Obfuscation_Detection – Collection Of Scripts To Pinpoint Obfuscated Code

Automatically detect control-flow flattening and other state machines

Author: Tim Blazytko


Description:

Scripts and binaries to automatically detect control-flow flattening and other state machines in binaries.

Implementation is based on Binary Ninja. Check out the following blog post for more information:

Automated Detection of Control-flow Flattening

Usage

$ ./detect_flattening.py samples/finspy 
Function 0x401602 has a flattening score of 0.9473684210526315.
Function 0x4017c0 has a flattening score of 0.9981378026070763.
Function 0x405150 has a flattening score of 0.9166666666666666.
Function 0x405270 has a flattening score of 0.9166666666666666.
Function 0x405370 has a flattening score of 0.9984544049459042.
Function 0x4097a0 has a flattening score of 0.9992378048780488.
Function 0x412c70 has a flattening score of 0.9629629629629629.
Function 0x412df0 has a flattening score of 0.9629629629629629.
Function 0x412f70 has a flattening score of 0.9927007299270073.
Function 0x4138e0 has a flattening score of 0.9629629629629629.

Note

The password for the zipped malware samples is “infected”. To unpack, use the following command line:

$ unzip -P infected samples.zip

Contact

For more information, contact @mr_phrazer.

UGycr92EPpQ

click here to read full Article

Read More on Pentesting Tools

You may also like...

Leave a Reply

Your email address will not be published. Required fields are marked *

%d bloggers like this: