Obfuscate code

[ragdog]

Hello

I have a KeygenMe with a big obfuscate code
Gives any good tools to deobfuscate this code?

What is your experience with Ida plugin "Codedoctor"?
Or use you other plugins or tools?

Regards,

[sendersu]

Quote:

Originally Posted by ragdog

Hello

I have a KeygenMe with a big obfuscate code
Gives any good tools to deobfuscate this code?

What is your experience with Ida plugin "Codedoctor"?
Or use you other plugins or tools?

Regards,

Whats your target language?
native Intel x32/x64
java
.net
etc?

[ragdog]

Microsoft Visual C++ x32

[sendersu]

The subject is not wellcovered by tools, so you could even write yourself one

some materials...
https://www.hex-rays.com/products/ida/support/ppt/caro_obfuscation.ppt
http://recon.cx/2008/a/eric_d_lapse/Deobfuscator_RECON2008.ppt

optimice Deobfuscation plugin for IDA
http://code.google.com/p/optimice/

Simple Deobfuscation of Code Transformation
http://hooked-on-mnemonics.blogspot.com/2012/10/simple-deobfuscation-of-code.html

IDA Plugin deofuscator plugin
http://www.openrce.org/forums/posts/1915

Ariadne Deobfuscation Technology (IDA/Olly plugins)
http://ariadne.group-ib.ru/en/about
or here http://www.woodmann.com/collaborative/tools/index.php/Ariadne

Attacking Obfuscated code with Ida Pro
http://www.blackhat.com/presentations/bh-usa-04/bh-us-04-eagle.pdf

Code doctor plugin has some deobfuscating features
http://www.woodmann.com/collaborative/tools/index.php/CodeDoctor


lots of cool IDA plugins coudl be found in contests by years
https://www.hex-rays.com/contests/index.shtml

......

[giv]

Quote:

Originally Posted by ragdog

Hello

I have a KeygenMe with a big obfuscate code
Gives any good tools to deobfuscate this code?

What is your experience with Ida plugin "Codedoctor"?
Or use you other plugins or tools?

Regards,

Obfuscated or encrypted or VM?