ida script to "deobfuscate" binary menu

User Tag List

Results 1 to 11 of 11
  1. #1
    ostapus's Avatar Active Member
    Reputation
    58
    Join Date
    Nov 2008
    Posts
    176
    Thanks G/R
    2/8
    Trade Feedback
    0 (0%)
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)

    ida script to "deobfuscate" binary

    Attached is the dirty implementation of idea from Ferib: Reversing Common Obfuscation Techniques. The script is "as is", development version, lot of debugging output and such. far from ideal but someone can find it helpful (easier than do it by hands) to de-obfuscate function.

    usage - runscript("/path/to/script/deobf.py") from IDA python. the script will work from "current screen ea" (cursor address), best way is start of the function.

    Feel free to provide feedback and/or improvements.
    Attached Files Attached Files

    ida script to "deobfuscate" binary
  2. Thanks tommingc, Borg333, charles420, oiramario, Mylo420, cloakr, gdfsxwy (7 members gave Thanks to ostapus for this useful post)
  3. #2
    sanyle's Avatar Member
    Reputation
    1
    Join Date
    Dec 2019
    Posts
    27
    Thanks G/R
    0/0
    Trade Feedback
    0 (0%)
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    Good project
    But an error occurred

    unexplored: set[int] = set()
    TypeError: 'type' object is not subscriptable

  4. #3
    ostapus's Avatar Active Member
    Reputation
    58
    Join Date
    Nov 2008
    Posts
    176
    Thanks G/R
    2/8
    Trade Feedback
    0 (0%)
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    Originally Posted by sanyle View Post
    Good project
    But an error occurred

    unexplored: set[int] = set()
    TypeError: 'type' object is not subscriptable
    you must be using puthon 2... in my setup - ida 7.7 python 3.8

  5. #4
    sanyle's Avatar Member
    Reputation
    1
    Join Date
    Dec 2019
    Posts
    27
    Thanks G/R
    0/0
    Trade Feedback
    0 (0%)
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    OK, thank you very much. This will help me better read the assembly

  6. #5
    Borg333's Avatar Member Authenticator enabled
    Reputation
    2
    Join Date
    Dec 2013
    Posts
    33
    Thanks G/R
    6/1
    Trade Feedback
    0 (0%)
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    Originally Posted by ostapus View Post
    you must be using puthon 2... in my setup - ida 7.7 python 3.8
    IDA Pro 7.7.220118 (Windows) Python 3.8.15 (default, Oct 11 2022, 14:10:3 [MSC v.1900 64 bit (AMD64)], the same error

  7. #6
    scimmy's Avatar Active Member
    Reputation
    52
    Join Date
    Jul 2020
    Posts
    54
    Thanks G/R
    1/33
    Trade Feedback
    0 (0%)
    Mentioned
    5 Post(s)
    Tagged
    0 Thread(s)
    Originally Posted by Borg333 View Post
    IDA Pro 7.7.220118 (Windows) Python 3.8.15 (default, Oct 11 2022, 14:10:3 [MSC v.1900 64 bit (AMD64)], the same error
    Have you considered reading the code and trying to fix it yourself? This is <200 lines of python for fucks sake.

  8. #7
    Borg333's Avatar Member Authenticator enabled
    Reputation
    2
    Join Date
    Dec 2013
    Posts
    33
    Thanks G/R
    6/1
    Trade Feedback
    0 (0%)
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    nvm, py 3.9.7 solves the problem

  9. #8
    charles420's Avatar Contributor
    Reputation
    315
    Join Date
    Jun 2009
    Posts
    329
    Thanks G/R
    25/119
    Trade Feedback
    0 (0%)
    Mentioned
    10 Post(s)
    Tagged
    0 Thread(s)
    i would add a lil to it misses a lot of common ones they use on path to what i currently use wanted to see Opaque Patcher but gone before i got home but love to see useful stuff regardless
    Last edited by charles420; 11-25-2022 at 10:48 PM.

  10. #9
    oiramario's Avatar Established Member
    Reputation
    85
    Join Date
    Mar 2021
    Posts
    133
    Thanks G/R
    36/51
    Trade Feedback
    0 (0%)
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    Thanks for your sharing.
    Did you miss these instructions?
    Code:
    NN_jmp, NN_jmpfi, NN_jmpni, NN_jmpshort
    It works normally in most cases, except for Script_UnitInParty.
    before:
    1.png

    after:
    2.png

  11. Thanks charles420 (1 members gave Thanks to oiramario for this useful post)
  12. #10
    Mylo420's Avatar Member
    Reputation
    1
    Join Date
    Jan 2023
    Posts
    1
    Thanks G/R
    1/0
    Trade Feedback
    0 (0%)
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    cool script, but keep in mind this isnt strong. this quite often makes false-positive NOPs, false-positive "good JMP" decisions.

    nonetheless, thanks for sharing. big kudos to ferib and you.
    Last edited by Mylo420; 02-22-2023 at 08:20 PM.

  13. #11
    ostapus's Avatar Active Member
    Reputation
    58
    Join Date
    Nov 2008
    Posts
    176
    Thanks G/R
    2/8
    Trade Feedback
    0 (0%)
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    Originally Posted by Mylo420 View Post
    cool script, but keep in mind this isnt strong. this quite often makes false-positive NOPs, false-positive "good JMP" decisions.

    nonetheless, thanks for sharing. big kudos to ferib and you.

    thanks! I would appreciate feedback especially with the reference where the script is working wrong. If you provide feedback - please keep in mind, i am on latest retail version.

  14. Thanks cloakr (1 members gave Thanks to ostapus for this useful post)

Similar Threads

  1. IDA Script to Label DB2 for Wow 7 Legion
    By counted in forum WoW Memory Editing
    Replies: 0
    Last Post: 07-25-2016, 07:42 AM
  2. i need a script to open a door with a key
    By z3ro379 in forum World of Warcraft Emulator Servers
    Replies: 4
    Last Post: 05-20-2008, 11:58 AM
  3. Script to Play AVI ingame
    By ddftrick in forum World of Warcraft Emulator Servers
    Replies: 5
    Last Post: 04-14-2008, 08:40 PM
  4. More Scripting to do
    By Summer in forum World of Warcraft Emulator Servers
    Replies: 4
    Last Post: 02-15-2008, 03:36 PM
  5. script to roll on gray items
    By azngamer101 in forum World of Warcraft General
    Replies: 3
    Last Post: 07-01-2007, 03:33 AM
All times are GMT -5. The time now is 07:38 AM. Powered by vBulletin® Version 4.2.3
Copyright © 2024 vBulletin Solutions, Inc. All rights reserved. User Alert System provided by Advanced User Tagging (Pro) - vBulletin Mods & Addons Copyright © 2024 DragonByte Technologies Ltd.
Digital Point modules: Sphinx-based search