Skip to content
Hex-Rays microcode API plugin for breaking an obfuscating compiler
C++ Makefile
Branch: master
Clone or download
Pull request Compare This branch is 8 commits ahead, 1 commit behind RolfRolles:master.
Permalink
Type Name Latest commit message Commit time
Failed to load latest commit information.
bin forgot to upload the latest bin Jun 28, 2019
AllocaFixer.cpp feedback from Hex-Rays #2 and mblock_t copy implementation Jun 18, 2019
AllocaFixer.hpp modification for APT10 ANEL 5.4.1 Feb 21, 2019
CFFlattenInfo.cpp feedback from Hex-Rays #2 and mblock_t copy implementation Jun 18, 2019
CFFlattenInfo.hpp feedback from Hex-Rays #2 and mblock_t copy implementation Jun 18, 2019
Config.hpp feedbacks from Hex-Rays, improved algorithms (e.g., FindJccInFirstBlo… May 23, 2019
DefUtil.cpp feedback from Hex-Rays #2 and mblock_t copy implementation Jun 18, 2019
DefUtil.hpp feedback from Hex-Rays #2 and mblock_t copy implementation Jun 18, 2019
HexRaysDeob.sln modification for APT10 ANEL 5.4.1 Feb 21, 2019
HexRaysDeob.vcxproj feedback from Hex-Rays #2 and mblock_t copy implementation Jun 18, 2019
HexRaysDeob.vcxproj.filters modification for APT10 ANEL 5.4.1 Feb 21, 2019
HexRaysDeob.vcxproj.user g_LastMaturity bug fixed Jun 26, 2019
HexRaysUtil.cpp modification for APT10 ANEL 5.4.1 Feb 21, 2019
HexRaysUtil.hpp feedback from Hex-Rays #2 and mblock_t copy implementation Jun 18, 2019
LICENSE Initial commit Sep 19, 2018
MicrocodeExplorer.cpp feedback from Hex-Rays #2 and mblock_t copy implementation Jun 18, 2019
MicrocodeExplorer.hpp modification for APT10 ANEL 5.4.1 Feb 21, 2019
PatternDeobfuscate.cpp feedback from Hex-Rays #2 and mblock_t copy implementation Jun 18, 2019
PatternDeobfuscate.hpp modification for APT10 ANEL 5.4.1 Feb 21, 2019
PatternDeobfuscateUtil.cpp
PatternDeobfuscateUtil.hpp feedback from Hex-Rays #2 and mblock_t copy implementation Jun 18, 2019
README.org feedback from Hex-Rays #2 and mblock_t copy implementation Jun 18, 2019
TargetUtil.cpp feedback from Hex-Rays #2 and mblock_t copy implementation Jun 18, 2019
TargetUtil.hpp feedback from Hex-Rays #2 and mblock_t copy implementation Jun 18, 2019
Unflattener.cpp sub block comparison variable handling fixed Jun 27, 2019
Unflattener.hpp feedback from Hex-Rays #2 and mblock_t copy implementation Jun 18, 2019
main.cpp feedback from Hex-Rays #2 and mblock_t copy implementation Jun 18, 2019
makefile Added a makefile that works for macOS Sep 26, 2018
makefile.lnx Update makefile.lnx Nov 26, 2018

README.org

HexRaysDeob for APT10 ANEL

This is a forked repository of HexRaysDeob for defeating APT10 ANEL code obfuscations.

This plugin supports IDA 7.3 only.

The tested hashes are:

  • 3d2b3c9f50ed36bef90139e6dd250f140c373664984b97a97a5a70333387d18d (5.4.1 dropped payload)
  • f333358850d641653ea2d6b58b921870125af1fe77268a6fdfeda3e7e0fb636d (5.5.0 rev1 loader DLL)
You can’t perform that action at this time.