Skip to content

/ miasm-opaquejmp

OpaqueJmps solver
Python
  1. Python 100.0%
Branch: master
Find file
Clone or download

Clone with HTTPS

Use Git or checkout with SVN using the web URL.

Open in Desktop Download ZIP

Launching GitHub Desktop

If nothing happens, download GitHub Desktop and try again.

Launching GitHub Desktop

If nothing happens, download GitHub Desktop and try again.

Launching Xcode

If nothing happens, download Xcode and try again.

Launching Visual Studio

If nothing happens, download the GitHub extension for Visual Studio and try again.

Cannot retrieve the latest commit at this time.
Cannot retrieve the latest commit at this time.
Permalink
Type Name Latest commit message Commit time
Failed to load latest commit information.
.gitignore
README.md
solver.py

README.md

OpaqueJmps solver for IDA

Simple script that is trying to find opaque jumps in specified function and resolve their. By "resolve" i mean reaching of the path created by condition jumps from section of code before that. If exist only one static (int) solution (for True or False branch) that mean that jump is opaque jump.

**** code ***
JZ something   <- EIP=(Condition ? A : B); True == (Condition == True and Condition == False) 
**** code ****

Workflow

  • Translates code from IDA to MiasmIR
  • Finds all cjmp in IRCFG
  • Creates DependencyGraph for EIP/RIP and asks a solution for that symbol
  • Checks if only one ExprInt solution found then it is an opaque jump

Some limitations

  • Sometimes that solver make a false prediction (Not found some solutions)
  • For very big graph it takes much more time.
  • And ofcourse it's not work in all possible cases =)
You can’t perform that action at this time.