297
edits
Changes
overlay unpackers themida, wmprotect, code virtualizer, etc + exploit framework and interactive debugger binary ninja extensions added, added ollydbg x86 wow how did I miss olly.
*[https://github.com/craigz28/firmwalker Firmwalker] - is a script for searching the extracted firmware file system for goodies!
====Setup or Extractors / Overlay Unpackers / ExtractorsVirtualization Wrappers====
*[https://innounp.sourceforge.net/ innounp] - the Inno Setup Unpacker.
*[https://github.com/crackinglandia/fuu FUU] - [F]aster [U]niversal [U]npacker.
=====Themida Reverse Engineering=====
*[https://github.com/ergrelet/themida-unmutate themida-unmutate] - is a static deobfuscator for Themida, WinLicense and Code Virtualizer 3.x's mutation-based obfuscation.
*[https://github.com/sodareverse/TDE TDE] - is a devirtualization engine for Themida. Supported FISH VMA versions: 2.2.5.0, 2.2.6.0, 2.2.7.0.
*[https://github.com/ergrelet/unlicense unlicense] - is a dynamic unpacker and import fixer for Themida/WinLicense 2.x and 3.x mostly used for malware-analysis.
=====VMProtect Reverse Engineering=====
======VMProtect 2======
*[https://git.back.engineering/vmp2/ vmp2] - Resources provided by Back Engineering Labs regarding VMProtect 2 Reverse Engineering (x64 PE Only).
*vmemu (VMProtect 2 Virtual Machine Handler Emulation)
*vmassembler (VMProtect 2 Virtual Instruction Assembler)
*vmprofiler (VMProtect 2 Virtual Machines Profiler Library)
*vmprofiler-cli (VMProtect 2 CLI Virtual Machine Information Displayer)
*vmhook (VMProtect 2 Virtual Machine Hooking Library)
*vmprofiler-qt (VMProtect 2 Qt Virtual Instruction Inspector)
*um-hook (VMProtect 2 Usermode Virtual Instruction Hook Demo)
*vmdevirt (VMProtect Devirtualization)
======VMProtect 3======
*[https://git.back.engineering/vmp3/ vmp3] - Resources provided by Back Engineering Labs regarding VMProtect 3 Reverse Engineering (x64 PE Only).
*vmdevirt (VMProtect 3 Static Devirtualization)
*vmprofiler (VMProtect 3 Virtual Machines Profiler Library)
*vmemu (VMProtect 3 Virtual Machine Handler Emulation)
=====Code Virtualizer (Oreans Technologies)=====
*[https://github.com/pakt/decv devc] - ia s decompiler for Code Virtualizer 1.3.8 (Oreans).
*[https://github.com/67-6f-64/AntiOreans-CodeDevirtualizer AntiOreans-CodeDevirtualizer] - is a proof-of-concept devirtualization engine for Themida/Oreans-CodeDevirtualizer.
=====Enigma Protector=====
*[https://github.com/mos9527/evbunpack evbunpack] - is a Enigma Virtual Box Unpacker. Supported versions: 11.00, 10.70, 9.70, and 7.80.
======OllyDbg Scripts======
*[https://github.com/ThomasThelen/OllyDbg-Scripts/blob/master/Enigma/Enigma%20Protector%201.90%20-%203.xx%20Alternativ%20Unpacker%20v1.0.txt Enigma Protector 1.90–3.xx Unpacker]
*[https://github.com/ThomasThelen/OllyDbg-Scripts/blob/master/Enigma/Enigma%20Protector%204.xx%20VM%20API%20Fixer%20v0.5.0.txt Enigma Protector 4.xx VM API Fixer]
=====Generic Code Virtualizer=====
*[https://github.com/jnraber/VirtualDeobfuscator VirtualDeobfuscator] - is a reverse engineering tool for virtualization wrappers.
*[https://gdtr.wordpress.com/2012/10/03/decv-a-decompiler-for-code-virtualizer-by-oreans/ decv] - [blog post] a decompiler for Code Virtualizer by Oreans.
====Binary PE Analysis / Editor (Windows)====
*[https://binary.ninja/ Binary Ninja] - reverse-engineering platform that can disassemble a binary and display the disassembly in linear or graph views.
::Binary Ninja Scripts/Plugins/Extension
:::*[https://github.com/ergrelet/themida-unmutate-bn themida-unmutate-bn] - a Binary Ninja plugin to deobfuscate Themida, WinLicense and Code Virtualizer 3.x's mutation-based obfuscation.
:::*[https://github.com/ergrelet/themida-spotter-bn themida-spotter-bn] - a Binary Ninja plugin to detect Themida, WinLicense and Code Virtualizer's obfuscated code locations.
*[https://www.nsa.gov/resources/everyone/ghidra/ Ghidra] - Ghidra is an open source software reverse engineering (SRE) framework developed by NSA's [https://www.nsa.gov/what-we-do/research/ Research] Directorate for NSA's [https://www.nsa.gov/what-we-do/cybersecurity/ cybersecurity mission].
*[https://www.hopperapp.com/ Hopper] - Hopper can use LLDB or GDB, which lets you debug and analyze the binary in a dynamic way (only for Mac and Linux hosts, not for mobile devices).
*[https://www.ollydbg.de/ OllyDbg] - is a powerful, user-friendly 32-bit Windows debugger focused on binary analysis, reverse engineering, and malware research, featuring dynamic code analysis and a rich plugin ecosystem.
::OllyDbg Scripts/Plugins/Mods
:::*[https://github.com/ThomasThelen/OllyDbg-Scripts OllyDbg-Scripts] - is a curated list containing many older x86 OllyDbg scripts.
*[https://x64dbg.com/ x64dbg] - Is a powerful Open Source Ollydbg replacement with a User Interface very similar to Ollydbg also x64dbg as the name states offers x64 support.
*[https://github.com/sensepost/objection objection] - is a runtime mobile exploration toolkit, powered by Frida, built to help you assess the security posture of your mobile applications, without needing a jailbreak.
*[https://github.com/EntySec/SeaShell SeaShell] - is an iOS post-exploitation framework that enables you to access the device remotely, control it and extract sensitive information.
*[https://github.com/mingyuan-xia/AppAudit AppAudit] - is an efficient program analysis tool that detects data leaks in mobile applications. It can accurately find all leaks within seconds and ~200 MB memory.