Question 1

How do I install and compile demovfuscator on Ubuntu?

Accepted Answer

Install libcapstone, libz3, and libkeystone via package manager, then run 'make' in the demov directory. The README notes you might need to adjust library include paths for your distro.

Question 2

Demovfuscator vs generic deobfuscators: which should I use?

Accepted Answer

Demovfuscator is specialized for M/o/Vfuscator obfuscation using SMT solvers, while tools like de4dot target .NET or UnpacMe handle packers. Use demovfuscator only for movfuscated binaries due to its formal approach.

Question 3

Can demovfuscator analyze binaries with additional packing layers?

Accepted Answer

No, it only works on movfuscated code; you'd need to unpack or deobfuscate other layers first. The tool focuses solely on recovering control flow from MOV-based obfuscation.

Question 4

What's the performance like with the SMT solver?

Accepted Answer

SMT solving can be computationally intensive for large binaries, potentially slowing analysis. The README doesn't specify benchmarks, so expect variable runtime based on code complexity.

Question 5

How do I use the DOT output graph from demovfuscator?

Accepted Answer

Convert the .dot file to an image using 'dot -Tpng > cfg.png', as per the README. This visualizes the recovered control flow graph for easier manual inspection.

Question 6

Is demovfuscator still maintained or updated?

Accepted Answer

The README links to a bachelor's thesis from 2016 and a 'very old' binary, suggesting limited recent updates. Check the GitHub repository for any new commits or forks.

demovfuscator

What is demovfuscator?

Overview

Use Cases

Best For

Related Projects

Found a gem we're missing?

Not Ideal For

Pros & Cons

Pros

Cons

Frequently Asked Questions