Finally I had the time to make the repo public. Here is my latest side project: Sacara, a VM based language useful to obfuscate code. #reverseengineering #vm #assemblyhttps://github.com/enkomio/sacara
These things are fun, but I don't see much obfuscation in yours - I only see complexity to wade through and write tools one time. The VM instruction set looks RE-friendly (retains unnecessary detail), no randomization, and only encryption of operands to a hard-coded key. Right?
-
-
maybe the word obfuscation is a bit misleading here :) the VM implements other protections, like multiple representation for the same instruction (choosed randomly), stack is "encrypted"...
-
Missed that. Do "multiple representation for the same instruction" make decompilation harder? If it's reliable many-to-one mapping back, no. To make it unreliable you'd translate one original insn into a sequence of primitive insns (e.g. NORs), blurring original insn boundaries.
End of conversation
New conversation -
-
-
...vm handlers are not referenced directly and the code is executed each time in a newly allocated memory space. It is still in its first release, hope to add more checks with time :)
Thanks. Twitter will use this to make your timeline better. UndoUndo
-
-
-
the key is partially hard-coded, it depends also on the VM IP offset, this should increase the difficulty in disassembling a piece of code chosen randomly
Thanks. Twitter will use this to make your timeline better. UndoUndo
-
Loading seems to be taking a while.
Twitter may be over capacity or experiencing a momentary hiccup. Try again or visit Twitter Status for more information.