itsMe Posted September 6, 2021 Share Posted September 6, 2021 This is the hidden content, please Sign In or Sign Up Obfuscation Detection Automatically detect obfuscated code and other state machines Scripts to automatically detect obfuscated code and state machines in binaries. Implementation is based on IDA 7.4+ (Python3). Check out the following blog posts for more information on the Binary Ninja implementation: Automated Detection of Control-flow Flattening Automated Detection of Obfuscated Code Referenced Repository Note: Due to the recursive nature of plotting a dominator tree of every found function within the binary, the implementation and runtime overhead is expensive. As such, the flattening heuristic is omitted when the binary loaded has more than 50 functions. Functions will be skipped if the ctree structure is too large (more than 50 nodes) to prevent crashes. Changelog v1.5 GUI Features: QTable Heuristic result view Node limiting Single/All function heuristic search Heuristic result export Heuristic Features: Control-Flow Flattening Cyclomatic Complexity Basic Block Size Instruction Overlapping This is the hidden content, please Sign In or Sign Up Link to comment Share on other sites More sharing options...
Recommended Posts