7 个仓库
The process of decrypting strings by executing the original decryption logic within a controlled runtime environment.
Distinct from Dynamic Strings: None of the candidates cover the specific technique of executing binary code to retrieve plain-text strings.
Explore 7 awesome GitHub repositories matching security & cryptography · Dynamic String Decryption. Refine with filters or upvote what's useful.
de4dot is a .NET deobfuscator and unpacker designed to reverse obfuscation and restore readable code and metadata within .NET assemblies. It functions as a bytecode analyzer that simplifies control flow, strips anti-debugging protections, and extracts original payloads from packed executable wrappers. The project distinguishes itself through a modular deobfuscation pipeline and a sandbox environment used for dynamic string decryption, which executes decryption methods to replace encrypted strings with plain-text values. It can identify specific obfuscation tools through pattern-based binary a
Executes original decryption logic within a controlled sandbox to replace encrypted strings with plain-text values.
de4dot is a .NET deobfuscator, unpacker, and assembly analysis tool. It is designed to remove obfuscation layers, restore metadata, and simplify bytecode control flow to transform protected binaries back into human-readable code. The project features specialized systems for decrypting strings and constants using both static and dynamic analysis. It identifies specific protection tools through pattern-based detection and strips anti-analysis protections, such as tamper detection and anti-debugging code. The tool provides a suite of reverse engineering capabilities, including binary wrapper un
Executes decryption methods from a loaded assembly to replace encrypted string calls with plain-text values.
Pyarmor 是一个通过源代码混淆、字节码保护和二进制编译来保护 Python 软件的工具集。它作为一个代码混淆器、字节码保护器和二进制编译器,旨在防止对 Python 脚本和包的逆向工程和未经授权的访问。 该项目通过提供一个支持硬件绑定许可的综合软件许可证管理器而脱颖而出。这允许开发者将脚本执行锁定到特定的物理设备或虚拟机,并通过加密的运行时密钥强制执行严格的过期日期。 其更广泛的功能涵盖通过生成混淆的 Wheel 和多平台独立可执行文件进行安全分发。安全层面包括运行时完整性检查,例如防止调试器附加、内存级保护以及将 Python 函数转换为编译后的 C 扩展。 该工具包含一个命令行界面,并支持集成到持续集成(CI)流水线中,以在构建过程中自动化混淆过程。
Hides sensitive plain-text strings within the source by encrypting them and decrypting them only during execution.
本项目是一个全面的 Android 逆向工程套件,具有反编译器、字节码去混淆器和恶意软件分析工具的功能。它旨在将 APK、DEX 和 OAT 二进制文件转换为人类可读的源代码,并使用无需 Java 虚拟机 (JVM) 的原生实现。 该平台通过与 Frida 集成进行动态分析而脱颖而出,允许用户实时挂钩方法、注入自定义 JavaScript 并转储设备内存。它还具有专门的安全引擎,包括污点传播引擎和栈状态机,以检测隐私泄露、恶意行为和安全漏洞。 该套件涵盖了广泛的分析功能,包括二进制补丁和重打包、交叉引用依赖映射和数据流分析。它提供了用于软件加壳识别、加密字符串解码以及跨应用程序资源进行全局元数据搜索的工具。 该工具提供命令行界面,并支持通过自定义 Python 或 Java 脚本进行分析自动化。
Provides utilities to decrypt data using common encoding algorithms to reveal plain text values from binaries.
本项目是一个红队知识库和进攻性安全手册,旨在模拟对手行为。它作为技术指南和战术的综合集合,用于执行红队行动。 该存储库提供了 Active Directory 渗透测试的详细说明,包括 Kerberos 滥用和域权限提升。它涵盖了通过 API 解钩 (unhooking) 和载荷混淆进行的防御规避,以及涉及内核对象和系统内存操作的 Windows 内部研究。 功能范围扩展到网络渗透测试、恶意软件分析与工程,以及进攻性安全基础设施的部署。它还包括在企业环境中进行横向移动、持久化和数据外泄的方法。
Implements encryption of static string constants within binaries to prevent static analysis by security researchers.
Flare-floss is a security utility and static binary string extractor designed to uncover hidden text and configuration data within compiled binaries. It functions as an obfuscated string decoder and reverse engineering tool to translate encoded strings into readable text for security auditing. The project employs emulated execution to capture the decrypted state of strings in memory by running small chunks of binary code in a virtual CPU. It further utilizes static analysis disassembly, intermediate representation analysis, and heuristic-based pattern matching to identify and decode strings t
Uses emulated execution in a virtual CPU to capture the decrypted state of strings in memory.
ConfuserEx is a security toolset for .NET applications that functions as a code obfuscator, binary encryptor, and application protector. Its primary purpose is to prevent reverse engineering by hiding sensitive application logic and data. The project employs specific hardening techniques including symbol renaming to hinder human readability and control-flow mutation to confuse decompilers. It further protects binaries by encrypting constants and resources to stop static analysis and memory dumping, while blocking the use of debuggers and profilers to prevent runtime analysis. Additional capa
Encrypts static string constants and embedded resources to prevent static analysis and memory dumping.