Professional Documents
Culture Documents
1.BALBUZARD
Balbuzard is a package of malware analysis tools in python to extract patterns of FOLLOW US
interest from suspicious les (IP addresses, domain names, known le headers,
interesting strings, etc). It can also crack malware obfuscation such as XOR, ROL, etc by
bruteforcing and checking for those patterns.
2. DE4DOT
LIKE HACKER LISTS ON
de4dot is an open source (GPLv3) .NET deobfuscator and unpacker written in C#. It will
FACEBOOK
try its best to restore a packed and obfuscated assembly to almost the original
assembly. Most of the obfuscation can be completely restored (eg. string encryption),
but symbol renaming is impossible to restore since the original names arent (usually)
part of the obfuscated assembly.It uses dnlib to read and write assemblies so make
sure you get it or it wont compile.
Popular Recent
3. FLOSS
22 Hacking Sites, CTFs and
FireEye Labs Obfuscated String Solver (FLOSS) uses advanced static analysis
Wargames To Practice Your
techniques to automatically deobfuscate strings from malware binaries.
Hacking Skills
5. NOMOREXOR More
NoMoreXORhelps guess a les 256 byte XOR key by using frequency analysis. Learn SQL: 50+ of the Best
Online Educational
Resources to Learn SQL and
6. PACKERATTACKER
Relational Database
The Packer Attacker is a generic hidden code extractor for Windows malware. It Management
supports the following types of pacers:running from heap, replacing PE header,
13 Awesome Deobfuscation
injecting in a process.
Tools For Reverse Engineers
7. UNPACKER
unpacker is a automated malware unpacker for Windows malware based on
WinAppDbg.
8. UNXOR
unxorwill search through an XOR-encoded le (binary, text-le, whatever) and use
known-plaintext attacks to deduce the original keystream. Works on keys half as long
as the known-plaintext, in linear complexity.
9.VIRTUALDEOBFUSCATOR
VirtualDeobfuscator is a reverse engineering tool for virtualization wrappers.The goal
of the Virtual Deobfuscator is to analyze a runtrace and lter out the VM processing
instructions, leaving a reverse engineer with a bytecode version of the original binary.
10.XORBRUTEFORCER
XORBruteForcer is a python script that implements a XOR bruteforcing of a given le,
although a specic key can be used too. Its possible to look for a word in the xored
result, minimizing the output.
11. XORSEARCH
XORSearch is a program to search for a given string in an XOR, ROL, ROT or SHIFT
encoded binary le.XORSearch will try all XOR keys (0 to 255), ROL keys (1 to 7), ROT
keys (1 to 25) and SHIFT keys (1 to 7) when searching.
12. XORSTRINGS
XORStrings will search for strings in the (binary) le you provide it, using the same
encodings as XORSearch (XOR, ROL, ROT and SHIFT). For every encoding/key,
XORStrings will search for strings and report the number of strings found, the average
string length and the maximum string length.
13. XORTOOL
xortool is a python script that will attempt toguess the XOR key length (based on
count of equal chars), as well asthe key itself (based on knowledge of most frequent
char).
If you know of any more deobfuscation tools that you think should be on this list, please let
me know by leaving a comment on this post and I will get them added.
Email Address
Subscribe
Related Posts
Android Logo Information Security hacking sites
26 Awesome Android The Ultimate List of 100+ 22 Hacking Sites, CTFs and
Reverse Engineering Tools Information Security Wargames To Practice Your
Resources Hacking Skills
Memory Analysis Tools Binary Numbers
2 Comments
Esefarm JULY 6, 2016
Im pretty new to this stu and only used JavaScript deobfuscation tools like JSDetox
which is really nice, check it out.
Reply
Leave a Reply
Comment Text*
Name*
Email*
Website
Post Comment
Post Comment