Workshop Material on VM-based Deobfuscation
This repository contains slides, samples and code of the 4h code deobfuscation workshop at r2con2021. We give a brief introduction into virtualization-based obfuscation and manually analyze a simple VM generated by Tigress
. Afterward, we use symbolic execution to automate the analysis and write a dynamic VM disassembler that is based on Miasm
.
The recording is available here.
Installation
# on debian/ubuntu based systems:
sudo apt-get install python-dev
# clone repository and