D-810 is an IDA Pro plugin which can be used to deobfuscate code at decompilation time by modifying IDA Pro microcode.

Related tags

Security related resourcesd810
Overview

Introduction

fork from https://gitlab.com/eshard/d810

What is D-810

D-810 is an IDA Pro plugin which can be used to deobfuscate code at decompilation time by modifying IDA Pro microcode. It was designed with the following goals in mind:

  • It should have as least as possible impact on our standard reverse engineering workflow
    • Fully integrated to IDA Pro
  • It should be easily extensible and configurable
    • Fast creation of new deobfuscation rules
    • Configurable so that we don't have to modify the source code to use rules for a specific project
  • Performance impact should be reasonable
    • Our goal is to be transparent for the reverse engineer
    • But we don't care if the decompilation of a function takes 1 more second if the resulting code is much more simplier.

Installation

Only IDA v7.5 or later is supported with Python 3.7 and higher (since we need the microcode Python API)

Copy this repository in .idapro/plugins

We recommend to install Z3 to be able to use several features of D-810:

pip3 install z3-solver

Using D-810

  • Load the plugin by using the Ctrl-Shift-D shortcut, you should see this configuration GUI

  • Choose or create your project configuration
    • If you are not sure what to do here, leave default_instruction_only.json.
  • Click on the Start button to enable deobfuscation
  • Decompile an obfuscated function, the code should be simplified (hopefully)
  • When you want to disable deobfuscation, just click on the Stop button.

Warnings

This plugin is still in early stage of development, so issues may will happen.

  • Modifying incorrectly IDA microcode may lead IDA to crash. We try to detect that as much as possible to avoid crash, but since it may still happen save you IDA database often
  • We only tested this plugin on Linux, but it should work on Windows too.

Documentation

Work in progress

Currently, you can read our blog post to get some information.

Licenses

This library is licensed under LGPL V3 license. See the LICENSE file for details.

Authors

See AUTHORS for the list of contributors to the project.

Acknowledgement

Rolf Rolles for the huge work he has done with his HexRaysDeob plugin and all the information about Hex-Rays microcode internals described in his blog post. We are still using some part of his plugin in D-810.

Dennis Elser for the genmc plugin plugin which was very helpful for debugging D-810 errors.

Owner
Banny
Banny
GitHub Repository https://gitlab.com/eshard/d810
Fuck - Multi Brute Force ๐Ÿšถโ€โ™‚

f-mbf Fuck - Multi Brute Force ๐Ÿšถโ€โ™‚ Install Script $ pkg update && pkg upgrade $ pkg install python2 $ pkg install git $ pip2 install requests $ pip2

Yumasaa 1 Dec 03, 2021
A python based tool that executes various CVEs to gain root privileges as root on various MAC OS platforms.

MacPer A python based tool that executes various CVEs to gain root privileges as root on various MAC OS platforms. Not all of the exploits directly sp

20 Nov 30, 2022
PreviewGram is for users that wants get a more private experience with the Telegram's Channel.

PreviewGram is for users that wants get a more private experience with the Telegram's Channel.

1 Sep 25, 2022
Omega - From Wordpress admin to pty

The Linux tool to automate the process of getting a pty once you got admin credentials in a Wordpress site. Keep in mind that right now Omega only can attack Linux hosts.

รngel Heredia 12 Nov 09, 2022
Infoga is a tool gathering email accounts informations (ip,hostname,country,...) from different public source

Infoga - Email OSINT Infoga is a tool gathering email accounts informations (ip,hostname,country,...) from different public source (search engines, pg

m4ll0k (mallok) 1.8k Jan 04, 2023
A small POC plugin for launching dumpulator emulation within IDA, passing it addresses from your IDA view using the context menu.

