Techly NewsGet the app

Get the latest tech news

GoStringUngarbler: Deobfuscating Strings in Garbled Binaries


We discuss how threat actors protect malware with garble obfuscation, and the process of automatically deobfuscating it.

This tool can streamline the reverse engineering process by producing a deobfuscated binary with all strings recovered and shown in plain text, thereby simplifying static analysis, malware detection, and classification. Because of this setup, subroutines of this transformation type are easily recognizable in the decompiler and disassembly views due to the multiple function calls it makes in the decryption process. The tool can deobfuscate and produce functionally identical executables with recovered strings stored in plain text, improving both reverse engineering analysis and malware detection workflows.

Get the Android app

Or read this on Hacker News

Read more on:

Photo of strings

strings

Photo of garbled binaries

garbled binaries

Photo of gostringungarbler

gostringungarbler

Related news:

News photo

Pro tip - skip the new iPhone and score 25% OFF the Google Pixel 9 at Best Buy, no strings attached!

News photo

This last-minute Galaxy S25 preorder deal gets you a FREE pair of Galaxy Buds 3 Pro earbuds, no strings attached

News photo

F-strings for C++26 proposal [pdf]

« Do age-verification laws work? Not according to this study.
PipeWire 1.4 Released With MIDI 2.0 Support & Other New Features »