This repository was first made public in June of 2024, before of which any copyrighted material has been removed. It is to be noted, that all information found here is for educational purposes only and all rights belong to the respective owners.
All (re-)sources, which served as a basis for this project, have been referenced extensively in each individual chapter.
- Read: https://nicolo.dev/en/blog/fairplay-apple-obfuscation/
1.1 Understand the fundamentals of the article
1.2 Summarize the article in own words.
- Install and understand the Tigress Obfuscation Software
2.1 Get a simple C program and obfuscate it with tigress. e.g. https://github.com/mrphrazer/r2con2021_deobfuscation/blob/main/samples/src/fib.c
2.2 Look at the compiled binary with e.g. Ghidra
2.2.1 Focus on the following obfuscation techniques (one per one):- Control Flattening
- Opaque Predicates
- Encode Arithmetic
- Read: https://synthesis.to/2021/10/21/vm_based_obfuscation.html
3.1 Summarize the article in own words.
3.2 Analyze the vm_base.bin binary.
- Analyze the EasyAntiCheat.sys binary.
4.1 Focus on some of its functions.
4.2 Focus on the whole binary and try to "quickly" spot (with the acquired knowledge) obfuscated code.
- Multiple folders can be found with names like "archive" or "obsolete". These folders contain mainly analyses, which were not further elaborated upon. This was due to time constraints or "wrong directions", which would have else been taken.
- The file ("symb_exec") contains a semi finished analysis of the symbolic execution technique. Unfortunately, this is also unfinished due to not really being in the scope of this project and (again) due to time constraints.