https://github.com/pcy190/deobfuscator
break ollvm.
https://github.com/pcy190/deobfuscator
arm64 deflat deobfuscator deollvm ollvm
Last synced: 4 months ago
JSON representation
break ollvm.
- Host: GitHub
- URL: https://github.com/pcy190/deobfuscator
- Owner: pcy190
- Created: 2020-11-01T15:01:43.000Z (over 5 years ago)
- Default Branch: master
- Last Pushed: 2025-05-01T04:45:19.000Z (about 1 year ago)
- Last Synced: 2025-05-01T05:26:50.989Z (about 1 year ago)
- Topics: arm64, deflat, deobfuscator, deollvm, ollvm
- Language: Python
- Homepage:
- Size: 118 KB
- Stars: 99
- Watchers: 4
- Forks: 18
- Open Issues: 1
-
Metadata Files:
- Readme: README.md
Awesome Lists containing this project
README
# deobfuscator
## Introduction
Flexible deobfuscator.
## Feature
| | x86 | x86_64 | arm | arm64 |
| ------- | --- | ------ | --- | ----- |
| deflat | TODO | TODO | PARTLY | :heavy_check_mark: |
- [x] two engine mode for deflat
- [x] flexible patch pattern
- [x] easy to port
## Usage:
requirements:
- python3.7 +
- dependencies:
```
pip3 install qiling angr termcolor capstone keystone
```
modify the start address and filename in `main.py`, and
```
python3 main.py
```
Specify the strategy `0` or `1` in `emulator.search_path`, in order to handle different flatten cases.
## TODO:
- support x86, x86_64
- support Bogus Control Flow deobfuscation
- add blocks analysis manually
- IDAPro plugin, in order to mark the blocks visually by interacting with the deobfuscator (to handle different ida python version)