Closed nadrojisk closed 4 years ago
Interesting. Would it be possible to provide the binary causing this problem?
I'm doing a CTF and the binary they provided is obfuscated with movfuscator. When trying to demofuscate it I got the above error.
I tried to create my own binary. Just a simple C program that returns 0. And it gave me the same error when trying to demovfuscate it.
Test File Obfuscated Test File's Binary CTF Obfuscated Binary
Also just for reference I am running this on Kali Linux. I tried using the precompiled binary and compiling from source and got the same errors. @kirschju
Alright so I have reinstalled on Ubuntu instead of Kali. The compiled version works however when examining the deobfuscated output it still just contains moves. However using the graph version produces some control flow. I am unsure what is going on...
possibly movfuscated
Relocations:
sigaction at 804e2a4
strlen at 804e2a0
printf at 804e298
exit at 804e29c
Segments:
8048000 - 804d1e4 : R X
804e1e4 - 85f757c : RW
85f757c - 87f7590 : RW
The entry point is 804824c
parsing entry
dispatcher at 0x8048240
master_loop is at 0x80482c7
sel_on is at 83f73e0
on is at 83f73e8
alu_x@81f7280
alu_y@0
equal@0x8051890
SYM_ALU_INV16@0x81622e0
SYM_ALU_FALSE@0x804e5a0
SYM_ALU_B7@0x8050420
SYM_ALU_TRUE@0x804e390
SYM_ALU_MUL_SUMS@0x81f6e00
xor@0x81a2d10
reached end
SYM_SEL_DATA@0x83f7400 : 0x11c
SYM_ON@0x83f73e8 : 0x9d
SYM_DATA@0x83f7404 : 0x11c
discard at 85f7590
bool_and: 51
bool_xor: 2
SYM_ALU_TRUE: 24
SYM_ALU_FALSE: 13
SYM_ALU_B7: 24
equal: 60
add: 72
SYM_ALU_INV16: 12
xor: 4
SYM_ALU_MUL_SUMS: 2
sel_on: 30
analysing binary
Hit limit looking for 0x83f73ec
[83f73ec]
Hit limit looking for 0x83f73f8
Hit limit looking for 0x83f73f8
Hit limit looking for 0x83f73f8
Hit limit looking for 0x83f73f8
reached end
target register: 83f73f8
second pass:
third pass:
Hit limit looking for err
Hit limit looking for err
Basic blocks:
8804b24d: 804b427 - 804b8c5
0: 804b8c5 - 804bc29
8804bc2f: 804be09 - 804c4da
8804ccee: 804cec8 - 804d1d4
0: 804c4da - 804c762
8804c768: 804c942 - 804cce4
8804cb0a: 804cce4 - 804cec8
88048774: 804894e - 804905f
0: 804905f - 8049129
8804912f: 8049309 - 8049512
8804ad61: 804af3b - 804b247
88049338: 8049512 - 8049d0f
88049d44: 8049f1e - 804a6fd
0: 8049d0f - 8049f1e
0: 804a6fd - 804aaad
0: 804aaad - 804ab77
8804ab7d: 804ad57 - 804af3b
resub block: << 0x804b427, length: 0x49e
resub block: << 0x804b8c5, length: 0x364
resub block: << 0x804be09, length: 0x6d1
resub block: << 0x804cec8, length: 0x30c
resub block: << 0x804c4da, length: 0x288
resub block: << 0x804c942, length: 0x3a2
resub block: << 0x804cce4, length: 0x1e4
resub block: << 0x804894e, length: 0x711
resub block: << 0x804905f, length: 0xca
resub block: << 0x8049309, length: 0x209
resub block: << 0x804af3b, length: 0x30c
resub block: << 0x8049512, length: 0x7fd
resub block: << 0x8049f1e, length: 0x7df
resub block: << 0x8049d0f, length: 0x20f
resub block: << 0x804a6fd, length: 0x3b0
resub block: << 0x804aaad, length: 0xca
resub block: << 0x804ad57, length: 0x1e4
getting rid of tables
Symbols:
sel_target@83f73f0
end@804c4ef
target_reg@83f73f8
DISCARD@85f7590
SYM_DATA@83f7404
SYM_SEL_DATA@83f7400
STACK_ADD4(pop)@ffffffffffdfffa0
add@80621c0
STACK_SUB4(push)@ffffffffffdfff98
on@83f73e8
xor@81a2d10
sel_on@83f73e0
equal@8051890
DISPATCH@8048240
esp@83f73c0
bool_and@804e330
SYM_ALU_B7@8050420
SYM_ALU_INV16@81622e0
SYM_ALU_TRUE@804e390
SYM_ALU_MUL_SUMS@81f6e00
SYM_ALU_FALSE@804e5a0
bool_xor@804e350
FAULT@85f7458
end@804d1e0
R0@804e2e0
R1@804e2e4
R2@804e2e8
R3@804e2ec
R4@804e2f0
R5@804e2f4
D0@804e300
D1@804e308
@nadroj-isk dude, we're in the same CTF ;)
@id01 were you the one person who solved it... uh if so you wanna message me on discord? Because even deobfuscated it’s a mess...
demov: node.cpp:76: void node::merge(): Assertion
n != nodes.end()' failed.`