Home

Awesome

deobf

An experimental ollvm like deofuscator,aim to remove obfuscation made by ollvm like compiler, exspecially FLA to make reverse engineering easier... 中文原理说明

Usage

In the future this will be possible through pypi.

Make sure you are using python 3.7.

  1. Clone the repository
  2. Run pip install -r requirements.txt

If you have trouble getting the keystone-engine dependency on Windows (as I did):

  1. Clone their repository
  2. Open a terminal in bindings/python
  3. Run python setup.py install (Make sure you are using python 3.7)
  4. Download their Windows - Core engine package here for your python arch.
  5. Put the keystone.dll in C:\location_to_python\Lib\site-packages\keystone\.

3.run python deobf.py <elf_path> <elf_out_path> <trace_path> <func_start_hex> <func_end_hex> <is_thumb> <type>

example python deobf.py tests/bin/libmakeurl2.4.9.so url.so tests/data/ins-url.trc 0x0000342C 0x00003668 1

Dependencies