Open-source tooling for reverse engineering and deobfuscation.
msynth is a deobfuscation framework for simplifying Mixed Boolean-Arithmetic (MBA) expressions. It primarily uses a precomputed oracle (lookup tables clustered into equivalence classes) to rewrite MBA-heavy AST subtrees quickly, and can fall back to stochastic program synthesis when lookup-based simplification is insufficient. It’s built on Miasm, can optionally validate simplifications with an SMT solver, and is designed to integrate into symbolic-execution pipelines as well as standalone experiments.
Obfuscation Detection is a Binary Ninja plugin that helps you triage large binaries by flagging functions with unusual or complex structure. It runs a portfolio of lightweight heuristics (e.g., CFG complexity, flattening/state-machine patterns, uncommon instruction sequences, overlapping/disaligned instructions, entropy/RC4 markers, loop-based patterns) and surfaces the top-ranked hotspots for manual inspection. Works in both the UI and headless mode.
Obfuscation Analysis is a Binary Ninja plugin focused on making protected code more readable once you’ve identified where to look. It provides targeted helpers for common analysis roadblocks: MBA simplification directly in the decompiler view, detection/removal of corrupted functions that break disassembly, and recursive decompiler-level function inlining to improve propagation and cleanup across call boundaries. Designed to run efficiently as background tasks with robust error reporting.
ReverserAI is a research-oriented Binary Ninja plugin exploring offline LLM assistance for reverse engineering. The current feature set focuses on context-aware function renaming: it feeds decompiler output plus static context (e.g., strings, API usage, symbols) into a locally-hosted model to propose semantically meaningful names—without sending code to the cloud. It is intended as a practical baseline and a playground for extending local AI-assisted workflows (and potentially other RE platforms).