Analysis of Virtualization-based Obfuscation

This repository contains slides, samples and code of the 4h code deobfuscation workshop at r2con2021. We give a brief introduction into virtualization-based obfuscation and manually analyze a simple VM generated by Tigress. Afterward, we use symbolic execution to automate the analysis and write a dynamic VM disassembler that is based on Miasm.

The recording is available here.

Installation

# on debian/ubuntu based systems:
sudo apt-get install python-dev

# clone repository and init submodules
git clone https://github.com/mrphrazer/r2con2021_deobfuscation.git
cd r2con2021_deobfuscation
git submodule update --init --rebase --recursive

# install miasm
cd miasm
pip install -r requirements.txt
pip install .
cd ..

Contact

For more information, contact Tim Blazytko (@mr_phrazer).

Name		Name	Last commit message	Last commit date
Latest commit History 9 Commits
miasm @ 5522eb0		miasm @ 5522eb0
samples		samples
tracer		tracer
.gitignore		.gitignore
.gitmodules		.gitmodules
LICENSE		LICENSE
README.md		README.md
follow_execution_flow.py		follow_execution_flow.py
slides.pdf		slides.pdf
symbolic_execution.py		symbolic_execution.py
vm_disassembler.py		vm_disassembler.py
vm_disassembler_final.py		vm_disassembler_final.py

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Repository files navigation

Analysis of Virtualization-based Obfuscation

Installation

Contact

About

Contributors 2

Languages

License

mrphrazer/r2con2021_deobfuscation

Folders and files

Latest commit

History

Repository files navigation

Analysis of Virtualization-based Obfuscation

Installation

Contact

About

Topics

Resources

License

Stars

Watchers

Forks

Contributors 2

Languages