Not a new issue so feel free to close this if you wish.
For those interested in deobfuscating xObf x86 code, here is a technique for static disassembly using IDA.
To begin, you need to find the entry positions by validating possible calls that link to the correct locations within the '.xObf' segment. Once you have identified these positions, you can create a chain within the '.xObf' segment and run through it in order. This technique can also be applied to x64 code by modifying the opcodes and signatures accordingly.
There is a proof of concept video available on the branch.
Not a new issue so feel free to close this if you wish.
For those interested in deobfuscating xObf x86 code, here is a technique for static disassembly using IDA.
To begin, you need to find the entry positions by validating possible calls that link to the correct locations within the '.xObf' segment. Once you have identified these positions, you can create a chain within the '.xObf' segment and run through it in order. This technique can also be applied to x64 code by modifying the opcodes and signatures accordingly.
There is a proof of concept video available on the branch.
https://github.com/dovezp/rce.scripts/tree/dexobf