This repo contains all the supporting material for this blog post: https://alden.io/posts/secrets-of-xprotect/.
Keep in mind that if you don't have a commercial Binary Ninja license, you won't be able to run the extractor headlessly. You can still run it from within the app via File > Run Script....
Files
setup.sh: a helper script to copy the remediators and perform extractionxpr-dump.py: a binaryninja script to dump the strings from an XPR
Folders
/rules: all the cleaned YARA rules/output: the raw output from string decryption/notes: a collection of notes about a subset of the YARA rules