xorhex logo

xorhex

Focus on Threat Research Things.

Z3 Solver Simplifying String Decryption

Notes on using Z3 Solver to simplify string deobfuscation

xorhex

8-Minute Read

Z3 Simplifying String Decryption Blog Header Picture

Z3 Solver aids in simplifying deobfuscation techinques. This post covers 2 example use cases where a convoluted string decryption routine is broken down and simplified into a single XOR operation. Z3 is used to prove that the extra parts of the decryption routine cancel each other out.

Self Improving IDAPro

Adding new right click menu options to IDAPro

xorhex

5-Minute Read

IDA Plugin Context Menu Plugin Blog Header Picture

IDA plugins empower reverse engineers by enabling custom IDAPro functionality. Context hooks are a type of plugin which allows for customization of IDAPro’s right click menus. Having a premade context hook script template makes it really simple to quickly customize IDA’s user interface (UI). This article covers what a basic template might look like for adding items to IDA’s context menu and walks through a quick example of attaching a python script to it. This post assumes…

Recent Posts

Categories

About

Hosting my custom tools, threat research, and general reverse engineering notes.