flat assembler
Message board for the users of flat assembler.

Index > Heap > Bukowski Project: open-source x86 obfuscator

Author
Thread Post new topic Reply to topic
MazeGen



Joined: 06 Oct 2003
Posts: 977
Location: Czechoslovakia
MazeGen
For those interested in binary code manipulation/obfuscation, Anthony Lopes is working on interesting open-source obfuscator:

http://sourceforge.net/projects/bukowski/

http://bukowski-framework.blogspot.com/

Yes, Anthony plays with viruses, but his goal is not to spread a real virus - it is just a way how to implement his research.

BTW, Bukowski's disassembler is build on my XML x86 reference.
Post 20 Apr 2009, 10:38
View user's profile Send private message Visit poster's website Reply with quote
revolution
When all else fails, read the source


Joined: 24 Aug 2004
Posts: 17348
Location: In your JS exploiting you and your system
revolution
Obfuscation. Isn't that like xor eax,eax? Don't let tom tobias see this.
Post 20 Apr 2009, 10:47
View user's profile Send private message Visit poster's website Reply with quote
vid
Verbosity in development


Joined: 05 Sep 2003
Posts: 7105
Location: Slovakia
vid
I bet Tom himself is pretty good source code obfuscator, by using oververbose comments on everything Wink
Post 20 Apr 2009, 13:46
View user's profile Send private message Visit poster's website AIM Address MSN Messenger ICQ Number Reply with quote
Borsuc



Joined: 29 Dec 2005
Posts: 2466
Location: Bucharest, Romania
Borsuc
This is an example of astonishing obfuscation:

Code:
mov eax, 0
jmp instruction2
db 'The previous instruction puts 0 in the eax register, which is then followed by a jmp that jumps over this string description.'

instruction2:
add ecx, ebx
jmp instruction3

db 'The previous instruction adds ebx to ecx via the ''add'' instruction, and is obviously, followed by a jmp instruction to skip this string.'

instruction3:
inc ecx
jmp instruction4

db 'The previous instruction further increases ecx by 1. Maybe inc isn''t as obfuscated, I should have used ''add ecx, 1'' instead? Not sure.'

instruction4:
...    
Post 23 Apr 2009, 00:09
View user's profile Send private message Reply with quote
shoorick



Joined: 25 Feb 2005
Posts: 1606
Location: Ukraine
shoorick
Code:
...
instruction2: ; this is the label "instruction2" (do not mix with "instruction_2"!)
...    
Post 23 Apr 2009, 09:37
View user's profile Send private message Visit poster's website Reply with quote
tom tobias



Joined: 09 Sep 2003
Posts: 1320
Location: usa
tom tobias
...
Very Happy
Post 27 Apr 2009, 11:40
View user's profile Send private message Reply with quote
comrade



Joined: 16 Jun 2003
Posts: 1137
Location: Russian Federation
comrade
Is this for real?

FASM macros can be used to obfuscate really well:
http://comrade.ownz.com/docs/fasm.html#obfuscation
Post 30 Apr 2009, 03:37
View user's profile Send private message Visit poster's website AIM Address Yahoo Messenger MSN Messenger ICQ Number Reply with quote
Display posts from previous:
Post new topic Reply to topic

Jump to:  


< Last Thread | Next Thread >
Forum Rules:
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum
You can attach files in this forum
You can download files in this forum


Copyright © 1999-2020, Tomasz Grysztar. Also on YouTube, Twitter.

Website powered by rwasa.