1.5.4 - General improvements

1.5.4

• General Improvements
  • This version prints report codes indicating which inflation tactic is identified.
  • This version can now handle instances where no pattern exists within the junk data, or the pattern is disrupted by a few characters. This version uses the trimming method from binary refinery in two cases that were found to be more efficient.
  • A performance testing script has been included.

The new updates hand a few edge use-cases that were not solvable before and fixes one bug.
- Bug fix: If debloat was unable to trim a inflated section, it would tell you it could and then exit telling you that it could not.
- New use-case solved: This solves the use-case where there a pattern exists in the overlay, but additional bytes have been added to disrupt the pattern. As much as 1 byte is enough to disrupt the pattern. This is not a problem anymore.

1.5.3.4 More NSIS Extraction Functionality

1.5.3.4

• NSIS Parser improvements
  • Additional use cases for NSIS were identified and tested. These identified additional bugs which are fixed in this version. These use cases were added and tested:
    • bzip2_liquid
    • bzip2_solid
    • lzma_liquid
    • lzma_solid
    • zlib_liquid
    • zlib_solid

As always, with the Mac Version, you need to use "GateKeeper bypass" that is: "command + right-click" -> "Open"

1.5.3.3 - NSIS Parser Fixes

1.5.3.3

• Modified NSIS Parser significantly.
  • Two use cases were identified where the parser were not working adequately. This resulted in identifying two logic bugs which resulted in fixing one and a large rewrite of some portions of the NSIS Parser. Rewrite was done by Huettenhain (https://github.com/huettenhain) for the original project of the NSIS Parser (https://github.com/binref/refinery) and then was incorporated into Debloat by me (Squiblydoo).
  • Removed some code that was unused.

As always, with the Mac Version, you need to use "GateKeeper bypass" that is: "command + right-click" -> "Open"

1.5.3.2 - RSRC Triming bug fix

1.5.3.2

• Fixed a bug with the RSRC trimming
  • These were some long standing issues:
    • The default threshold and default size_limit were brought into conformance with Refinery Trim
    • With the previously high threshold, it could result in problems from removing the entire resource.
    • I also reverted the compression method in this section. The one used elsewhere was found not to be compatible with this part of the processing.

1.5.3.1 - Minor bug fixes

As always, use the Gatekeeper bypass to run on MacOS (cmd + right-click -> Open).

1.5.3.1

• Fixed NSIS extractor bug.
  • Bug was caused due to the failure of adding some bytes when iterating through NSIS entries.
  • Bug was caused by a missing variable.
• Updated the imports for nsisParser and readers
  • (Somehow?) It was working without these needing to be explicitly mentioned, but it has been updated for completeness.

1.5.3 Bug fixes

As always, the MacOS build requires Gatekeeper bypass (cmd + rightclick > open > OK)

1.5.3

• Fixed alignment bug
  • There was a bug where I was subtracting instead of adding bytes to fix alignment. It now adds instead of subtracts.
• Polished the trim
  • The "find_chunk_start" method had some unclear logic, that has been improved.
  • Instead of trying to remove all junk, the method now returns all bytes if the full regex was unable to match.
  • So, if the step is 1000 or 2000 bytes and not all of them are junk, it will leave all 1000
    • The logic is that they aren't really hurting anything by being here, and it is better to leave them than accidentally remove them.

1.5.2 Even more performance update

Changed made by gdesmar; Thank you again. :)

1.5.2

• Merged Optimization changes
  • Changes primarily related to the trim_junk function
  • Primary changes reduced the active memory cost
• No changes in the functionality were made in this release.

1.5.1 Performance Update

1.5.1

• Made modifications recommended by gdesmar for memory improvements.
  • Added the ability to pass the size of the file to the process_pe method
    • This reduces memory usage to calculate the length
  • Bug fixes suggested by gdesmar such as passing the correct object type
  • New compression algorithim implemented
  • See #18 to learn more about performance enhancements.
• Implemented the optional "beginning_file_size" parameter for "process_pe" in both main.py and gui.py
• Fixed typecasting bug introduced in 1.5.0 in relation to the "write_multiple_files" method

1.5.0 - Add NSIS processing capability

As always, the Mac version needs the Gatekeeper bypass: cmd + right-click; and then "Open"

1.5.0

• Added capability to handle Nullsoft Scriptable Install System (NSIS, aka Nullsoft) executables.

  • Setup instructions and binaries are extracted from the Nullsoft installer to a separate directory.
  • At this time, the user needs to resubmit files if they are bloated. Currently, debloat has no way of determining which files are malicious.

• Fully renamed "Unsafe" Processing to "last_ditch_processing"

  • Last ditch better represents its purpose.
  • "Unsafe" is a name that is often used in the context of untrusted code.
  • Fixed inconsistency in naming of "last ditch processing"

• Adjusted how debloat determines if junk was removed or not:

  • Previously, it could think junk removed if 1 or more bytes were removed or if only the signature was removed.
  • Now debloat checks for a 10% removal at the least

• Updated documentation regarding Linux build command.

  • This had been updated elsewhere, but the update had not made it to the README

1.4.3 Bug-Fix and Last-ditch

Apparently, I forgot to do a release for 1.4.2 🤡
Too late now, we are on to 1.4.3!

I fixed a bug and implemented a TODO: the bug was a logic bug for debloating a section, it worked fine only when it was the last section. The TODO was to make sure all the offsets are updated when it isn't the last section.

I renamed "Unsafe" processing to "last ditch processing" since it is a clearer description. I also brought it to the GUI. Basically last-ditch will drop the whole overlay if no smarter debloating method is found.

As always, with the Mac Version, you need to use "GateKeeper bypass" that is: "command + right-click" -> "Open"