Automatic removal of junk instructions through state tracking
https://usualsuspect.re/article/automatic-removal-of-junk-instructions-through-state-tracking #re #obfuscation #KosBeg

Hex-Rays Microcode API против обфусцирующего компилятора
https://forum.reverse4you.org/showthread.php?t=3089 #ida #obfuscation #microcode #re #darw1n

JEB Native Analysis Pipeline – Part 2: IR Optimizers
https://www.pnfsoftware.com/blog/jeb-native-pipeline-ir-optimizers-part-2/ #ir #obfuscation #re #malware #KosBeg

Example of deobfuscation plugin for #GHIDRA

PPTX (How it work): https://www.msreverseengineering.com/s/Control-Flow-Deobfuscation-via-Abstract-Interpretation.pptx

Github: https://github.com/RolfRolles/GhidraPAL/blob/master/ThreeValuedAbstractInterpreter.java

#re #ghidra #plugin #obfuscation #darw1n

An Abstract Interpretation-Based Deobfuscation Plugin for Ghidra

https://www.msreverseengineering.com/blog/2019/4/17/an-abstract-interpretation-based-deobfuscation-plugin-for-ghidra

#re #ghidra #obfuscation #plugin #darw1n

A tiny C++ obfuscation framework https://github.com/fritzone/obfy #obfuscation #dukeBarman

Code obFU(N)scation mixing 32 and 64 bit mode instructions https://scrammed.blogspot.com/2014/10/code-obfunscation-mixing-32-and-64-bit.html #obfuscation #dukeBarman

GIMPLE obfuscator for C, C++, Go, ... all supported GCC targets and front-ends that use GIMPLE https://github.com/meme/hellscape #obfuscation #dukeBarman

Reversing DexGuard, Part 3 – Code Virtualization
https://www.pnfsoftware.com/blog/reversing-dexguard-virtualization/

#reverse #android #obfuscation #KosBeg

Piercing the Veil: Android Code Deobfuscation https://www.youtube.com/watch?v=lmHkfKXuN4A #reverse #android #obfuscation #dukeBarman

D810: Creating an extensible deobfuscation plugin for IDA Pro

https://eshard.com/posts/d810_blog_post_1/

D-810 is an IDA Pro plugin which can be used to deobfuscate code at decompilation time by modifying IDA Pro microcode.

https://gitlab.com/eshard/d810

#reverse #ida #plugin #deobfucation #obfuscation #QwErTyReverse

Powerful automated tool for reverse engineering Unity IL2CPP binaries

https://github.com/djkaty/Il2CppInspector

#reverse #unity #tools #il2cpp #ida #ghidra #x64dbg #ilspy #dnspy #inject #hook #obfuscation #darw1n

JavaScript Deobfuscator and Unpacker https://forum.reverse4you.org/t/javascript-deobfuscator-and-unpacker/16986 #tools #malware #javascript #unpack #obfuscation #darw1n

An experimental dynamic approach to devirtualize pure functions protected by VMProtect 3.x

https://github.com/JonathanSalwan/VMProtect-devirtualization

#reverse #vmp #vmprotect #protection #obfuscation #deobfuscation #devirtualization #sloukixnx

xVMP is an LLVM IR-based code virtualization tool, which fulfilled a scalable and virtualized instruction-hardened obfuscation. It supports multiple programming languages, and architectures. It is also compatible with existing LLVM IR-based obfuscation schemes (such as Obfuscator-LLVM).

xVMP is developer friendly. You only need to add annotations to the to-be-protected function in the source code, and xVMP can perform virtualization protection on the function during compilation.

https://github.com/GANGE666/xVMP

#virtualization #obfuscation #alekum

DJI - The ART of obfuscation

https://blog.quarkslab.com/dji-the-art-of-obfuscation.html

#reverse #mobile #android #obfuscation