Releases: Squiblydoo/debloat
Releases · Squiblydoo/debloat
1.6.1 NSIS bugfix
1.6.1
- Fixes legacy bug that could result in failure to identify NSIS installers.
- In previous builds, we only checked a small window for the NSIS header. That window has been increased.
- Updates the tkinterdnd hook file to only collect binaries associated with the operating system it is being built for.
- Add placeholders for 2 new use cases to solve for.
- Updates buildCLI.txt to specify output filename.
- Add file for GitHub build automation (not yet functioning to full expectation).
As always, with the Mac Version, you may need to use "GateKeeper bypass" that is: "command + right-click" -> "Open"
1.6.0 Junk in Certificate use-case - Improvements
1.6.0
- Improves NSIS Parser to handle an irregular NSIS format
- Adds solution for Use Case 17
- Attackers can include junk marked as the code signing signature. In previous versions, the certificate preservation would preserve the junk. Without certificate preservation, the junk would be removed but return a Result Code of "0 - No Solution Found" even though the file was deflated.
- Bug Fix
- Adds error handling to escape non-unicode PE section names
As always, with the Mac Version, you may need to use "GateKeeper bypass" that is: "command + right-click" -> "Open"
1.5.6.6 NullSoft Item improvement
1.5.6.6
- Bug Fix
- Patches bug in Result-Code 4 where an excess could be removed.
- This was due to a miscalculation. In these instances, the "dynamic trim" and "refinery trim" methods were essentially being applied to the same data, then calculating an excess of junk.
- The check for duplicate items in an NSIS Installer has been improved.
- Previous check looked for item at the same offset; this version checks to see that all features are the same.
- Patches bug in Result-Code 4 where an excess could be removed.
As always, with the Mac Version, you need to use "GateKeeper bypass" that is: "command + right-click" -> "Open"
1.5.6.5 - Small revert, new horizons
1.5.6.5
- Bug Fix
- Inadvertently changed "sample_compression" limit, thought it'd be OK, but it actually causes this check's main purpose to fail (that is, failing quickly when needed). Got some new ideas out of it though.
Due to quick release between versions, change note for 1.5.6.4 are also included here:
1.5.6.4
- Bug Fixes
- Fixed logic that could incorrectly flag .text sections as suspicious.
- Handled rare error that could occur in updating offsets.
- Certificate preservation now works reliably for all use-cases.
As always, with the Mac Version, you need to use "GateKeeper bypass" that is: "command + right-click" -> "Open"
1.5.6.4 Bug-fixes
1.5.6.4
- Bug Fixes
- Fixed logic that could incorrectly flag .text sections as suspicious.
- Handled rare error that could occur in updating offsets.
- Certificate preservation now works reliably for all use-cases.
No binaries built due to plan to make a quick tweak and release 1.5.6.5
1.5.6.3 Bugfix + Enhancement
1.5.6.3
- Bug Fixes
- Modified NSIS Parser to address issue identified in the implementation. More details here: binref/refinery#49
- TLDR, NSIS Installers with the properly of uncompressed data was not previously accounted for due to lack of examples. They now are accounted for.
- Modified compression check in bloated overlay analysis
- previous compression check was erroneous and worked only based on miracles.
- Modified NSIS Parser to address issue identified in the implementation. More details here: binref/refinery#49
- Improvements
- Modified trimming threshold: 0.05 -> 0.15
- New trimming threshold allows for lower compressed junk.
- New trimming threshold removes more junk without being too aggressive.
- Modified trimming threshold: 0.05 -> 0.15
- Known issue
- The certificate preservation option does not preserve the certificate in all use-cases, particularly cases where junk is in the overlay.
As always, with the Mac Version, you need to use "GateKeeper bypass" that is: "command + right-click" -> "Open"
1.5.6.2 Bugfix
1.5.6.2
- Bug Fix
- Not all possible paths returned a result code. An additional result code was added.
As always, with the Mac Version, you need to use "GateKeeper bypass" that is: "command + right-click" -> "Open"
1.5.6.1 Bug-fix
1.5.6.1
- Bug Fix
- Added the result code for real this time.
Change only affected the binaries in a minor way. Binaries will be compiled and uploaded later today. In the meantime, you can download the previous version below.
- Added the result code for real this time.
1.5.6 - Cert Support
1.5.6
- Cert Support
- Added support in both CLI and GUI to preserve the authenticode certificate.
- Authenticode certificate is removed by default because the certificate becomes invalid. When it becomes invalid it becomes unclear whether the certificate was always invalid or not.
- Added support in both CLI and GUI to preserve the authenticode certificate.
- Bug Fix
- A result code was missing which could cause problems in processing that looked for a result
1.5.5 Improvements + solves Packer with bloated section
1.5.5
- General Improvements
- Added functionality to print debloat version/ added to GUI UI
- Deduped results_codes into processor file
- New Use Case
- Identified a use case that wasn't being solved, improved program logic to solve.
- Packed files with a bloated section.
- Identified a use case that wasn't being solved, improved program logic to solve.