Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Modify deobfuscated IL in place #6

Open
toshipiazza opened this issue May 4, 2020 · 1 comment
Open

Modify deobfuscated IL in place #6

toshipiazza opened this issue May 4, 2020 · 1 comment

Comments

@toshipiazza
Copy link
Collaborator

Blocking on Vector35/binaryninja-api#1606

Right now, we undo control flow flattening by patching the binary and saving it to disk. Now that binja has a decompiler, it's worth updating the IL instead, keeping everything platform-independent.

Since we're completely reconstructing the function, I see two solutions here:

  1. incrementally update control flow, re-placing phi nodes as we go (or)
  2. completely re-build the IL for the function w/ correct control flow fixups

But it all depends on how the feature works in binja when it's ready
@toshipiazza toshipiazza changed the title Modify IL in place Modify deobfuscated IL in place May 4, 2020
@toshipiazza
Copy link
Collaborator Author

This also makes it easier to deobfuscate OLLVM's opaque predicates, which we currently don't bother doing.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
1 participant
@toshipiazza