What is Obfuscation?
Obfuscation is the process in which code becomes less clear, to the point of being unreadable.
Obfuscation is often used by code authors to protect their intellectual property or prevent tampering. Cybercriminals also use obfuscation as a way to hinder investigations into their attacks.
Security researchers often come across obfuscated attacks, which they have to first deobfuscate in order to investigate fully. There are many online deobfuscation tools, but none of them is a comprehensive solution. This leaves a lot of work to do manually.
How Does REstringer Help?
REstringer automates the deobfuscation process to minimize the need for manual intervention. This is achieved by analyzing the code’s syntax and detecting obfuscation structures within. Once detected, REstringer resolves the obfuscated code snippet and restores the string back to its original value.
The REstringer open source release consists of three separate tools, each building on the previous ones:
- flAST is a tool for analyzing and modifying code by its syntactic structure.
- Obfuscation Detector, true to its name, detects obfuscation in code by searching for known obfuscation structures.
- REstringer identifies and resolves generic and specific obfuscation structures back into their original string representations.
Who Can Use REstringer?
Anyone! But, it’s probably most useful to security professionals. This includes:
- Security researchers investigating suspicious code
- Incident responders investigating a digital skimming or other client-side attack
Knowledge-sharing is Power
Sharing knowledge and resources is one of the security community’s strengths and driving forces. Recognizing this, PerimeterX and HUMAN have made REstringer publicly available as an open source and online tool. Since its release last week, the tool has been well received by security professionals and obfuscation enthusiasts alike!
We at PerimeterX and HUMAN are always excited to share insights from the cutting edge of threat research. It’s what makes our network effect so powerful. Learn more about PerimeterX Code Defender to see how you can stay protected from digital skimming, Magecart, supply chain attacks and other client-side threats.
Want to nerd out with me? Check out my tech blog post to get all the technical details on my whys and hows in creating REstringer, the design decisions and the process through which I’m adding new capabilities to the tool.