Twinner is a deobfuscation and unpacking framework. It inspects executable binaries and uses binary instrumentation and concolic execution to model the software behavior and recode it as a new compilable C program.
Clone or download
Fetching latest commit…
Cannot retrieve the latest commit at this time.
Permalink
Type Name Latest commit message Commit time
Failed to load latest commit information.
cfgs
graphcomparison
metrics
model
src
test
.gitignore
COPYING
README.md
deploy
download-win.sh
download.sh
gdb_for_pintool.sh
linux-vm
mem.sh
prepare_environment.sh
prepare_environment_win.sh
run_paused_twintool.sh
run_twinner.sh
run_twinner_input0.sh
run_twinner_input0_vo.sh
run_twinner_input1.sh
run_twinner_input10.sh
run_twinner_input10_vo.sh
run_twinner_input11.sh
run_twinner_input11_vo.sh
run_twinner_input12.sh
run_twinner_input12_vo.sh
run_twinner_input13.sh
run_twinner_input13_vo.sh
run_twinner_input14.sh
run_twinner_input14_vo.sh
run_twinner_input15.sh
run_twinner_input15_vo.sh
run_twinner_input16.sh
run_twinner_input16_vo.sh
run_twinner_input17.sh
run_twinner_input17_vo.sh
run_twinner_input18.sh
run_twinner_input18_vo.sh
run_twinner_input19.sh
run_twinner_input19_vo.sh
run_twinner_input1_vo.sh
run_twinner_input2.sh
run_twinner_input2_vo.sh
run_twinner_input3.sh
run_twinner_input3_vo.sh
run_twinner_input4.sh
run_twinner_input4_vo.sh
run_twinner_input5.sh
run_twinner_input5_vo.sh
run_twinner_input6.sh
run_twinner_input6_vo.sh
run_twinner_input7.sh
run_twinner_input7_vo.sh
run_twinner_input8.sh
run_twinner_input8_vo.sh
run_twinner_input9.sh
run_twinner_input9_vo.sh
run_twinner_ls.sh
run_twinner_win.sh
run_twintool.sh
run_twintool_ls.sh
run_twintool_win.sh
upload.sh
windows-vm

README.md

Twinner

Twinner is a deobfuscation and unpacking framework. It inspects executable binaries, instruments them using the PIN Intel framework for binary instrumentation, analyzes executed assembly instructions through a concolic execution, models the behavior of the program as a set of symbolic expressions and constraints, and recodes it as twincode, a compilable C program with simplified logic. The framework allows automatic deobfuscation of the virtualization obfuscated binaries on 64bit Linux and 32bit Windows. The latest version is 0.30.0 and is a work in progress, so if you are not familiar with the context, you should wait for the v1.0.0 release. Otherwise, have happy hacking :) There is no regular release schedule and every version is released when it is ready.

Installation

Use make files.

Usage

Run Twinner binary with --help for details.

License

Copyright © 2013-2018 Behnam Momeni

This program is free software: you can redistribute it and/or modify
it under the terms of the GNU General Public License as published by
the Free Software Foundation, either version 3 of the License, or
(at your option) any later version.

This program is distributed in the hope that it will be useful,
but WITHOUT ANY WARRANTY; without even the implied warranty of
MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
GNU General Public License for more details.

You should have received a copy of the GNU General Public License
along with this program.  If not, see {http://www.gnu.org/licenses/}.