Dumpulator-IDA Currently proof-of-concept This project is a small POC plugin for launching dumpulator emulation within IDA, passing it addresses from

Michael 9 Sep 21, 2022
A OSINT tool coded in python

Argus Welcome to Argus, a OSINT tool coded in python. Disclaimer I Am not responsible what you do with the information that is given to you by my tool

Aidan 2 Mar 20, 2022
MTBLLS Ethical Hacking Tool Announcement of v2.0

MTBLLS Ethical Hacking Tool Announcement of v2.0 MTBLLS is a Free and Open-Source Ethical Hacking Tool developed by GhostTD (SkyWtkh) The tool can onl

Ghost 2 Mar 19, 2022
DNSpooq - dnsmasq cache poisoning (CVE-2020-25686, CVE-2020-25684, CVE-2020-25685)

dnspooq DNSpooq PoC - dnsmasq cache poisoning (CVE-2020-25686, CVE-2020-25684, CVE-2020-25685) For educational purposes only Requirements Docker compo

Teppei Fukuda 80 Nov 28, 2022
Linus-png.github.io - Versionsverwaltung & Open Source Hausaufgabe

Let's Git - Versionsverwaltung & Open Source Hausaufgabe Herzlich Willkommen zu

1 Jan 24, 2022
labsecurity is a tool that brings together python scripts made for ethical hacking, in a single tool, through a console interface

labsecurity labsecurity is a tool that brings together python scripts made for ethical hacking, in a single tool, through a console interface. Warning

Dylan Meca 16 Dec 08, 2022
Blinder is a tool that will help you simplify the exploitation of blind SQL injection

Blinder Have you found a blind SQL injection? Great! Now you need to export it, but are you too lazy to sort through the values? Most likely,

10 Dec 06, 2022
open detection and scanning tool for discovering and fuzzing for Log4J RCE CVE-2021-44228 vulnerability

CVE-2021-44228-log4jVulnScanner-metasploit open detection and scanning tool for discovering and fuzzing for Log4J RCE CVE-2021-44228 vulnerability pre

Taroballz 7 Nov 09, 2022
Mad Spammer is a python webhook spammer which is very easy and safe to use.

Mad Spammer ๐Ÿ‘ฟ Pre-Setup: Open your terminal/console and type: pip install module colorama python MadSpammer.py Setup: After doing that, you should be

1 Nov 26, 2021
Natas teaches the basics of serverside web-security.

over-the-wire-natas Natas teaches the basics of serverside web-security. Each level of natas consists of its own website located at http://natasX.nata

Siddhant Chouhan 1 Nov 27, 2021
Unauthenticated Sqlinjection that leads to dump data base but this one impersonated Admin and drops a interactive shell

Unauthenticated Sqlinjection that leads to dump database but this one impersonated Admin and drops a interactive shell

sam 16 Nov 09, 2022
DependConfusion-X Tool is written in Python3 that scans and monitors list of hosts for Dependency Confusion

DependConfusion-X Tool is written in Python3 which allows security researcher/bug bounty hunter to scan and monitor list of hosts for Dependency Confusion.

Ali Fathi Ali Sawehli 4 Dec 21, 2021
GitGuardian Shield: protect your secrets with GitGuardian

Detect secret in source code, scan your repo for leaks. Find secrets with GitGuardian and prevent leaked credentials. GitGuardian is an automated secrets detection & remediation service.

GitGuardian 1.2k Dec 27, 2022
A cross-platform Python module that displays **** for password input. Works on Windows, unlike getpass. Formerly called stdiomask.

PWInput A cross-platform Python module that displays **** for password input. Works on Windows, unlike getpass. Formerly called stdiomask. Installatio

Al Sweigart 26 Sep 04, 2022
VMware vCenter earlier v(7.0.2.00100) unauthorized arbitrary file read

vcenter_fileread_exploit VMware vCenter earlier v(7.0.2.00100) unauthorized arbitrary file read Usage python3 vCenter_fileread.py http(s)://ip Referen

Ashish Kunwar 4 Sep 23, 2022