Example of deobfuscation plugin for #GHIDRA
PPTX (How it work): https://www.msreverseengineering.com/s/Control-Flow-Deobfuscation-via-Abstract-Interpretation.pptx
Github: https://github.com/RolfRolles/GhidraPAL/blob/master/ThreeValuedAbstractInterpreter.java
#re #ghidra #plugin #obfuscation #darw1n
PPTX (How it work): https://www.msreverseengineering.com/s/Control-Flow-Deobfuscation-via-Abstract-Interpretation.pptx
Github: https://github.com/RolfRolles/GhidraPAL/blob/master/ThreeValuedAbstractInterpreter.java
#re #ghidra #plugin #obfuscation #darw1n
An Abstract Interpretation-Based Deobfuscation Plugin for Ghidra
https://www.msreverseengineering.com/blog/2019/4/17/an-abstract-interpretation-based-deobfuscation-plugin-for-ghidra
#re #ghidra #obfuscation #plugin #darw1n
https://www.msreverseengineering.com/blog/2019/4/17/an-abstract-interpretation-based-deobfuscation-plugin-for-ghidra
#re #ghidra #obfuscation #plugin #darw1n
Möbius Strip Reverse Engineering
An Abstract Interpretation-Based Deobfuscation Plugin for Ghidra — Möbius Strip Reverse Engineering
This blog entry announces the release of an abstract interpretation-based Ghidra plugin for deobfuscation. The code can be found here (see the ‘Releases’ tab for a binary release). In view of the picture below, the static analysis described herein is designed…
Hexext - A plugin for extending Hexrays 7.0 via microcode. It makes code prettier. It does a bunch of transformations at different phases of decompilation to clean it up, remove gotos, replace bitops, change bitwise lookup tables into comparisons.
https://forum.reverse4you.org/t/hexext-a-plugin-for-extending-hexrays-7-0-via-microcode/10631 #re #ida #plugin #darw1n
https://forum.reverse4you.org/t/hexext-a-plugin-for-extending-hexrays-7-0-via-microcode/10631 #re #ida #plugin #darw1n
R0 CREW
Hexext - A plugin for extending Hexrays 7.0 via microcode - Now with 32 bit support
I reversed the microcode format on the leaked Hexrays 7.0. But now fuckin 7.2 has leaked so now I have to support that shit too. Anyway, this plugin makes code prettier. It does a bunch of transformations at different phases of decompilation to clean it up…
Source code for Hexext was released! Hexext is a plugin for extending Hexrays 7.0 via microcode. It makes code prettier.
Info: https://forum.reverse4you.org/t/hexext-source-release-the-return-of-the-hex/10675
Github: https://github.com/chrisps/Hexext
#re #idapro #plugin #source #darw1n
Info: https://forum.reverse4you.org/t/hexext-source-release-the-return-of-the-hex/10675
Github: https://github.com/chrisps/Hexext
#re #idapro #plugin #source #darw1n
R0 CREW
Hexext source release - The Return of the Hex
The repo also contains new releases, which may be unstable as I havent tested much. Before is to the left, after is to the right It’s still super messy, I’ve just kinda given up on making it less messy for now. Documentation isn’t that great either.…
VMX intrinsics plugin for Hex-Rays decompiler. The plugin allow to display unhandled VMX instructions into their respective intrinsic form when using the decompiler. Might be useful for those who enjoy reversing hypervisors.
https://github.com/synacktiv/vmx_intrinsics
#reverse #ida #plugin #hypervisor #vmx #darw1n
https://github.com/synacktiv/vmx_intrinsics
#reverse #ida #plugin #hypervisor #vmx #darw1n
GitHub
GitHub - synacktiv/vmx_intrinsics: VMX intrinsics plugin for Hex-Rays decompiler
VMX intrinsics plugin for Hex-Rays decompiler. Contribute to synacktiv/vmx_intrinsics development by creating an account on GitHub.
x64dbg plugin for simple spoofing of CPUID instruction behavior
https://github.com/jonatan1024/CpuidSpoofer
#reverse #tools #plugin #x64 #debugger #hwid #darw1n
https://github.com/jonatan1024/CpuidSpoofer
#reverse #tools #plugin #x64 #debugger #hwid #darw1n
GitHub
GitHub - jonatan1024/CpuidSpoofer: x64dbg plugin for simple spoofing of CPUID instruction behavior
x64dbg plugin for simple spoofing of CPUID instruction behavior - jonatan1024/CpuidSpoofer
D810: Creating an extensible deobfuscation plugin for IDA Pro
https://eshard.com/posts/d810_blog_post_1/
D-810 is an IDA Pro plugin which can be used to deobfuscate code at decompilation time by modifying IDA Pro microcode.
https://gitlab.com/eshard/d810
#reverse #ida #plugin #deobfucation #obfuscation #QwErTyReverse
https://eshard.com/posts/d810_blog_post_1/
D-810 is an IDA Pro plugin which can be used to deobfuscate code at decompilation time by modifying IDA Pro microcode.
