cwe_checker
unfuck
Our great sponsors
cwe_checker | unfuck | |
---|---|---|
1 | 6 | |
1,054 | 196 | |
3.2% | - | |
8.4 | 6.0 | |
17 days ago | 6 months ago | |
Rust | Rust | |
GNU Lesser General Public License v3.0 only | MIT License |
Stars - the number of stars that a project has on GitHub. Growth - month over month growth in stars.
Activity is a relative number indicating how actively a project is being developed. Recent commits have higher weight than older ones.
For example, an activity of 9.0 indicates that a project is amongst the top 10% of the most actively developed projects that we are tracking.
cwe_checker
-
Awesome CTF : Top Learning Resource Labs
cwe_checker - cwe_checker finds vulnerable patterns in binary executables.
unfuck
-
Show HN: A new LLVM optimization pass that aggressively reduces WebAssembly size
This is sweet! This is actually a very similar approach to how I deobfuscate Python bytecode: https://github.com/landaire/unfuck/blob/bfa164b4e261deffeb37...
My code is pretty messy, but I take the same exact approach of taking known function parameters, interpreting the instructions, and removing any condition and the instructions which built its arguments if it evaluates to a constant value. Even called it partial execution as well :p
- GitHub - landaire/unfuck: Python 2.7 bytecode d̶e̶o̶b̶f̶u̶s̶c̶a̶t̶o̶r unfucker
-
Unfuck: A utility for deobfuscating Python 2.7 bytecode
I haven't heard of this tool before, but I don't think it would work for obfuscated code. Check out the graph image on my wiki [1]. While this image doesn't show the exact scenario, imagine that the first instruction is a `JUMP_ABSOLUTE 100` and the rest of the instructions between offset [3,100) are just garbage or invalid.
A naive disassembler (like the `dis` module in python) interprets the bytecode linearly -- i.e. one instruction after another. Rizin's diassembler [2] seems to take the same approach. The way I do disassembly is to only disassemble code paths that are potentially executed by queueing non-conditional jumps, both targets of a conditional jump, and the next instruction when the current instruction is non-jumping instruction.
[1] https://github.com/landaire/unfuck/wiki/Obfuscation-Tricks
- unfuck - a deobfuscator for Python 2.7 bytecode
What are some alternatives?
BinAbsInspector - BinAbsInspector: Vulnerability Scanner for Binaries
rizin - UNIX-like reverse engineering framework and command-line toolset.
ghidra-setup - An Inno Setup script to package Ghidra for Windows
debugoff - Linux anti-debugging and anti-analysis rust library
eve-echoes-tools - Collection of tools helping in reverse engineering Eve Echoes
pocket - Mixed Boolean Arithmetic Expression Obfuscator
binocle - a graphical tool to visualize binary data
thefuck - Magnificent app which corrects your previous console command.
delsum - A reverse engineer's checksum toolbox
SkidSuite - A collection of java reverse engineering tools and informational links
pwntools - CTF framework and exploit development library