Skip to content
/ twinner Public

Twinner is a deobfuscation and unpacking framework. It inspects executable binaries and uses binary instrumentation and concolic execution to model the software behavior and recode it as a new compilable C program.

License

GPL-3.0 license
3 stars 0 forks Branches Tags Activity
Star
Notifications You must be signed in to change notification settings

S4Lab/twinner

BranchesTags

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

1,121 Commits
cfgs
cfgs
 
 
graphcomparison
graphcomparison
 
 
metrics
metrics
 
 
model
model
 
 
src
src
 
 
test
test
 
 
.gitignore
.gitignore
 
 
COPYING
COPYING
 
 
README.md
README.md
 
 
deploy
deploy
 
 
download-win.sh
download-win.sh
 
 
download.sh
download.sh
 
 
gdb_for_pintool.sh
gdb_for_pintool.sh
 
 
linux-vm
linux-vm
 
 
mem.sh
mem.sh
 
 
prepare_environment.sh
prepare_environment.sh
 
 
prepare_environment_win.sh
prepare_environment_win.sh
 
 
run_paused_twintool.sh
run_paused_twintool.sh
 
 
run_twinner.sh
run_twinner.sh
 
 
run_twinner_input0.sh
run_twinner_input0.sh
 
 
run_twinner_input0_vo.sh
run_twinner_input0_vo.sh
 
 
run_twinner_input1.sh
run_twinner_input1.sh
 
 
run_twinner_input10.sh
run_twinner_input10.sh
 
 
run_twinner_input10_vo.sh
run_twinner_input10_vo.sh
 
 
run_twinner_input11.sh
run_twinner_input11.sh
 
 
run_twinner_input11_vo.sh
run_twinner_input11_vo.sh
 
 
run_twinner_input12.sh
run_twinner_input12.sh
 
 
run_twinner_input12_vo.sh
run_twinner_input12_vo.sh
 
 
run_twinner_input13.sh
run_twinner_input13.sh
 
 
run_twinner_input13_vo.sh
run_twinner_input13_vo.sh
 
 
run_twinner_input14.sh
run_twinner_input14.sh
 
 
run_twinner_input14_vo.sh
run_twinner_input14_vo.sh
 
 
run_twinner_input15.sh
run_twinner_input15.sh
 
 
run_twinner_input15_vo.sh
run_twinner_input15_vo.sh
 
 
run_twinner_input16.sh
run_twinner_input16.sh
 
 
run_twinner_input16_vo.sh
run_twinner_input16_vo.sh
 
 
run_twinner_input17.sh
run_twinner_input17.sh
 
 
run_twinner_input17_vo.sh
run_twinner_input17_vo.sh
 
 
run_twinner_input18.sh
run_twinner_input18.sh
 
 
run_twinner_input18_vo.sh
run_twinner_input18_vo.sh
 
 
run_twinner_input19.sh
run_twinner_input19.sh
 
 
run_twinner_input19_vo.sh
run_twinner_input19_vo.sh
 
 
run_twinner_input1_vo.sh
run_twinner_input1_vo.sh
 
 
run_twinner_input2.sh
run_twinner_input2.sh
 
 
run_twinner_input2_vo.sh
run_twinner_input2_vo.sh
 
 
run_twinner_input3.sh
run_twinner_input3.sh
 
 
run_twinner_input3_vo.sh
run_twinner_input3_vo.sh
 
 
run_twinner_input4.sh
run_twinner_input4.sh
 
 
run_twinner_input4_vo.sh
run_twinner_input4_vo.sh
 
 
run_twinner_input5.sh
run_twinner_input5.sh
 
 
run_twinner_input5_vo.sh
run_twinner_input5_vo.sh
 
 
run_twinner_input6.sh
run_twinner_input6.sh
 
 
run_twinner_input6_vo.sh
run_twinner_input6_vo.sh
 
 
run_twinner_input7.sh
run_twinner_input7.sh
 
 
run_twinner_input7_vo.sh
run_twinner_input7_vo.sh
 
 
run_twinner_input8.sh
run_twinner_input8.sh
 
 
run_twinner_input8_vo.sh
run_twinner_input8_vo.sh
 
 
run_twinner_input9.sh
run_twinner_input9.sh
 
 
run_twinner_input9_vo.sh
run_twinner_input9_vo.sh
 
 
run_twinner_ls.sh
run_twinner_ls.sh
 
 
run_twinner_win.sh
run_twinner_win.sh
 
 
run_twintool.sh
run_twintool.sh
 
 
run_twintool_ls.sh
run_twintool_ls.sh
 
 
run_twintool_win.sh
run_twintool_win.sh
 
 
upload.sh
upload.sh
 
 
windows-vm
windows-vm
 
 

Repository files navigation

Twinner

Twinner is a deobfuscation and unpacking framework. It inspects executable binaries, instruments them using the PIN Intel framework for binary instrumentation, analyzes executed assembly instructions through a concolic execution, models the behavior of the program as a set of symbolic expressions and constraints, and recodes it as twincode, a compilable C program with simplified logic. The framework allows automatic deobfuscation of the virtualization obfuscated binaries on 64bit Linux and 32bit Windows. The latest version is 0.30.0 and is a work in progress, so if you are not familiar with the context, you should wait for the v1.0.0 release. Otherwise, have happy hacking :) There is no regular release schedule and every version is released when it is ready.

Installation

Use make files.

Usage

Run Twinner binary with --help for details.

License

Copyright © 2013-2018 Behnam Momeni

This program is free software: you can redistribute it and/or modify
it under the terms of the GNU General Public License as published by
the Free Software Foundation, either version 3 of the License, or
(at your option) any later version.

This program is distributed in the hope that it will be useful,
but WITHOUT ANY WARRANTY; without even the implied warranty of
MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
GNU General Public License for more details.

You should have received a copy of the GNU General Public License
along with this program.  If not, see {http://www.gnu.org/licenses/}.

About

Twinner is a deobfuscation and unpacking framework. It inspects executable binaries and uses binary instrumentation and concolic execution to model the software behavior and recode it as a new compilable C program.

Resources

Readme

License

GPL-3.0 license
Activity
Custom properties

Stars

3 stars

Watchers

2 watching

Forks

0 forks
Report repository

Releases

31 tags

Packages

No packages published

Languages