Displaying 1 to 11 from 11 results

simplify - Generic Android Deobfuscator

  •    Java

Simplify virtually executes an app to understand its behavior and then tries to optimize the code so that it behaves identically but is easier for a human to understand. Each optimization type is simple and generic, so it doesn't matter what the specific type of obfuscation is used. The code on the left is a decompilation of an obfuscated app, and the code on the right has been deobfuscated.

dex-oracle - A pattern based Dalvik deobfuscator which uses limited execution to improve semantic analysis

  •    Ruby

A pattern based Dalvik deobfuscator which uses limited execution to improve semantic analysis. Also, the inspiration for another Android deobfuscator: Simplify. Make sure adb is on your path.

malware-jail - Sandbox for semi-automatic Javascript malware analysis, deobfuscation and payload extraction

  •    Javascript

malware-jail is written for Node's 'vm' sandbox. Currently implements WScript (Windows Scripting Host) context env/wscript.js, at least the part frequently used by malware. Internet browser context is partialy implemented env/browser.js. Runs on any operating system. Developed and tested on Linux, Node.js v6.6.0.

JRemapper - A remapping tool for compiled java programs.

  •    Java

An easy to use GUI for remapping classes, methods, and fields of compiled java programs.For information on how to use JRemapper and other details about it, check out the wiki.




Tigress_protection - Playing with the Tigress binary protection

  •    LLVM

Tigress is a diversifying virtualizer/obfuscator for the C language that supports many novel defenses against both static and dynamic reverse engineering and de-virtualization attacks. In particular, Tigress protects against static de-virtualization by generating virtual instruction sets of arbitrary complexity and diversity, by producing interpreters with multiple types of instruction dispatch, and by inserting code for anti alias analysis. Tigress protects against dynamic de-virtualization by merging the real code with bogus functions, by inserting implicit flow, and by creating slowly-executing reenetrant interpreters. Tigress implements its own version of code packing through the use of runtime code generation. Finally, Tigress' dynamic transformation provides a generalized form of continous runtime code modification. If you want more information, you can checkout our solve-vm.py script.

EazFixer - A deobfuscation tool for Eazfuscator.

  •    CSharp

A deobfuscation tool for Eazfuscator. EazFixer is a deobfuscation tool for Eazfuscator, a commercial .NET obfuscator. For a list of features, see the list below.

bytecode_simplifier - A generic deobfuscator for PjOrion obfuscated python scripts

  •    Python

PjOrion obfuscates the original file and introduces several wrapper layers on top of it. The purpose of these layers is simply to (sort of) decrypt the next inner layer and execute it via an EXEC_STMT instruction. Hence you CANNOT use this tool as-is on an obfuscated file. First, you would need to remove the wrapper layers and get hold of the actual obfuscated code object. Then you can marshal the obfuscated code to disk and run this tool on it which should hopefully give you back the deobfuscated code. Refer to this blog post for details.

PjOrion-Deobfuscator - A deobfuscator for PjOrion, python cfg generator and more

  •    Python

PjOrion Deobfuscator is a tool (actually more than a single tool) that aims to deobfuscate PjOrion obfuscated python scripts. It contains various other small utilities such as a recursive disassembler to facilitate in reverse engineering of compiled python code.


jsnice - Command line interface to http://jsnice.org.

  •    Javascript

Command line interface to http://jsnice.org. The above copyright notice and this permission notice shall be included in all copies or substantial portions of the Software.

dnpatch - .NET Patcher library using dnlib

  •    CSharp

[WIP] .NET Patcher library using dnlib. The master branch provides you the current stable build of dnpatch. However, I will most likely not provide support for it anymore since version 1.0 is on it's way in the v1 branch.