Skip to content

Commit

Permalink
Add more examples about breaking mba
Browse files Browse the repository at this point in the history
  • Loading branch information
@JonathanSalwan
JonathanSalwan committed Feb 14, 2022
1 parent 0753a0c commit 7af202d
Showing 1 changed file with 26 additions and 12 deletions.
38 changes: 26 additions & 12 deletions src/examples/python/synthesizing_obfuscated_expressions.py
View file
Expand Up @@ -3,7 +3,7 @@
##
## Example of synthesizing obfuscated expressions.
##
## $ time python3 ./synthesizing_obfuscated_expressions.py
## $ python3 ./synthesizing_obfuscated_expressions.py
## In: (((((SymVar_0 | SymVar_1) + SymVar_1) & 0xff) - ((~(SymVar_0) & 0xff) & SymVar_1)) & 0xff)
## Out: ((SymVar_0 + SymVar_1) & 0xff)
##
Expand Down Expand Up @@ -31,7 +31,7 @@
## In: ((((((~(((((((((((z & 0xff) << 0x8) & 0xffffffff) | ((z >> 0x8) & 0xff)) << 0x8) & 0xffffffff) | ((z ...
## Out: (((bswap(z, 32) ^ 0x23746fbe) + 0xfffffffd) & 0xffffffff)
##
## python3 ./synthesizing_obfuscated_expressions.py 0.12s user 0.01s system 99% cpu 0.125 total
## [...]
##

import sys
Expand Down Expand Up @@ -84,20 +84,34 @@ def main():

# Some obfuscated expressions
obf_exprs = [
(x | y) + y - (~x & y), # x + y (from http://archive.bar/pdfs/bar2020-preprint9.pdf)
(x | y) - y + (~x & y), # x ^ y (from http://archive.bar/pdfs/bar2020-preprint9.pdf)
(x & ~y) | (~x & y), # x ^ y (from ?)
(x ^ y) + y - (~x & y), # x | y (from http://archive.bar/pdfs/bar2020-preprint9.pdf)
-(x | y) + y + x, # x & y (from http://archive.bar/pdfs/bar2020-preprint9.pdf)
((z << 8) >> 16) << 8, # z & 0xffff00 (from https://blog.regehr.org/archives/1636)
(((x ^ y) + 2 * (x & y)) * 39 + 23) * 151 + 111, # x + y (from Ninon Eyrolle's thesis)
x_xor_92_obfuscated(x), # x ^ 92 (from imassage)
bswap32_xor_const(z), # ((bswap(z, 32) ^ 0x23746fbe) + 0xfffffffd) (from UnityPlayer.dll)
(x | y) + y - (~x & y), # x + y (from http://archive.bar/pdfs/bar2020-preprint9.pdf)
(x | y) - y + (~x & y), # x ^ y (from http://archive.bar/pdfs/bar2020-preprint9.pdf)
(x & ~y) | (~x & y), # x ^ y (from ?)
(x ^ y) + y - (~x & y), # x | y (from http://archive.bar/pdfs/bar2020-preprint9.pdf)
-(x | y) + y + x, # x & y (from http://archive.bar/pdfs/bar2020-preprint9.pdf)
((z << 8) >> 16) << 8, # z & 0xffff00 (from https://blog.regehr.org/archives/1636)
(((x ^ y) + 2 * (x & y)) * 39 + 23) * 151 + 111, # x + y (from Ninon Eyrolle's thesis)
x_xor_92_obfuscated(x), # x ^ 92 (from iMassage)
bswap32_xor_const(z), # ((bswap(z, 32) ^ 0x23746fbe) + 0xfffffffd) (from UnityPlayer.dll)
(~(~(x) & ~(y)) & ~(~(~(x)) & ~(~(y)))), # x ^ y (from VMProtect https://whereisr0da.github.io/blog/posts/2021-02-16-vmp-3/)
((~(~(x)) & ~(~(y))) + (~(~(x)) | ~(~(y)))), # x + y (from VMProtect https://whereisr0da.github.io/blog/posts/2021-02-16-vmp-3/)
((~(~(y)) | ~(~(x))) + ~(~(x)) - (~(~(x)) & ~(~(~(y))))), # x + y (from VMProtect https://whereisr0da.github.io/blog/posts/2021-02-16-vmp-3/)
((~(~(x)) | ~(~(y))) + (~(~(~(x))) | ~(~(y))) - (~(~(~(x))))), # x + y (from VMProtect https://whereisr0da.github.io/blog/posts/2021-02-16-vmp-3/)
((~(~(x)) | ~(~(y))) + ~(~(y)) - (~(~(~(x))) & ~(~(y)))), # x + y (from VMProtect https://whereisr0da.github.io/blog/posts/2021-02-16-vmp-3/)
(~(~(y)) + (~(~(x)) & ~(~(~(y)))) + (~(~(x)) & ~(~(y)))), # x + y (from VMProtect https://whereisr0da.github.io/blog/posts/2021-02-16-vmp-3/)
(~(~(x) + y)), # x - y (from VMProtect https://whereisr0da.github.io/blog/posts/2021-02-16-vmp-3/)
(~(((~(~(x)) | y) - (~(~(x)))))), # ~((x | y) - x) (from VMProtect https://whereisr0da.github.io/blog/posts/2021-02-16-vmp-3/)
(~((~(x) & ~(x)) + y) & ~((~(x) & ~(x)) + y)), # x - y (from VMProtect https://whereisr0da.github.io/blog/posts/2021-02-16-vmp-3/)
((~(~(x)) | y) - (~(~(~(x))) & y) - (~(~(x)) & ~y)), # x & y (from VMProtect https://whereisr0da.github.io/blog/posts/2021-02-16-vmp-3/)
((~(~(~(x))) | y) - (~(~(~(x))))), # x & y (from VMProtect https://whereisr0da.github.io/blog/posts/2021-02-16-vmp-3/)
((~(~(x)) & ~(y)) + y), # x | y (from VMProtect https://whereisr0da.github.io/blog/posts/2021-02-16-vmp-3/)
(((~(~(x)) & ~(y)) & y) + ((~(~(x)) & ~(y)) | y)), # x | y (from VMProtect https://whereisr0da.github.io/blog/posts/2021-02-16-vmp-3/)
((~(~(x)) & ~(~(y))) + (~(~(x)) | ~(~(y)))), # x + y (from VMProtect https://whereisr0da.github.io/blog/posts/2021-02-16-vmp-3/)
]

for expr in obf_exprs:
(print('In: %s' %(expr)) if len(str(expr)) < 100 else print('In: %s ...' %(str(expr)[0:100])))
expr = ctx.synthesize(expr, constant=True, subexpr=True, opaque=False)
expr = ctx.synthesize(expr, constant=True, subexpr=True)
print('Out: %s' %(expr))
print()

Expand Down

0 comments on commit 7af202d

Please sign in to comment.