Sometimes, diffing can remove obfuscation (albeit rarely)
 Halvar Flake (halvar) <halvar flake sabre-securitycom> |
Friday, December 26 2008 12:31.00 CST |
Hey all,
apologies for the sensationalist title, but I found another amusing example today where the same function was present in two different executables -- in two differently obfuscated forms. Amusingly, DiffDeluxe identified the "common components" between these two functions, effectively removing a lot of the obfuscation.
While this is clearly not a typical case, it nonetheless made me smile.
Merry Christmas everyone !
Comments
| Posted: Wednesday, December 31 1969 18:00.00 CST | |