rpisec / llvm-deobfuscator Goto Github PK

With the introduction of the Binary Ninja Plugin Manager 2.0 we will be releasing a installation UI for all plugins in the community repository. Please check https://binary.ninja/2019/07/04/plugin-manager-2.0.html for the latest information about how to submit your plugin. If you no longer want your plugin in the repository please disregard this issue

Blocking on Vector35/binaryninja-api#1606

Right now, we undo control flow flattening by patching the binary and saving it to disk. Now that binja has a decompiler, it's worth updating the IL instead, keeping everything platform-independent.

Since we're completely reconstructing the function, I see two solutions here:

1. incrementally update control flow, re-placing phi nodes as we go (or)
2. completely re-build the IL for the function w/ correct control flow fixups

But it all depends on how the feature works in binja when it's ready

Plugin fails on binary ninja 2.0.x
I was simply looking at InSpectre https://www.grc.com/files/InSpectre.exe

Exception in thread Thread-2:
Traceback (most recent call last):
  File "C:\Users\user\Desktop\BinaryNinja\BinaryNinja-Windows\plugins\lib\threading.py", line 810, in __bootstrap_inner
    self.run()
  File "C:\Users\user\Desktop\BinaryNinja\BinaryNinja-Windows\plugins\..\python\binaryninja\plugin.py", line 731, in run
    self.task.run()
  File "C:\Users\user\AppData\Roaming\Binary Ninja\plugins\llvm-deobfuscator\__init__.py", line 18, in run
    self.func(bv, self.addr)
  File "C:\Users\user\AppData\Roaming\Binary Ninja\plugins\llvm-deobfuscator\deflatten.py", line 295, in deflatten_cfg
    state_var = func.get_low_level_il_at(addr).medium_level_il.dest
AttributeError: 'NoneType' object has no attribute 'dest'

As you can see, there is a problem when we remove the confusion. How can we solve it
Errors is as follows:

Call target 0x0 does not appear to be code in instruction at 0x4005ce Function at 0x4005e0 is too large, skipping analysis Analysis update took 0.050 seconds Error fetching version list: Update authentication failed Analysis update took 0.000 seconds Exception in thread Thread-2: Traceback (most recent call last): File "/usr/lib/python2.7/threading.py", line 801, in __bootstrap_inner self.run() File "/home/XXXXX/binaryninja/plugins/../python/binaryninja/plugin.py", line 420, in run self.task.run() File "/home/XXXXX/.binaryninja/plugins/llvm-deobfuscator-e7ec09ea4ae0d52ee9a4d28ff9f391c7efea2a57/__init__.py", line 16, in run self.func(bv, self.addr) File "/home/XXXXX/.binaryninja/plugins/llvm-deobfuscator-e7ec09ea4ae0d52ee9a4d28ff9f391c7efea2a57/deflatten.py", line 295, in deflatten_cfg state_var = func.get_low_level_il_at(addr).medium_level_il.dest AttributeError: 'NoneType' object has no attribute 'medium_level_il'

Thanks

plugin get below error while deobfuscating.

function sub_6f84c650 in attached binary.

Exception in thread Thread-3:
Traceback (most recent call last):
File "threading.py", line 1016, in bootstrap_inner
File "D:\Program Files\Vector35\BinaryNinja\plugins..\python\binaryninja\plugin.py", line 928, in run
self.task.run()
File "C:\Users\cools\AppData\Roaming\Binary Ninja\plugins\llvm-deobfuscator_init.py", line 18, in run
self.func(bv, self.addr)
File "C:\Users\cools\AppData\Roaming\Binary Ninja\plugins\llvm-deobfuscator\deflatten.py", line 298, in deflatten_cfg
backbone = compute_backbone_map(bv, mlil, state_var)
File "C:\Users\cools\AppData\Roaming\Binary Ninja\plugins\llvm-deobfuscator\deflatten.py", line 133, in compute_backbone_map
var = mlil[uses[-1]].dest
IndexError: list index out of range
netapi32-patched.zip

Currently the about section of the repo points to an old URL. It should instead point to https://rpis.ec/blog/dissection-llvm-obfuscator-p1/