- Joined
- Jan 8, 2019
- Messages
- 56,605
- Solutions
- 2
- Reputation
- 32
- Reaction score
- 100,451
- Points
- 2,313
- Credits
- 32,570
6 Years of Service
76%
Obfuscation Detection
Automatically detect obfuscated code and other state machines
Scripts to automatically detect obfuscated code and state machines in binaries.
Implementation is based on IDA 7.4+ (Python3). Check out the following blog posts for more information on the Binary Ninja implementation:
Automated Detection of Control-flow Flattening
Automated Detection of Obfuscated Code
Referenced Repository
Note:
Due to the recursive nature of plotting a dominator tree of every found function within the binary, the implementation and runtime overhead is expensive. As such, the flattening heuristic is omitted when the binary loaded has more than 50 functions. Functions will be skipped if the ctree structure is too large (more than 50 nodes) to prevent crashes.
Changelog v1.6
Refactor plugin handler
Removed duplicate banner print
Changed PLUGIN_FIX to PLUGIN_HIDE, user can just use Ctrl-Shift-H
Code cleanup in #5