Search the Community

Obfuscation Detection Automatically detect obfuscated code and other state machines Scripts to automatically detect obfuscated code and state machines in binaries. Implementation is based on IDA 7.4+ (Python3). Check out the following blog posts for more information on the Binary Ninja implementation: Automated Detection of Control-flow Flattening Automated Detection of Obfuscated Code Referenced Repository Note: Due to the recursive nature of plotting a dominator tree of every found function within the binary, the implementation and runtime overhead is expensive. As such, the flattening heuristic is omitted when the binary loaded has more than 50 functions. Functions will be skipped if the ctree structure is too large (more than 50 nodes) to prevent crashes. Changelog v1.7 Support for IDA 7.4+ (Including 7.7 onwards) Added version check for deprecated API functions [hide][Hidden Content]]

Obfuscation Detection Automatically detect obfuscated code and other state machines Scripts to automatically detect obfuscated code and state machines in binaries. Implementation is based on IDA 7.4+ (Python3). Check out the following blog posts for more information on the Binary Ninja implementation: Automated Detection of Control-flow Flattening Automated Detection of Obfuscated Code Referenced Repository Note: Due to the recursive nature of plotting a dominator tree of every found function within the binary, the implementation and runtime overhead is expensive. As such, the flattening heuristic is omitted when the binary loaded has more than 50 functions. Functions will be skipped if the ctree structure is too large (more than 50 nodes) to prevent crashes. Changelog v1.6 Refactor plugin handler Removed duplicate banner print Changed PLUGIN_FIX to PLUGIN_HIDE, user can just use Ctrl-Shift-H Code cleanup in #5 [hide][Hidden Content]]

Obfuscation Detection Automatically detect control-flow flattening and other state machines Scripts and binaries to automatically detect control-flow flattening and other state machines in binaries. Changelog v1.3 added fine-granular heuristic selection [hide][Hidden Content]]

Obfuscapk – A black-box obfuscation tool for Android apps. Obfuscapk is a modular Python tool for obfuscating Android apps without needing their source code, since apktool is used to decompile the original apk file and to build a new application, after applying some obfuscation techniques on the decompiled smali code, resources and manifest. The obfuscated app retains the same functionality as the original one, but the differences under the hood sometimes make the new application very different from the original (e.g., to signature-based antivirus software). Changelog v1.3 Drop support for Python 3.6 (end of life reached) Add support for Python 3.9 and 3.10 Update dependencies Fix obfuscation in res/xml folder by @kiber-io in #61 Use official VirusTotal API (d0f9e2b) Add an option to ignore user defined packages by @Elyorbe in #65 Replace Jarsigner with Apksigner by @Dado1513 in #83 Add option to use aapt2 by @Dado1513 in #84 Fixes to ConstStringEncryption obfuscator by @techee in #96 and #98 Fixes to reflection obfuscators by @ardalanForoughipour in #102 Initial Android App Bundle support by @mirsamantajbakhsh in #121 [hide][Hidden Content]]

Obfuscation Detection Automatically detect obfuscated code and other state machines Scripts to automatically detect obfuscated code and state machines in binaries. Implementation is based on IDA 7.4+ (Python3). Check out the following blog posts for more information on the Binary Ninja implementation: Automated Detection of Control-flow Flattening Automated Detection of Obfuscated Code Referenced Repository Note: Due to the recursive nature of plotting a dominator tree of every found function within the binary, the implementation and runtime overhead is expensive. As such, the flattening heuristic is omitted when the binary loaded has more than 50 functions. Functions will be skipped if the ctree structure is too large (more than 50 nodes) to prevent crashes. Changelog v1.5 GUI Features: QTable Heuristic result view Node limiting Single/All function heuristic search Heuristic result export Heuristic Features: Control-Flow Flattening Cyclomatic Complexity Basic Block Size Instruction Overlapping [hide][Hidden Content]]

Obfuscation Detection Automatically detect obfuscated code and other state machines Scripts to automatically detect obfuscated code and state machines in binaries. obfDetect v1.4 Heuristic Features: Control-Flow Flattening Cyclomatic Complexity Basic Block Size Instruction Overlapping [hide][Hidden Content]]

Automatically detect obfuscated code and other state machines Changelog v1.1 fixed plugin.json [hide][Hidden Content]]

Obfuscapk – A black-box obfuscation tool for Android apps. Obfuscapk is a modular Python tool for obfuscating Android apps without needing their source code, since apktool is used to decompile the original apk file and to build a new application, after applying some obfuscation techniques on the decompiled smali code, resources and manifest. The obfuscated app retains the same functionality as the original one, but the differences under the hood sometimes make the new application very different from the original (e.g., to signature-based antivirus software). Changelog v1.2 Add issue templates Update GitHub Actions and add some tests Fix paths on Windows Add FAQ and troubleshooting pages Add command line options for specifying a custom keystore [HIDE][Hidden Content]]

Obfuscapk – A black-box obfuscation tool for Android apps. Obfuscapk is a modular Python tool for obfuscating Android apps without needing their source code, since apktool is used to decompile the original apk file and to build a new application, after applying some obfuscation techniques on the decompiled smali code, resources and manifest. The obfuscated app retains the same functionality as the original one, but the differences under the hood sometimes make the new application very different from the original (e.g., to signature-based antivirus software). [HIDE][Hidden Content]]