https://gitlab.com/eshard/d810
#reverse #ida #plugin #deobfucation #obfuscation #QwErTyReverse
How we bypassed bytenode and decompiled Node.js bytecode in Ghidra
https://swarm.ptsecurity.com/how-we-bypassed-bytenode-and-decompiled-node-js-bytecode-in-ghidra/
#reverse #ghidra #nodejs #decompiler #plugin #darw1n
https://swarm.ptsecurity.com/how-we-bypassed-bytenode-and-decompiled-node-js-bytecode-in-ghidra/
#reverse #ghidra #nodejs #decompiler #plugin #darw1n
PT SWARM
How we bypassed bytenode and decompiled Node.js bytecode in Ghidra
I build robots for fun. Rick Sanchez It’s common knowledge that in 2019 the NSA decided to open source its reverse engineering framework known as Ghidra. Due to its versatility, it quickly became popular among security researchers. This article is one of…
Decompiling Node.js in Ghidra
https://swarm.ptsecurity.com/decompiling-node-js-in-ghidra/
#reverse #ghidra #nodejs #decompiler #plugin #heckysome
https://swarm.ptsecurity.com/decompiling-node-js-in-ghidra/
#reverse #ghidra #nodejs #decompiler #plugin #heckysome
PT SWARM
Decompiling Node.js in Ghidra
Have you ever wanted to find out how a program you often use, a game you play a lot, or the firmware of some realtime device actually works? If so, what you need is a disassembler. Better still, a decompiler. While things are pretty clear with x86–x64, Java…
Creating a Ghidra processor module in SLEIGH using V8 bytecode as an example
https://swarm.ptsecurity.com/creating-a-ghidra-processor-module-in-sleigh-using-v8-bytecode-as-an-example/
#reverse #ghidra #decompiler #nodejs #v8 #plugin #darw1n
https://swarm.ptsecurity.com/creating-a-ghidra-processor-module-in-sleigh-using-v8-bytecode-as-an-example/
#reverse #ghidra #decompiler #nodejs #v8 #plugin #darw1n
PT SWARM
Creating a Ghidra processor module in SLEIGH using V8 bytecode as an example
Last year our team had to analyze V8 bytecode. Back then, there were no tools in place to decompile such code and facilitate convenient navigation over it. We decided to try writing a processor module for the Ghidra framework. Thanks to the features of the…
Guide to P-code Injection: Changing the intermediate representation of code on the fly in Ghidra
https://swarm.ptsecurity.com/guide-to-p-code-injection/
#reverse #ghidra #decompiler #pcode #nodejs #v8 #plugin #darw1n
https://swarm.ptsecurity.com/guide-to-p-code-injection/
#reverse #ghidra #decompiler #pcode #nodejs #v8 #plugin #darw1n
PT SWARM
Guide to P-code Injection: Changing the intermediate representation of code on the fly in Ghidra
When we were developing the ghidra nodejs module for Ghidra, we realized that it was not always possible to correctly implement V8 (JavaScript engine that is used by Node.js) opcodes in SLEIGH. In such runtime environments as V8 and JVM, a single opcode might…
Ghidra Scripts/Plugins/Extension
https://github.com/AllsafeCyberSecurity/awesome-ghidra
#reverse #ghidra #plugin #extension #script #darw1n
https://github.com/AllsafeCyberSecurity/awesome-ghidra
#reverse #ghidra #plugin #extension #script #darw1n
GitHub
GitHub - AllsafeCyberSecurity/awesome-ghidra: A curated list of awesome Ghidra materials
A curated list of awesome Ghidra materials. Contribute to AllsafeCyberSecurity/awesome-ghidra development by creating an account on GitHub.
IDA Pattern Search is a plugin that adds a capability of finding functions according to bit-patterns into the well-known IDA Pro disassembler based on Ghidra’s function patterns format. Using this plugin, it is possible to define new patterns according to the appropriate CPU architecture and analyze the target binary to find and define new functions in it.
https://forum.reverse4you.org/t/idapatternsearch-adds-a-capability-of-finding-functions-according-to-bit-patterns/17209
#tools #reverse #idapro #plugin #patterns #ghidra
https://forum.reverse4you.org/t/idapatternsearch-adds-a-capability-of-finding-functions-according-to-bit-patterns/17209
#tools #reverse #idapro #plugin #patterns #ghidra
R0 CREW
IDAPatternSearch adds a capability of finding functions according to bit-patterns
IDA Pattern Search is a plugin that adds a capability of finding functions according to bit-patterns into the well-known IDA Pro disassembler based on Ghidra’s function patterns format. Using this plugin, it is possible to define new patterns according to…
HashDB is a free community-sourced library of hashing algorithms used in malware, with an IDA plugin!
⚙️API
https://hashdb.openanalysis.net/
🧩IDA Plugin
https://github.com/OALabs/hashdb-ida
👾 Add Custom Algorithms
https://github.com/OALabs/hashdb
#malware #idapro #plugin #hashlib #KosBeg
⚙️API
https://hashdb.openanalysis.net/
🧩IDA Plugin
https://github.com/OALabs/hashdb-ida
👾 Add Custom Algorithms
https://github.com/OALabs/hashdb
#malware #idapro #plugin #hashlib #KosBeg
GitHub
GitHub - OALabs/hashdb-ida: HashDB API hash lookup plugin for IDA Pro
HashDB API hash lookup plugin for IDA Pro. Contribute to OALabs/hashdb-ida development by creating an account on GitHub.
UserComment is a plugin to display user-added comments in disassembly and pseudocode views.
https://forum.reverse4you.org/t/usercomment-an-ida-plugin-to-show-user-added-comments/19747
#reverse #idapro #plugin
https://forum.reverse4you.org/t/usercomment-an-ida-plugin-to-show-user-added-comments/19747
#reverse #idapro #plugin
R0 CREW
UserComment: An IDA plugin to show user-added comments
UserComment is a plugin to display user-added comments in disassembly and pseudocode views. Provides a comment window, displaying user-added comments, including comments in assembly code and pseudocode. Support for different types of comments (common comments…
👍6❤2