A Unicorn based emulator to deobfuscate Equation Group string XOR obfuscation
Switch branches/tags
Nothing to show
Clone or download
fG!
Latest commit 1f3fdd3 Sep 26, 2018
Permalink
Type Name Latest commit message Commit time
Failed to load latest commit information.
unicorn_string_deobfuscator.xcodeproj Initial commit to github Sep 26, 2018
unicorn_string_deobfuscator Initial commit to github Sep 26, 2018
README.md Initial commit to github Sep 26, 2018

README.md

Unicorn String Deobfuscator

A Unicorn based emulator to deobfuscate Equation Group string XOR obfuscation used in many samples.

Instead of reversing the algo just ripped off the function and emulated it on Unicorn.

Just a simple demo on how to use Unicorn to easily emulate functions you don't want to reverse because you are too lazy or they are too annoying and you just want to execute them.

Requires Unicorn Engine (http://unicorn-engine.org).

Have fun, fG!