{"id":20684387,"url":"https://github.com/enkomio/sojobo","last_synced_at":"2025-04-22T12:49:18.053Z","repository":{"id":68964957,"uuid":"175973706","full_name":"enkomio/Sojobo","owner":"enkomio","description":"A binary analysis framework","archived":false,"fork":false,"pushed_at":"2020-12-17T16:18:39.000Z","size":29228,"stargazers_count":132,"open_issues_count":0,"forks_count":18,"subscribers_count":5,"default_branch":"master","last_synced_at":"2025-03-29T15:22:31.369Z","etag":null,"topics":["b2r2","dotnet","fsharp","malware-analysis","malware-analyzer","malware-research","program-analysis","reverse-engineering","security","security-framework","security-tools"],"latest_commit_sha":null,"homepage":"","language":"F#","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":"other","status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/enkomio.png","metadata":{"files":{"readme":"README.md","changelog":null,"contributing":null,"funding":null,"license":"LICENSE.md","code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null,"governance":null,"roadmap":null,"authors":null,"dei":null,"publiccode":null,"codemeta":null}},"created_at":"2019-03-16T13:12:07.000Z","updated_at":"2024-12-09T01:44:00.000Z","dependencies_parsed_at":"2023-09-14T16:01:43.301Z","dependency_job_id":null,"html_url":"https://github.com/enkomio/Sojobo","commit_stats":null,"previous_names":[],"tags_count":2,"template":false,"template_full_name":null,"repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/enkomio%2FSojobo","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/enkomio%2FSojobo/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/enkomio%2FSojobo/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/enkomio%2FSojobo/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/enkomio","download_url":"https://codeload.github.com/enkomio/Sojobo/tar.gz/refs/heads/master","host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":250243635,"owners_count":21398373,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2022-07-04T15:15:14.044Z","host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":["b2r2","dotnet","fsharp","malware-analysis","malware-analyzer","malware-research","program-analysis","reverse-engineering","security","security-framework","security-tools"],"created_at":"2024-11-16T22:21:22.728Z","updated_at":"2025-04-22T12:49:18.046Z","avatar_url":"https://github.com/enkomio.png","language":"F#","funding_links":["https://github.com/sponsors/enkomio"],"categories":[],"sub_categories":[],"readme":"# Sojobo - A binary analysis framework\n\n_Sojobo_ is an emulator for the \u003ca href=\"https://b2r2.org/\" target=\"_blank\"\u003eB2R2\u003c/a\u003e framework. It was created to easier the analysis of potentially malicious files. It is totally developed in .NET so you don't need to install or compile any other external libraries (the project is self contained).\n\nWith _Sojobo_ you can:\n* Emulate a (32 bit) PE binary\n* Inspect the memory of the emulated process\n* Read the process state\n* Display a disassembly of the executed code\n* Emulate functions in a managed language (C# || F#)\n\n### Tools using Sojobo\n- ADVDeobfuscator\n\n# ADV Deobfuscator - A string deobfuscator for ADVObfuscator\n\n_ADVDeobfuscator_ is tool based on the Sojobo binary analysis framework that analyzes a binary obfuscated with ADBObfuscator and decodes the identified strings.\n\n## Download\n\nA compiled version is available to \u003ca href=\"https://github.com/sponsors/enkomio\"\u003eCommunity sponsored users\u003c/a\u003e. If you are a sponsored user you can download the binary from: \u003ca href=\"https://github.com/enkomio-sponsor/compiled_binaries\"\u003ehttps://github.com/enkomio-sponsor/compiled_binaries\u003c/a\u003e\n\n## Documentation\nThe image below shows an execution of ADVDeobfuscator on the \u003ca href=\"https://www.carbonblack.com/blog/tau-threat-discovery-conti-ransomware/\"\u003e\u003cb\u003eConti Ransomware\u003c/b\u003e\u003c/a\u003e.\n\n\u003cimg src=\"https://github.com/enkomio/Sojobo/blob/master/Images/ADVDeobfuscator_Conti.gif\"\u003e\n\nThe image below shows an execution of ADVDeobfuscator on the \u003ca href=\"https://www.zscaler.com/blogs/security-research/taurus-new-stealer-town/\"\u003e\u003cb\u003eTaurus Stealer\u003c/b\u003e\u003c/a\u003e (see also \u003ca href=\"https://fumik0.com/2019/12/25/lets-play-again-with-predator-the-thief/\"\u003ePredator the thief\u003c/a\u003e).\n\n\u003cimg src=\"https://github.com/enkomio/Sojobo/blob/master/Images/ADVDeobfuscator_taurus.gif\"\u003e\n\nI wrote a \u003ca href=\"http://antonioparata.blogspot.com/2020/06/deobfuscating-c-advobfuscator-with.html\"\u003eblog post on how to deobfuscate the Team 9 binaries\u003c/a\u003e.\n\n# Using Sojobo\n\n_Sojobo_ is intended to be used as a framework to create program analysis utilities. However, various \u003ca href=\"https://github.com/enkomio/Sojobo/tree/master/Src/Examples\"\u003e\u003cstrong\u003esample utilities\u003c/strong\u003e\u003c/a\u003e were created in order to show how to use the framework in a profitable way. \n\n## Download\n\n - [Source code][1]\n\n## Documentation\nThe project is fully documented in F# (cit.) :) Joking apart, I plan to write some blog posts related to how to use Sojobo. Below a list of the current posts:\n\n - \u003ca href=\"https://antonioparata.blogspot.com/2019/05/sojobo-yet-another-binary-analysis.html\"\u003eSojobo - Yet another binary analysis framework\u003c/a\u003e\n \nYou can also read the \u003cstrong\u003e\u003ca href=\"https://github.com/enkomio/Sojobo/blob/master/DOCUMENTATION.md\"\u003eAPI documentation\u003c/a\u003e\u003c/strong\u003e.\n\n## Compile\n\nIn order to compile Sojobo you need .NET Core to be installed and Visual Studio. To compile just run **build.bat**.\n\n## License\n\nCopyright (C) 2019 Antonio Parata - \u003ca href=\"https://twitter.com/s4tan\"\u003e@s4tan\u003c/a\u003e\n\n_Sojobo_ is licensed under the [Creative Commons](LICENSE.md).\n\n  [1]: https://github.com/enkomio/sojobo/tree/master/Src\n","project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fenkomio%2Fsojobo","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Fenkomio%2Fsojobo","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fenkomio%2Fsojobo/lists"}