# mandiant/flare-floss **Attribution required: if you use, quote, or summarise this content, you must credit and link back to [awesome-repositories.com](https://awesome-repositories.com/repository/mandiant-flare-floss).** 3,886 stars · 517 forks · Python · apache-2.0 ## Links - GitHub: https://github.com/mandiant/flare-floss - awesome-repositories: https://awesome-repositories.com/repository/mandiant-flare-floss.md ## Topics `deobfuscation` `flare` `gsoc-2026` `malware` `malware-analysis` `strings` ## Description Flare-floss is a security utility and static binary string extractor designed to uncover hidden text and configuration data within compiled binaries. It functions as an obfuscated string decoder and reverse engineering tool to translate encoded strings into readable text for security auditing. The project employs emulated execution to capture the decrypted state of strings in memory by running small chunks of binary code in a virtual CPU. It further utilizes static analysis disassembly, intermediate representation analysis, and heuristic-based pattern matching to identify and decode strings that use non-standard encodings or lack standard null terminators. The toolset supports workflows for malware binary analysis, security research, and reverse engineering to identify embedded secrets and constants. It also provides capabilities for exporting extracted binary data to external analysis platforms. ## Tags ### Security & Cryptography - [Malware Analysis](https://awesome-repositories.com/f/security-cryptography/malware-analysis.md) — Provides specialized tools for uncovering hidden text and configuration data within malicious software binaries. - [Binary Pattern Matching](https://awesome-repositories.com/f/security-cryptography/binary-pattern-matching.md) — Scans binary data for specific byte sequences and opcodes to identify obfuscated string routines. - [Dynamic String Decryption](https://awesome-repositories.com/f/security-cryptography/dynamic-string-decryption.md) — Uses emulated execution in a virtual CPU to capture the decrypted state of strings in memory. - [Malware Analysis Tools](https://awesome-repositories.com/f/security-cryptography/malware-analysis-tools.md) — Acts as a security utility designed to uncover hidden configuration data within malicious software samples. - [Obfuscated Data Decoders](https://awesome-repositories.com/f/security-cryptography/obfuscated-data-decoders.md) — Translates hidden or encoded strings into readable text to reveal sensitive configuration data. - [Security Auditing Tools](https://awesome-repositories.com/f/security-cryptography/security-auditing-tools.md) — Identifies embedded secrets and constants in binaries for deep security auditing and inspection. ### Development Tools & Productivity - [Binary String Recovery](https://awesome-repositories.com/f/development-tools-productivity/memory-string-extraction/binary-string-recovery.md) — Retrieves strings from binaries using non-standard encoding or missing null-terminators to reveal hidden data. ([source](https://cdn.jsdelivr.net/gh/mandiant/flare-floss@master/README.md)) - [Static String Extraction](https://awesome-repositories.com/f/development-tools-productivity/memory-string-extraction/static-string-extraction.md) — Retrieves text from binaries that use unusual encodings or lack standard null terminators. ### Operating Systems & Systems Programming - [Reverse Engineering Tools](https://awesome-repositories.com/f/operating-systems-systems-programming/binary-analysis-capabilities/reverse-engineering-tools.md) — Extracts obfuscated strings from compiled files to help researchers understand the internal logic of a program. - [Data Flow Analysis](https://awesome-repositories.com/f/operating-systems-systems-programming/cross-architecture-binary-analysis/intermediate-representation-lifting/data-flow-analysis.md) — Converts machine instructions into a simplified intermediate representation to track data flow and string manipulation logic. - [Static Binary Analysis](https://awesome-repositories.com/f/operating-systems-systems-programming/static-binary-analysis.md) — Analyzes compiled binaries without execution to extract and decode obfuscated strings. - [Static Memory Analysis](https://awesome-repositories.com/f/operating-systems-systems-programming/binary-memory-mapping/static-memory-analysis.md) — Maps executable files into virtual address space to analyze data offsets and cross-references without executing the process. ### Programming Languages & Runtimes - [Binary String Decoders](https://awesome-repositories.com/f/programming-languages-runtimes/character-encoding-utilities/custom-value-encoders/binary-string-decoders.md) — Implements custom decoding rules to translate non-standard character sets and missing null-terminators into readable text. ### Software Engineering & Architecture - [Pattern-Based Disassembly](https://awesome-repositories.com/f/software-engineering-architecture/modular-plugin-frameworks/disassembler-frameworks/pattern-based-disassembly.md) — Employs disassembly to identify code patterns and locate functions responsible for string decryption. ### Part of an Awesome List - [Carving and Extraction](https://awesome-repositories.com/f/awesome-lists/data/carving-and-extraction.md) — Deobfuscates strings from malware binaries for static analysis.