The tool to decode obfuscated shellcodes using the unicorn and capstone engine
Switch branches/tags
Nothing to show
Clone or download
Fetching latest commit…
Cannot retrieve the latest commit at this time.

README.md

EliDecode

EliDecode is a tool to decode obfuscated shellcodes using the unicorn-engine for the emulation and the capstone-engine to print the asm code. Please note I should post news on my website.

Architectures

EliDecode support 6 architectures, and I will add new ones as soon as possible 😄. Here is the updated list:

  • x86 (16, 32 and 64 bits)
  • arm (thumb, 32 and 64 bits)
  • mips (3, 32, 32r6 and 64 little and big endian)

Installing

Just install python 2 (I may upgrade it to python 3 later...) and use install.py 😄. For example:

sudo apt install python python-dev python-setuptools git
git clone https://github.com/DeveloppSoft/EliDecode
cd EliDecode
sudo ./install.py --unicorn --capstone
./decoder.py --help

Contributing

You can contribute in many ways like reporting bugs, adding new features, donating...

Credits

EliDecode is a fork of unicorn-decoder.

THE tool to decode obfuscated shellcodes using the unicorn engine by DeveloppSoft, original repo here. It currently support 6 architectures and more are coming (see the TODO list) !!

Install

git clone https://github.com/unicorn-engine/unicorn
cd unicorn
sudo ./make.sh install
cd bindings/python
sudo make install

cd ../..

git clone https://github.com/aquynh/capstone
cd capstone
sudo ./make.sh install
cd bindings/python
make install

cd ../..

git clone https://github.com/DeveloppSoft/EliDecode
cd EliDecode/Eli.Decode
python decoder.py --help

Usage

Coming soon...

Contributing

You can contribute to EliDecode by:

Donating

If you like my work, please considermaking a donation (button coming soon).

Coding

Please do pull requests to improve EliDecode by adding to features.

Reporting

If you have problems with EliDecode please open an issue.

Ideas

If you know how to improve EliDecode but don't know how to do it, don't hesistate to open an issue!

Sharing and promoting

You can share EliDecode if you want (under the terms of the license), for example by speaking about it on your website or making videos.

Everything else...

There is many unquoted ways to contribute...

TODO

  • x86_16
  • x86_32
  • x86_64
  • arm_thumb
  • arm32
  • arm64
  • mips_3
  • mips_32
  • mips_32r6
  • mips_64
  • build as a python module
  • add nice colors
  • add more testcases

Credits

This code is based on unicorn-decoder. Finally, I want to thanks everybody which gave me time there.

Contributors