HTDark | Underground Hacking Forum and Cybersecurity Community
  • Earn real money by being active: Hello Guest, earn real money by simply being active on the forum — post quality content, get reactions, and help the community. Once you reach the minimum credit amount, you’ll be able to withdraw your balance directly. Learn how it works.

Reverse Engineering Fnord - Pattern Extractor For Obfuscated Code

Status
Not open for further replies.
itsMe

itsMe

*KillmeMories*
Staff member
Administrator
Super Moderator
Hacker
Specter
Crawler
Shadow
Joined
Jan 8, 2019
Messages
56,623
Solutions
2
Reputation
32
Reaction score
100,456
Points
2,313
Credits
32,750
‎6 Years of Service‎
 
76%
fnord1.png


fnord2.png


fnord3.png

Fnord is a pattern extractor for obfuscated code

Description

Fnord has two main functions:

    Extract byte sequences and create some statistics
    Use these statistics, combine length, number of occurrences, similarity and keywords to create a YARA rule

1. Statistics

Fnord processes the file with a sliding window of varying size to extract all sequences of with a minimum length -m X (default: 4) up to a maximum length -x X (default: 40). For each length, Fnord will present the most frequently occurring sequences -t X (default: 3) in a table.

Each line in the table contains:

  •     Length
  •     Number of occurrences
  •     Sequence (string)
  •     Formatted (ascii/wide/hex)
  •     Hex encoded form
  •     Entropy

To see this hidden content, you must like this content.
 
 
 
Status
Not open for further replies.
Back
Top