{"id":13484144,"url":"https://github.com/obpo-project/obpo-plugin","last_synced_at":"2025-03-27T16:30:38.077Z","repository":{"id":37239945,"uuid":"472036920","full_name":"obpo-project/obpo-plugin","owner":"obpo-project","description":"An OLLVM-CFF Deobfuscation Plugin","archived":true,"fork":false,"pushed_at":"2023-12-05T10:48:44.000Z","size":28696,"stargazers_count":593,"open_issues_count":4,"forks_count":125,"subscribers_count":19,"default_branch":"main","last_synced_at":"2024-10-30T18:42:23.344Z","etag":null,"topics":["deobfuscate","deobfuscation","deobfuscator","ida","ida-plugins","obpo","ollvm"],"latest_commit_sha":null,"homepage":"","language":"Python","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":null,"status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/obpo-project.png","metadata":{"files":{"readme":"README.md","changelog":null,"contributing":null,"funding":null,"license":null,"code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null,"governance":null,"roadmap":null,"authors":null}},"created_at":"2022-03-20T16:28:35.000Z","updated_at":"2024-10-14T09:35:20.000Z","dependencies_parsed_at":"2023-12-05T12:04:47.374Z","dependency_job_id":null,"html_url":"https://github.com/obpo-project/obpo-plugin","commit_stats":null,"previous_names":[],"tags_count":0,"template":false,"template_full_name":null,"repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/obpo-project%2Fobpo-plugin","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/obpo-project%2Fobpo-plugin/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/obpo-project%2Fobpo-plugin/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/obpo-project%2Fobpo-plugin/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/obpo-project","download_url":"https://codeload.github.com/obpo-project/obpo-plugin/tar.gz/refs/heads/main","host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":245882185,"owners_count":20687843,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2022-07-04T15:15:14.044Z","host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":["deobfuscate","deobfuscation","deobfuscator","ida","ida-plugins","obpo","ollvm"],"created_at":"2024-07-31T17:01:19.886Z","updated_at":"2025-03-27T16:30:33.068Z","avatar_url":"https://github.com/obpo-project.png","language":"Python","funding_links":[],"categories":["Python"],"sub_categories":[],"readme":"# Obfuscated Binary Pseudocode Optimizer\n\n[中文说明](https://mp.weixin.qq.com/s/ZA-Pt7WnEhGXlFSi5hJrcw)\n\nobpo is a pseudo-code optimizer based on hex-rays microcode, uses techniques such as dataflow-tracking, program-slicing, \nconcolic-execution to rebuild the flatterned control flow.\n\nobpo 是一个基于 hex-rays microcode 的伪代码优化器，使用数据流跟踪，程序切片，混合执行等技术来重建被平坦化的控制流。\n\n## obpo-plugin\n\n**The obpo core is closed source**, but provided **obpo-plugin is FREE \u0026 OPEN SOURCE**. obpo-plugin is a cloud plugin, the binary\ncode of the target function will be sent to the obpo-server for processing, and the response result will be applied to\nthe decompilation process. These all uploaded data and processes can be seen in the obpo-plugin's code.\n\n**obpo 核心代码不是开源的**，但提供**免费且开源的 obpo-plugin**. obpo-plugin 是一个云插件，目标函数的二进制代码会被发送到 obpo-server 进行处理，\n并将结果应用到反编译过程中。这些上传的数据和流程都可以在 obpo-plugin 的代码中看到。\n\n**声明：obpo 到目前为止没有过任何直接或间接的付费服务或捐赠渠道，服务器资源均由作者自费承担，服务如果出现宕机可以发起 issue，我会抽空维护。\n（翻译：爱用不用别来阴阳怪气，你行你开源）**\n\n## obpo-server\n\nAbout how to process uploaded data, I published the source code for [obpo-server](https://github.com/obpo-project/obpo-server). \nThis is a simple backend server written in golang, used to receive request and input to ida and uses obpo-core to deobfuscation, \nfinally returning data to obpo-plugin client. \n\n关于如何处理上传的数据，我上传了 [obpo-server](https://github.com/obpo-project/obpo-server) 的源代码。这是一个用 golang 写的简易后端服务器，\n用来接收请求后输入到 ida 并调用 obpo core 来反混淆，最后返回数据给 obpo-plugin 客户端。\n\n**But please remember that obpo-core is still closed source.** You can't use obpo-server to run an self obpo service, \nbut you can use it as a reference for how to use it to implement a cloud plugin for decompile optimize\n\n**但请记住 obpo-core 依然是闭源的。** 你无法用 obpo-server 来运行一个自己的 obpo 服务，但你可以用来参考如何实现一个反编译优化的云插件。\n\n## NOTE\n\n1. Obpo can't solve all obfuscate problems, but I hope it can be a powerful option.\n2. Due to the limited server performance, the timeout is limited to 600s. Server is self-financing, please don't abuse it (e.g. multithreading, malicious attacks).\n\n...\n\n1. obpo 无法解决所有混淆问题，但我希望它能成为一个有力的可选项。（翻译：懒得手工去混淆的话就试试，别指望啥都能行）\n2. 由于服务器性能有限，超时限制为600s。服务器是自费的，请勿滥用（如多线程、恶意攻击）。\n\n## Supported Version\n\nobpo-plugin currently requires the following versions of hex-rays decompiler:\n\nobpo-plugin 需要使用以下版本的 hex-rays 反编译器才能正常工作：\n\n| Hex-Rays Version | Arch                     |\n| ---------------- | ------------------------ |\n| 7.7.0.220118     | ARM64, X86, X86_64       |\n| 7.6.0.210427     | ARM, ARM64, X86, X86_64, PowerPC, PowerPC64, MIPS |\n| 7.5.0.201028     | ARM, ARM64, X86, X86_64, PowerPC, PowerPC64, MIPS |\n\n## Installation\n\nCopy `obpo_plugin.py` and `obpoplugin` into ida plugins path.\n\n将 `obpo_plugin.py` 和 `obpoplugin` 复制到 ida 插件路径中。\n\n## Usages\n\nObpo requires you to manually mark a dispatch block for Control Flow Flattening before automated analysis. Normally, the\ndispatch block looks like this:\n\nObpo 要求您在自动分析之前手动标记用于控制流扁平化的分发块。通常情况下，分发块看起来像这样：\n\n![](./assets/dispatchblock.png)\n\nRight-click on the control flow graph, click `OBPO -\u003e Mark and process function`. Refresh the decompiler after\nprocessing is complete, like this:\n\n右键单击控制流图，单击“OBPO -\u003e Mark and process function”。之后刷新反编译器处理完成，如下：\n\n![](./assets/demo.gif)\n\nDepending on the decompilation changes you can continue to mark dispatch blocks.\n\n根据反编译的变化，您可以继续标记分发块。\n\n## Samples\n\nIn the [samples](samples), saved some pseudocode and compare image by automation testing.\n\n在 [samples](samples) 中，保存了一些通过自动化测试产生的伪代码以及比较图像。\n\n### Feedback\n\nAll sample binaries are saved in [obpo-project/samples](https://github.com/obpo-project/samples). Welcome to submit\nother sample.\n\n所有示例二进制文件都保存在 [obpo-project/samples](https://github.com/obpo-project/samples) 中。欢迎提交其他样本。\n","project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fobpo-project%2Fobpo-plugin","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Fobpo-project%2Fobpo-plugin","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fobpo-project%2Fobpo-plugin/lists"}