Romain Thomas romainthomas

## hint_instruction.py
#
# Show a hint when the user has his mouse on an instruction
#
import idaapi
import idautils

class Hooks(idaapi.UI_Hooks):
    def get_custom_viewer_hint(self, view, place):
        insn = idautils.DecodeInstruction(place.toea())
        if insn:

## callback_register.py
#
# Callback when the user click on a register
#

from idaapi import *

def extract_reg(line, cx):
    linelen = len(line)
    if cx >= linelen:
        return

## hint_register.py
#
# Show a hint when the user's mouse is on a register
#
from idaapi import *
import idautils

def extract_reg(line, cx):
    linelen = len(line)
    if cx >= linelen:
        return

## window.py
#!/usr/bin/env python3
import time
import ctypes

annoying_list = [
    'Alerte de Symantec',
]

while True:
  buffer_window = ctypes.c_char_p(bytes(200*4))

## libshellx_recover.py
#!/usr/bin/env python

import lief

shellx = lief.parse("libshellx-2.10.3.1.so")


# .dynsym
dt_symtab = shellx[lief.ELF.DYNAMIC_TAGS.SYMTAB]
dynsym_section = shellx.get_section(".dynsym")

## bin2lib.py
#!/usr/bin/env python3.6
import lief
import pathlib
from lief.ELF import Symbol

from lief import Logger
Logger.set_level(lief.LOGGING_LEVEL.INFO)

CURRENT_DIR = pathlib.PosixPath(".").resolve().as_posix()

## frida_inject.py
import frida
DEVICE = frida.get_usb_device()

def inject_spawn(package, library):
    pid = DEVICE.spawn([package])
    print(f"{package}:{pid:d}")

    with open(library, "rb") as library_file:
        library_blob = library_file.read()
    DEVICE.inject_library_blob(pid, library_blob, "__my_init_func", "")

## qbdi_android.cpp

#include <iostream>
#include <iomanip>
#include <cstdlib>
#include <cstdint>
#include <cstring>
#include <jni.h>
#include <set>
#include "LIEF/ELF.hpp"

## Arybo_mba.py
import arybo.lib.mba_exprs as EX
import sys
def f(x):
    v0 = ((x & 343337308) ^ 0xFFFFFFFF) & (x | 343337308)
    return v0

mba32 = MBA(32)
X = mba32.var('X')
res = f(X)
VD = res.vectorial_decomp([X])

## jadx.patch
diff --git a/jadx-core/src/main/java/jadx/core/Jadx.java b/jadx-core/src/main/java/jadx/core/Jadx.java
index 91ea0905..175b73ed 100644
--- a/jadx-core/src/main/java/jadx/core/Jadx.java
+++ b/jadx-core/src/main/java/jadx/core/Jadx.java
@@ -47,6 +47,9 @@ import jadx.core.dex.visitors.shrink.CodeShrinkVisitor;
 import jadx.core.dex.visitors.ssa.SSATransform;
 import jadx.core.dex.visitors.typeinference.TypeInferenceVisitor;

+// Deobfuscation passes
+import jadx.core.dex.visitors.deobf.DecodeStrings;
	#
	# Show a hint when the user has his mouse on an instruction
	#
	import idaapi
	import idautils

	class Hooks(idaapi.UI_Hooks):
	def get_custom_viewer_hint(self, view, place):
	insn = idautils.DecodeInstruction(place.toea())
	if insn:
	#
	# Callback when the user click on a register
	#

	from idaapi import *

	def extract_reg(line, cx):
	linelen = len(line)
	if cx >= linelen:
	return
	#
	# Show a hint when the user's mouse is on a register
	#
	from idaapi import *
	import idautils

	def extract_reg(line, cx):
	linelen = len(line)
	if cx >= linelen:
	return
	#!/usr/bin/env python3
	import time
	import ctypes

	annoying_list = [
	'Alerte de Symantec',
	]

	while True:
	buffer_window = ctypes.c_char_p(bytes(200*4))
	#!/usr/bin/env python

	import lief

	shellx = lief.parse("libshellx-2.10.3.1.so")


	# .dynsym
	dt_symtab = shellx[lief.ELF.DYNAMIC_TAGS.SYMTAB]
	dynsym_section = shellx.get_section(".dynsym")
	#!/usr/bin/env python3.6
	import lief
	import pathlib
	from lief.ELF import Symbol

	from lief import Logger
	Logger.set_level(lief.LOGGING_LEVEL.INFO)

	CURRENT_DIR = pathlib.PosixPath(".").resolve().as_posix()
	import frida
	DEVICE = frida.get_usb_device()

	def inject_spawn(package, library):
	pid = DEVICE.spawn([package])
	print(f"{package}:{pid:d}")

	with open(library, "rb") as library_file:
	library_blob = library_file.read()
	DEVICE.inject_library_blob(pid, library_blob, "__my_init_func", "")

	#include <iostream>
	#include <iomanip>
	#include <cstdlib>
	#include <cstdint>
	#include <cstring>
	#include <jni.h>
	#include <set>
	#include "LIEF/ELF.hpp"
	import arybo.lib.mba_exprs as EX
	import sys
	def f(x):
	v0 = ((x & 343337308) ^ 0xFFFFFFFF) & (x \| 343337308)
	return v0

	mba32 = MBA(32)
	X = mba32.var('X')
	res = f(X)
	VD = res.vectorial_decomp([X])
	diff --git a/jadx-core/src/main/java/jadx/core/Jadx.java b/jadx-core/src/main/java/jadx/core/Jadx.java
	index 91ea0905..175b73ed 100644
	--- a/jadx-core/src/main/java/jadx/core/Jadx.java
	+++ b/jadx-core/src/main/java/jadx/core/Jadx.java
	@@ -47,6 +47,9 @@ import jadx.core.dex.visitors.shrink.CodeShrinkVisitor;
	import jadx.core.dex.visitors.ssa.SSATransform;
	import jadx.core.dex.visitors.typeinference.TypeInferenceVisitor;

	+// Deobfuscation passes
	+import jadx.core.dex.visitors.deobf.DecodeStrings;