Author: Jamie Hankins
De-obfuscates strings inside of obfuscated Go binaries
This plugin implements a simple LLIL emulator to statically de-obfuscate simple string obfuscation such as the obfuscations done by gobfuscate.
To activate it, use either the Tools
menu or the command palette. It offers two modes, the first will attempt to analyze the current function while the other will attempt to find all functions that are merely obfuscated strings and rename them. If the function name cannot be cleanly replaced, a comment will be added at all call locations with the detailed deobfuscated string in addition to the truncated rename.
no special instructions, package manager is recommended
no special instructions, package manager is recommended
no special instructions, package manager is recommended
This plugin requires the following minimum version of Binary Ninja:
- 1528
This plugin is released under a MIT license.
2