Skip to content

mrphrazer/r2con2020_deobfuscation

BranchesTags

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

8 Commits
samples
samples
 
 
LICENSE
LICENSE
 
 
README.md
README.md
 
 
remove_opaque.py
remove_opaque.py
 
 
slides.pdf
slides.pdf
 
 

Repository files navigation

Semi-automatic Code Deobfuscation

This repository contains slides, samples and code of the 2h code deobfuscation workshop at r2con2020. We use Miasm to automatically identify opaque predicates in the X-Tunnel APT128-malware using symbolic execution and SMT solving. Afterward, we automatically remove the opaque predicates via patching.

The recording is available here.

Cutter Notes

To correctly disassembly the targeted function in Cutter, the analysis depth has to been increased:

e anal.depth=9999
af @ 0x491aa0
s 0x491aa0

Contact

For more information, contact (@mr_phrazer).

About

No description, website, or topics provided.

Resources

Readme

License

GPL-3.0 license
Activity

Stars

76 stars

Watchers

5 watching

Forks

9 forks
Report repository

Releases

No releases published

Packages

No packages published

Languages