Matteo

Edited by fvrmatteo

  • 3 weeks later...
On 25.01.2016 at 10:13 PM, root said:

Hello,
I decided to share this code capable Deobuscation various techniques of obfuscation 
typical of modern systems of protection based Virtual Machine (Themida, vmProtect etc ..). This tools is intended for analyzing and readable code.
I share this tool (the result of hours and hours of my free time) so that someone can improve the code and help me in the very complex that is Control Flow Optimization.

https://github.com/Pigrecos/CodeDeobfuscator

I am attaching a video to show its use

Deobuscator.exe

Thanks!!!

Hi,

test it then got an error. 

Quote

Errore: 00000001  - [CODEGEN] -invalid combination of opcode and operands

rtrace.txt

Create an account or sign in to comment

Configure browser push notifications

Chrome (Android)
  1. Tap the lock icon next to the address bar.
  2. Tap Permissions → Notifications.
  3. Adjust your preference.
Chrome (Desktop)
  1. Click the padlock icon in the address bar.
  2. Select Site settings.
  3. Find Notifications and adjust your preference.