Open eljeffeg opened 1 year ago
eljeffeg
commented
1 year ago I also see that FrankenStrings says it uses Floss, so might need to check that. Any reason to have the Floss service if FrankenStrings does it too - maybe the Floss Service could be deprecated.
cccs-rs
commented
1 year ago Looks like FS uses a specific ported Python module from Floss specifically to do with string extraction whereas the Floss service calls the Floss binary. So it's possible FS predates the Floss service and was using that tool for something specific before it was decided to just dedicate a service to the tool.
@cccs-jh could probably highlight the differences between each service
But since there's a new release of the tool, we should consider updating the appropriate services.
cccs-sgaron
commented
1 year ago Frankenstrings used to have floss running inside it but I believe it was extract from it to be used as a seperate floss service. It's most likely just outdated README / service description.
cccs-jh
commented
1 year ago Updating floss is planned, but will involve significant changes due to the change from python2 to python3. So the update may take some time. FrankenStrings no longer provides floss functionality but still uses a part of it to extract strings — essentially the part of floss that replicates the strings command. The README will be updated to reduce confusion.
cccs-kevin
commented
5 months ago For our internal tracking: https://cccs.atlassian.net/browse/AL-1794
Looks like the AL Floss Service is running version 1.7.0, while the latest version is 2.2.0. 2.x has some additional string deobfuscation techniques and nice performance improvements. https://www.mandiant.com/resources/blog/floss-version-2
It would be nice to update this to the latest version.