github-actions[bot]
commented
10 months ago If you need fast help join the server https://discord.gg/qvkC6kHqer
Closed zebwhy closed 10 months ago
github-actions[bot]
commented
10 months ago If you need fast help join the server https://discord.gg/qvkC6kHqer
KDot227
commented
10 months ago That's only for symbol deobfuscating. Let's see you do the entire thing.
KDot227
commented
10 months ago Let's see it deobf V3 lmao
zebwhy
commented
10 months ago That's only for symbol deobfuscating. Let's see you do the entire thing.
Some of the obfuscation method's are not in the free version.
zebwhy
commented
10 months ago Let's see it deobf V3 lmao
If you don't mind giving me a obfuscated SomalifuscatorV3 file, I'll gladly try and see if I can deobfuscate it.
zebwhy
commented
10 months ago https://www.youtube.com/watch?v=GNdxYgCnmys
My deobfuscator still work's with somalifuscator v2 (max settings). Also I am not using smart screen since it doesn't really work but it seem's not really that important. Also can't use super obf since it's in the paid version of somalifuscator v2.
KDot227
commented
10 months ago Let's see it deobf V3 lmao
If you don't mind giving me a obfuscated SomalifuscatorV3 file, I'll gladly try and see if I can deobfuscate it.
It's not finished yet but when it is I'll lyk
KDot227
commented
10 months ago Post your deobf src while your at it too
zebwhy
commented
10 months ago Sorry taking a lil bit was doing something. Don't mind the deobfuscator code it's bad code but it work's.
import time
input_file = open("test_obf.bat").readlines()
print("Deobfuscating...")
start_time = time.time()
programs = {
"commonprogramfiles": r"C:\Program Files\Common Files",
"commonprogramfiles(x86)": r"C:\Program Files (x86)\Common Files",
"commonprogramw6432": r"C:\Program Files\Common Files",
"pathext": r".COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH;.MSC",
"driverdata": r"C:\Windows\System32\Drivers\DriverData",
"programfiles": r"C:\Program Files",
"programfiles(x86)": r"C:\Program Files (x86)",
"public": r"C:\Users\Public",
"__appdir__": r"C:\WINDOWS\system32",
"kdot": ""
}
programs_list = list(programs.items())
set_code = []
deobfuscated_code = []
# Functions
def isInSetCodeArray(name):
for i in range(len(set_code)):
split_set_code = set_code[i].split("=")
first = split_set_code[0]
if first.lower() == name.lower():
return True
return False
def decode_other_string(string):
stringSplit = string.split("%")
result = ""
for i in range(len(stringSplit)):
otherStringSplit = stringSplit[i].split(":")
try:
first = stringSplit[i]
second = stringSplit[i + 1]
second_1 = second[0]
second_2 = second[1]
if second_1 == "=" and second_2 == "=":
result += "%" + first + "%" + second
except:
pass
name = otherStringSplit[0].lower()
if name == " ":
result += " "
if len(stringSplit[i]) < 3 and not name == " ":
for i in range(len(set_code)):
split_set_code = set_code[i].split("=")
first = split_set_code[0]
second = split_set_code[1]
if first.lower() == name.lower():
result += second
break
if not isInSetCodeArray(name):
result += name
for i in range(len(programs_list)):
program_name = programs_list[i][0]
if name == program_name:
value = 0
try:
number = otherStringSplit[1].lower().replace("~", "").split(",")[0]
value = programs[program_name][int(number)]
except:
pass
result += str(value)
break
if len(result) > 1:
return result + "\n"
else:
return None
def decode_string(string):
stringSplit = string.split("%")
result = ""
for i in range(len(stringSplit)):
otherStringSplit = stringSplit[i].split(":")
name = otherStringSplit[0].lower()
for i in range(len(programs_list)):
program_name = programs_list[i][0]
if name == program_name:
return False
for i in range(len(stringSplit)):
if len(stringSplit[i]) > 1:
continue
else:
result += stringSplit[i]
if result == "goto ":
result = "\ngoto %ans%\n"
resultSplit = result.split(" ")
if resultSplit[0] == "for":
set_code.append(result.split('"')[1])
resultSplit[1] = " /L %%i "
resultSplit[2] = "in "
resultSplit[6] = " do "
resultSplit[9] = " " + resultSplit[9]
resultSplit[10] = ")\n"
result = ""
for i in range(len(resultSplit)):
result += resultSplit[i]
elif resultSplit[0] == "set" and resultSplit[1] == "/a":
result = result + "\n"
elif resultSplit[0] == "set":
try:
resultSplit[2]
except:
set_code.append(result.split('"')[1])
result = "\n" + result + "\n"
pass
return result
input_file[1] = ""
print("Stage 1 - Removing junk code...")
# Stage 1 - (junk code removal)
for i in range(len(input_file)):
if input_file[i].__contains__("::"):
input_file[i] = ""
print("Stage 2 - Deobfuscating fake code...")
# Stage 2 - (fake code deobfuscation)
for i in range(len(input_file)):
decoded_string = decode_string(input_file[i])
if decoded_string:
input_file[i] = decoded_string
# Stage 1/2 - (get kdot value)
for i in range(len(input_file)):
input_split = input_file[i].split("=")
if input_split[0] == "set KDOT":
kdot_value = input_split[1].replace("\n", "")
programs["kdot"] = kdot_value
programs_list = list(programs.items())
print("Stage 3 - Deobfuscating real code...")
# Stage 4 - (real code deobfuscation)
for i in range(len(input_file)):
decoded_string = decode_other_string(input_file[i])
if decoded_string:
deobfuscated_code.append(decoded_string)
input_file[i] = decoded_string
end_time = time.time() - start_time
print("Deobfuscated! ({} seconds)".format(end_time))
output_file = open("output.bat", "w", encoding="utf-8")
output_file.write("".join(input_file))
output_file.close()
output_file = open("deobfuscated.bat", "w", encoding="utf-8")
output_file.write("".join(deobfuscated_code))
output_file.close()this why I gotta add DCG and have runtime functions but making a lexer that isn't ass fucking sucks
KDot227
commented
10 months ago gl on next version tho
zebwhy
commented
10 months ago this why I gotta add DCG and have runtime functions but making a lexer that isn't ass fucking sucks
gl on next version tho
Yeah, well good luck and thank you.
HydraDragonAntivirus
commented
10 months ago Why video is hidden. Except new ones.
https://www.youtube.com/watch?v=AhkB1R-yG_c