12 repository-uri
Tools for reversing obfuscation techniques like XOR encoding and packing.
Explore 12 awesome GitHub repositories matching part of an awesome list · Deobfuscation. Refine with filters or upvote what's useful.
de4dot is a .NET deobfuscator and unpacker designed to reverse obfuscation and restore readable code and metadata within .NET assemblies. It functions as a bytecode analyzer that simplifies control flow, strips anti-debugging protections, and extracts original payloads from packed executable wrappers. The project distinguishes itself through a modular deobfuscation pipeline and a sandbox environment used for dynamic string decryption, which executes decryption methods to replace encrypted strings with plain-text values. It can identify specific obfuscation tools through pattern-based binary a
Implements a modular pipeline where independent modules target specific obfuscation or packing techniques sequentially.
de4dot is a .NET deobfuscator, unpacker, and assembly analysis tool. It is designed to remove obfuscation layers, restore metadata, and simplify bytecode control flow to transform protected binaries back into human-readable code. The project features specialized systems for decrypting strings and constants using both static and dynamic analysis. It identifies specific protection tools through pattern-based detection and strips anti-analysis protections, such as tamper detection and anti-debugging code. The tool provides a suite of reverse engineering capabilities, including binary wrapper un
Deobfuscates and unpacks .NET assemblies.
python-uncompyle6 is a Python bytecode decompiler and reverse engineering tool designed to convert compiled bytecode files back into human-readable source code. It functions as a source code recoverer and bytecode disassembler, allowing for the analysis of internal program logic and the reconstruction of original language constructs. The tool provides cross-version support, enabling the analysis and recovery of source code from bytecode created across multiple different versions of the Python interpreter. This allows it to operate as a cross-version bytecode analyzer that can interpret varied
Decompiles Python bytecode back into readable source code.
pyinstxtractor is a PyInstaller executable unpacker and Python bytecode recovery tool. It functions as a helper for decompiling compiled Python binaries by extracting bundled binaries and bytecode from executables created with PyInstaller. The project includes a bytecode decryptor to remove encryption from extracted files and a header repair tool that restores corrupted headers. These capabilities ensure that extracted compiled files are compatible with bytecode decompilation software. The utility covers reverse engineering of Python applications, supporting malware analysis workflows throug
Extracts contents from PyInstaller-generated Windows executables.
Acest proiect este un instrument de analiză statică binară conceput pentru a recupera șiruri de caractere ascunse și codificate non-standard din binare compilate. Acesta funcționează ca un utilitar de analiză malware și decriptor de șiruri, extrăgând textul obfuscated pentru a dezvălui comportamentul ascuns al programului fără a executa codul. Instrumentul automatizează recuperarea șirurilor încorporate printr-o combinație de execuție emulată a instrucțiunilor și evaluare a arborelui sintactic abstract (AST). Utilizează detectarea euristică bazată pe modele pentru a identifica rutinele de obfuscation și folosește parsarea binară cross-platform pentru a procesa multiple formate executabile. Sistemul acoperă o gamă largă de capabilități criminalistice, inclusiv extragerea șirurilor specifice limbajului și serializarea datelor recuperate în formate compatibile cu platformele externe de analiză de securitate.
Automatically extracts and deobfuscates strings from malware binaries.
A tool to analyze multi-byte xor cipher
Analyzes XOR key length and recovers the key.
Automatic and platform-independent unpacker for Windows binaries based on emulation
Automates unpacking of Windows binaries using emulation.
C++ application that uses memory and code hooks to detect packers
Extracts hidden code from packed Windows malware.
Reverse engineering tool for virtualization wrappers
Reverses virtualization-based obfuscation wrappers.
unXOR will search a XORed file and try to guess the key using known-plaintext attacks.
Guesses XOR keys using known-plaintext attacks.
Automated malware unpacker
Automates malware unpacking based on WinAppDbg.
Tool to help guess a files 256 byte XOR key by using frequency analysis
Guesses 256-byte XOR keys using frequency analysis.