Flexible deobfuscator.
| x86 | x86_64 | arm | arm64 | |
|---|---|---|---|---|
| deflat | TODO | TODO | PARTLY | ✔️ |
- two engine mode for deflat
- flexible patch pattern
- easy to port
requirements:
- python3.7 +
- dependencies:
pip3 install qiling angr termcolor capstone keystone
modify the start address and filename in main.py, and
python3 main.py
Specify the strategy 0 or 1 in emulator.search_path, in order to handle different flatten cases.
- support x86, x86_64
- support Bogus Control Flow deobfuscation
- add blocks analysis manually
- IDAPro plugin, in order to mark the blocks visually by interacting with the deobfuscator (to handle different ida python version)