Skip to content
/ dobf-rs Public

dobf is a binary patching tool primarily used to deal with obfuscation.

License

Unlicense license
0 stars 0 forks Branches Tags Activity
Star
Notifications You must be signed in to change notification settings

brunph/dobf-rs

BranchesTags

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

2 Commits
.github/workflows
.github/workflows
 
 
assets
assets
 
 
src
src
 
 
.gitignore
.gitignore
 
 
Cargo.lock
Cargo.lock
 
 
Cargo.toml
Cargo.toml
 
 
LICENSE
LICENSE
 
 
README.md
README.md
 
 

Repository files navigation

dobf

dobf is a binary patching tool used to primarily deal with obfuscation.
Current features include:

  • Nop instruction optimizing (90 90 becomes 66 90 and so forth)
  • Fast pattern matching
  • Easily configurable with toml configs

Building

git clone https://github.com/brunph/dobf-rs.git
cargo build --release

Usage

dobf works with toml to specify the types of patches to be done. Below is an example of such a patch.

name = "example"

[obfret]
# asm:
# lea     rsp, [rsp+0x8]
# jmp     qword [rsp-0x8]
# ->
# ret
pattern = "48 8D 64 24 08 FF 64 24 F8"
patch = "C3 90 90 90 90 90 90 90 90" # adding these nops are optional, but a good way to get rid of the remaining junk after the patch
order = 0 # when multiple transforms are used, one can specify the order to ensure they are applied correctly

Then simply run your compiled version of dobf

dobf.exe -i test.asm -c example.toml

Before

After

Todo

  • Add serialization output (ability to write all patches to a file, so they then can be read into any program of choice)
  • Nested matching to improve correctness
  • Improve pattern matching by using regex

About

dobf is a binary patching tool primarily used to deal with obfuscation.

Topics

deobfuscation patching

Resources

Readme

License

Unlicense license
Activity

Stars

0 stars

Watchers

1 watching

Forks

0 forks
Report repository

Releases

No releases published

Packages

No packages published

Languages