Jump to content
View in the app

A better way to browse. Learn more.
Tuts 4 You

A full-screen app on your home screen with push notifications, badges and more.

To install this app on iOS and iPadOS
  1. Tap the Share icon in Safari
  2. Scroll the menu and tap Add to Home Screen.
  3. Tap Add in the top-right corner.
To install this app on Android
  1. Tap the 3-dot menu (⋮) in the top-right corner of the browser.
  2. Tap Add to Home screen or Install app.
  3. Confirm by tapping Install.

Appfuscator string decryptor

hanzo
hanzo
in Reverse Engineering Articles

Featured Replies

Hi guys,

I've been working on an Appfuscator string decryptor which I used on a malware called Gremlin Stealer ( https://bazaar.abuse.ch/sample/d21c8a005125a27c49343e7b5b612fc51160b6ae9eefa0a0620f67fa4d0a30f6/ ).

I used the AsmResolver library.

It still needs two things: replace variables by their value and patch ternary operators to decrypt all the strings. I guess I need to look at the control flow graph for that.

You can take a look and even contribute or give suggestions on how to approach the problems.

GitHub
No image preview

GitHub - lowlevel01/deGremlin: Decrypt and Patch strings...

Decrypt and Patch strings obfuscated with Appfuscator. Tested on Gremlin Stealer. - lowlevel01/deGremlin

Edited by hanzo

    • Like 1

    can upload test file here to test

    Create an account or sign in to comment

    https://forum.tuts4you.com/topic/45792-appfuscator-string-decryptor/
    Go to topic listing

    Configure browser push notifications
    Chrome (Android)
    1. Tap the lock icon next to the address bar.
    2. Tap Permissions → Notifications.
    3. Adjust your preference.
    Chrome (Desktop)
    1. Click the padlock icon in the address bar.
    2. Select Site settings.
    3. Find Notifications and adjust your preference.