xorhex logo


Focus on Threat Research Things.

Z3 Solver Simplifying String Decryption

Notes on using Z3 Solver to simplify string deobfuscation


8-Minute Read

Z3 Simplifying String Decryption Blog Header Picture

Z3 Solver aids in simplifying deobfuscation techinques. This post covers 2 example use cases where a convoluted string decryption routine is broken down and simplified into a single XOR operation. Z3 is used to prove that the extra parts of the decryption routine cancel each other out.

Self Improving IDAPro

Adding new right click menu options to IDAPro


5-Minute Read

IDA Plugin Context Menu Plugin Blog Header Picture

IDA plugins empower reverse engineers by enabling custom IDAPro functionality. Context hooks are a type of plugin which allows for customization of IDAPro’s right click menus. Having a premade context hook script template makes it really simple to quickly customize IDA’s user interface (UI). This article covers what a basic template might look like for adding items to IDA’s context menu and walks through a quick example of attaching a python script to it. This post assumes…

Recent Posts



Hosting my custom tools, threat research, and general reverse engineering notes.