RSS
Логотип
Баннер в шапке 1
Баннер в шапке 2

Ariadne deobfuskator

Product
Developers: Group-IB (Group of information security)
Date of the premiere of the system: December, 2011

The similar solution has no analogs and allows experts in the field of the return engineering quickly and to effectively investigate the operation algorithms of programs protected from the analysis.

Deobfuskator Ariadne represents generic collection of tools (framework) which allows to save significantly time at a research of the principles of work of the various software. Using Ariadne, it is possible to read and modify executable files, to transfer their machine code to character designations and even to transform a part of the code to intermediate representation, convenient for the analysis. The new framework is simplest in application and is easily built in other products. For example, today there is already a plug-in for a popular disassembler of IDA.

However the main feature of Ariadne is existence of a number of original algorithms of optimization, using which, it is possible to simplify significantly the code protected using obfuscation methods. The unique AIR Wave Deobfuscation Technology technology which is not based on any structural template codes allows "wash away" a senseless set of instructions and variables used by creators of the program for complication of the source code. At the same time high quality of a deobfuskation without use of ultraboundary computing resources is provided. The technology of disentangling of the code was created specially taking into account need of practical application on widespread configurations of personal computers.

Thus, the framework of Ariadne integrates in itself at once several tools which allow specialists in the field of the return engineering quickly to analyze operation algorithms of the studied programs. Also Ariadne can be used during creation of own software solutions or program protection.