unfuck
debugoff
Our great sponsors
unfuck | debugoff | |
---|---|---|
6 | 1 | |
196 | 272 | |
- | - | |
6.0 | 0.0 | |
6 months ago | over 1 year ago | |
Rust | Rust | |
MIT License | GNU General Public License v3.0 only |
Stars - the number of stars that a project has on GitHub. Growth - month over month growth in stars.
Activity is a relative number indicating how actively a project is being developed. Recent commits have higher weight than older ones.
For example, an activity of 9.0 indicates that a project is amongst the top 10% of the most actively developed projects that we are tracking.
unfuck
-
Show HN: A new LLVM optimization pass that aggressively reduces WebAssembly size
This is sweet! This is actually a very similar approach to how I deobfuscate Python bytecode: https://github.com/landaire/unfuck/blob/bfa164b4e261deffeb37...
My code is pretty messy, but I take the same exact approach of taking known function parameters, interpreting the instructions, and removing any condition and the instructions which built its arguments if it evaluates to a constant value. Even called it partial execution as well :p
- GitHub - landaire/unfuck: Python 2.7 bytecode d̶e̶o̶b̶f̶u̶s̶c̶a̶t̶o̶r unfucker
-
Unfuck: A utility for deobfuscating Python 2.7 bytecode
I haven't heard of this tool before, but I don't think it would work for obfuscated code. Check out the graph image on my wiki [1]. While this image doesn't show the exact scenario, imagine that the first instruction is a `JUMP_ABSOLUTE 100` and the rest of the instructions between offset [3,100) are just garbage or invalid.
A naive disassembler (like the `dis` module in python) interprets the bytecode linearly -- i.e. one instruction after another. Rizin's diassembler [2] seems to take the same approach. The way I do disassembly is to only disassemble code paths that are potentially executed by queueing non-conditional jumps, both targets of a conditional jump, and the next instruction when the current instruction is non-jumping instruction.
[1] https://github.com/landaire/unfuck/wiki/Obfuscation-Tricks
- unfuck - a deobfuscator for Python 2.7 bytecode
debugoff
What are some alternatives?
rizin - UNIX-like reverse engineering framework and command-line toolset.
pocket - Mixed Boolean Arithmetic Expression Obfuscator
cwe_checker - cwe_checker finds vulnerable patterns in binary executables
cvars - Configuration variables and consoles for games in Rust. An alternative to inline_tweak / const-tweaker with different tradeoffs.
casr - Collect crash (or UndefinedBehaviorSanitizer error) reports, triage, and estimate severity.
thefuck - Magnificent app which corrects your previous console command.
dirty-debug - Quick and dirty debugging
SkidSuite - A collection of java reverse engineering tools and informational links
binocle - a graphical tool to visualize binary data
goblin - An impish, cross-platform binary parsing crate, written in Rust