Log in

View Full Version : Ariadne framework and deobfuscator

Dmitry
December 27th, 2011, 02:27
http://ariadne.group-ib.ru/ ("http://ariadne.group-ib.ru/")

Info from site:

Quote:
Ariadne is a framework for everyone involved in reverse engineering and related tasks (virus analysis, software protection and its analysis, forensics, and so on). Developing the code which solves tedious routine tasks could take up to 80% of the project time! Moreover there is a risk to make one or more of the typical mistakes while writing this code. Fixing of these bugs could be a long and unpleasant process. Ariadne will help a reverse engineer to save his own time and creative potential for the truly innovative tasks!
Ariadne deobfuscation technology was initially developed for the practical usage on the ordinary computers. It is not so resource-demanding but provides acceptable deobfuscation quality. AIR Wave Deobfuscation Technology is not based on patterns or signatures. It’s a generic technology and not something tailored to a certain obfuscator. Moreover, it is always possible to use the Ariadne API to improve our deobfuscation techniques or adjust them for a certain obfuscation type.



http://www.youtube.com/watch?feature=player_embedded&v=LXsf4Eg-hxY
bilbo
January 15th, 2012, 07:07
That's really impressive, and the programmer interface is very well documented and architected.
I suspect this toy will become soon a new standard for reversing jobs.

Unfortunately until now I had the time to work only on SAMPLE1 (which I compiled without problem with VisualStudio6) and I could not be able to iterate the optimizer steps (at start of each of the 12 loops I used AidDisassembleRva instead of AidDisassemble, according to manual), but I'll try again as soon as I can... I suspect I 'm missing some function to store the optimization steps, I didn't read in deep the manual...

Best regards
bilbo
rendari
February 7th, 2012, 04:51
Their website is down. Googling around I found a tutorial which might interest people:
http://ariadne-project.blogspot.com/2011/12/lesson-1-how-to-play-with-ariadne-ida.html

But no alternative download link
Darkelf
February 8th, 2012, 09:37
@rendari

it's not. For me, the website is accessible without problems.
I'm uploading a copy of the demo + all the plugins to the CRCETL right now.
I will post the link here when it's done.

edit: done. see here: http://www.woodmann.com/collaborative/tools/Ariadne
If it was wrong to upload it to the CRCETL although there exists a direct download, please exchange the binaries with the direct download links.

Best regards
darkelf
rendari
February 8th, 2012, 14:49
Thanks you very much darkelf!