-
Notifications
You must be signed in to change notification settings - Fork 0
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
- Loading branch information
Showing
2 changed files
with
27 additions
and
9 deletions.
There are no files selected for viewing
Loading
Sorry, something went wrong. Reload?
Sorry, we cannot display this file.
Sorry, this file is invalid so it cannot be displayed.
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -1,20 +1,38 @@ | ||
| # mba-deobfuscation | ||
| # MBASED: Practical Simplifications of Mixed Boolean-Arithmetic Obfuscation | ||
|  | ||
|
|
||
| Mixed Boolean-Arithmetic (MBA) obfuscation is a technique that transforms simple boolean expressions into complex expressions by combining arithmetic and boolean operations. It serves the purpose of making code more difficult to analyze, protecting software from reverse engineering and tampering. | ||
| Conversely, mixed boolean-arithmetic deobfuscation aims to simplify obfuscated boolean expressions. In this paper, we present a Binary Ninja plugin called MBASED (Mixed Boolean-Arithmetic Simplification Engine for Deobfuscation) that performs mixed boolean deobfuscation within C programs to assist reverse engineers in understanding them. We first created a system that processes boolean expressions and converts them into a parse | ||
| tree. We then employed the Python library, SymPy, and the SMT Solver, Z3, to simplify the boolean expressions, and print the results to the Binary Ninja console. MBASED substantially decreases the number of variables and operations within boolean expressions, indicating boolean simplification. | ||
|
|
||
| [WIP] GSET 2024. Repository for the "Augmenting Decompiler Outputs" Project tackling Mixed Boolean-Arithmetic (MBA) deobfuscation. | ||
|
|
||
| ## Contributing | ||
| To contribute to this project, please open a pull request with your changes. If you are unsure about the changes you want to make, please open an issue to discuss it with the project members. For code health, please ensure that your code is clear and formatted. You can use the `black` code formatter to format your code. To install `black`, run `pip install black`. To format your code, run the following command. | ||
| This research project was conducted as part of the of the [Governor's School of Engineering and Technology](https://soe.rutgers.edu/academics/pre-college-engineering-programs/new-jersey-governors-school-engineering-and-technology) 2024 program. To learn more about GSET, please visit [https://gset.rutgers.edu/](https://gset.rutgers.edu/). | ||
|
|
||
| ## Dependencies | ||
| In order to use or contribute to MBASED, you will need the following dependencies: | ||
|
|
||
| - [Binary Ninja](https://binary.ninja/): An interactive decompiler made by [Vector35](https://vector35.com/). | ||
| - [Z3](https://github.com/Z3Prover/z3): A high-performance theorem prover being developed at Microsoft Research. | ||
| - [Sympy](https://www.sympy.org/en/index.html): A Python library for symbolic mathematics. | ||
|
|
||
| ## Installation | ||
| To install MBASED, you will need to clone this repository into your Binary Ninja plugins directory. To find where your plugins directory is, open Binary Ninja and navigate to `Plugins > Open Plugin Folder` in the navigation bar. Then, clone this repository into the plugins directory using the following command. | ||
|
|
||
| ``` | ||
| python -m black *.py */*.py | ||
| git clone https://github.com/bliutech/mbased.git | ||
| ``` | ||
|
|
||
| Formatting is checked using a GitHub action, so please ensure that your code is formatted before opening a pull request. We also try and follow good practices by adding type hints to our code. Please ensure that you add type hints to your code. A good tool to check for type hints is `mypy`. To install `mypy`, run `pip install mypy`. To see how to use `mypy`, run the following command. | ||
| Relaunch Binary Ninja, and you should see the MBASED plugin in the plugins list. | ||
|
|
||
| ## Contributing | ||
| To contribute to this project, please open a pull request with your changes. If you are unsure about the changes you want to make, please open an issue to discuss it with one of the authors. For code health, please ensure that your code is clear and formatted. You can use the `black` code formatter to format your code. To install `black`, run `pip install black`. To format your code, run the following command. | ||
|
|
||
| ``` | ||
| python -m mypy -h | ||
| python -m black *.py */*.py | ||
| ``` | ||
|
|
||
| Formatting is checked using a GitHub action, so please ensure that your code is formatted before opening a pull request. We also try and follow good practices by adding type hints to our code. | ||
|
|
||
| ## Authors | ||
| - Project Members: Micah, Tim, Sanjana, Nitin | ||
| - Project RTA: Aashi M | ||
| - Project Mentor: Benson Liu | ||
| MBASED was developed by Nitin Krishnaswamy, Sanjana Mandadi, Micah Nelson, and Timothy Slater for GSET 2024. Their project was advised by Benson Liu as their project mentor and Aashi Misha as their project Resident Teaching Assistant (RTA). For questions or requests for additional information, please contact the authors. |