Analysis of Virtualization-based Obfuscation
This repository contains slides, samples and code of the 4h code deobfuscation workshop at r2con2021. We give a brief introduction into virtualization-based obfuscation and manually analyze a simple VM generated by Tigress
. Afterward, we use symbolic execution to automate the analysis and write a dynamic VM disassembler that is based on Miasm
.
The recording is available here.
Installation
# on debian/ubuntu based systems:
sudo apt-get install python-dev
# clone repository and init submodules
git clone https://github.com/mrphrazer/r2con2021_deobfuscation.git
cd r2con2021_deobfuscation
git submodule update --init --rebase --recursive
# install miasm
cd miasm
pip install -r requirements.txt
pip install .
cd ..
Contact
For more information, contact Tim Blazytko (@mr_phrazer).