somalifuscatorv2 full deobfuscation

[zebwhy]

https://www.youtube.com/watch?v=AhkB1R-yG_c

[github-actions]

If you need fast help join the server https://discord.gg/qvkC6kHqer

[KingKDot]

https://www.youtube.com/watch?v=AhkB1R-yG_c

That's only for symbol deobfuscating. Let's see you do the entire thing.

[KingKDot]

Let's see it deobf V3 lmao

[zebwhy]

https://www.youtube.com/watch?v=AhkB1R-yG_c

That's only for symbol deobfuscating. Let's see you do the entire thing.

Some of the obfuscation method's are not in the free version.

[zebwhy]

Let's see it deobf V3 lmao

If you don't mind giving me a obfuscated SomalifuscatorV3 file, I'll gladly try and see if I can deobfuscate it.

[zebwhy]

https://www.youtube.com/watch?v=GNdxYgCnmys

My deobfuscator still work's with somalifuscator v2 (max settings). Also I am not using smart screen since it doesn't really work but it seem's not really that important. Also can't use super obf since it's in the paid version of somalifuscator v2.

[KingKDot]

Let's see it deobf V3 lmao

If you don't mind giving me a obfuscated SomalifuscatorV3 file, I'll gladly try and see if I can deobfuscate it.

It's not finished yet but when it is I'll lyk

[KingKDot]

Post your deobf src while your at it too

[zebwhy]

Sorry taking a lil bit was doing something.
Don't mind the deobfuscator code it's bad code but it work's.

import time

input_file = open("test_obf.bat").readlines()

print("Deobfuscating...")

start_time = time.time()

programs = {
    "commonprogramfiles": r"C:\Program Files\Common Files",
    "commonprogramfiles(x86)": r"C:\Program Files (x86)\Common Files",
    "commonprogramw6432": r"C:\Program Files\Common Files",
    "pathext": r".COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH;.MSC",
    "driverdata": r"C:\Windows\System32\Drivers\DriverData",
    "programfiles": r"C:\Program Files",
    "programfiles(x86)": r"C:\Program Files (x86)",
    "public": r"C:\Users\Public",
    "__appdir__": r"C:\WINDOWS\system32",
    "kdot": ""
}
programs_list = list(programs.items())

set_code = []
deobfuscated_code = []

# Functions

def isInSetCodeArray(name):
    for i in range(len(set_code)):
        split_set_code = set_code[i].split("=")
        first = split_set_code[0]
        if first.lower() == name.lower():
            return True
    return False
def decode_other_string(string):
    stringSplit = string.split("%")
    result = ""

    for i in range(len(stringSplit)):
        otherStringSplit = stringSplit[i].split(":")

        try:
            first = stringSplit[i]
            second = stringSplit[i + 1]
            second_1 = second[0]
            second_2 = second[1]
            if second_1 == "=" and second_2 == "=":
                result += "%" + first + "%" + second
        except:
            pass

        name = otherStringSplit[0].lower()

        if name == " ":
            result += " "

        if len(stringSplit[i]) < 3 and not name == " ":
            for i in range(len(set_code)):
                split_set_code = set_code[i].split("=")
                first = split_set_code[0]
                second = split_set_code[1]
                if first.lower() == name.lower():
                    result += second
                    break

            if not isInSetCodeArray(name):
                result += name

        for i in range(len(programs_list)):
            program_name = programs_list[i][0]
            if name == program_name:
                value = 0

                try:
                    number = otherStringSplit[1].lower().replace("~", "").split(",")[0]
                    value = programs[program_name][int(number)]
                except:
                    pass

                result += str(value)

                break

    if len(result) > 1:
        return result + "\n"
    else:
        return None

def decode_string(string):
    stringSplit = string.split("%")
    result = ""

    for i in range(len(stringSplit)):
        otherStringSplit = stringSplit[i].split(":")
        name = otherStringSplit[0].lower()

        for i in range(len(programs_list)):
            program_name = programs_list[i][0]
            if name == program_name:
                return False

    for i in range(len(stringSplit)):
        if len(stringSplit[i]) > 1:
            continue
        else:
            result += stringSplit[i]

    if result == "goto ":
        result = "\ngoto %ans%\n"

    resultSplit = result.split(" ")

    if resultSplit[0] == "for":
        set_code.append(result.split('"')[1])

        resultSplit[1] = " /L %%i "
        resultSplit[2] = "in "
        resultSplit[6] = " do "
        resultSplit[9] = " " + resultSplit[9]
        resultSplit[10] = ")\n"

        result = ""

        for i in range(len(resultSplit)):
            result += resultSplit[i]
    elif resultSplit[0] == "set" and resultSplit[1] == "/a":
        result = result + "\n"
    elif resultSplit[0] == "set":
        try:
            resultSplit[2]
        except:
            set_code.append(result.split('"')[1])
            result = "\n" + result + "\n"
            pass
    return result

input_file[1] = ""

print("Stage 1 - Removing junk code...")

# Stage 1 - (junk code removal)
for i in range(len(input_file)):
    if input_file[i].__contains__("::"):
        input_file[i] = ""

print("Stage 2 - Deobfuscating fake code...")

# Stage 2 - (fake code deobfuscation)
for i in range(len(input_file)):
    decoded_string = decode_string(input_file[i])
    if decoded_string:
        input_file[i] = decoded_string

# Stage 1/2 - (get kdot value)
for i in range(len(input_file)):
    input_split = input_file[i].split("=")
    if input_split[0] == "set KDOT":
        kdot_value = input_split[1].replace("\n", "")
        programs["kdot"] = kdot_value
        programs_list = list(programs.items())

print("Stage 3 - Deobfuscating real code...")

# Stage 4 - (real code deobfuscation)
for i in range(len(input_file)):
    decoded_string = decode_other_string(input_file[i])
    if decoded_string:
        deobfuscated_code.append(decoded_string)
        input_file[i] = decoded_string

end_time = time.time() - start_time

print("Deobfuscated! ({} seconds)".format(end_time))

output_file = open("output.bat", "w", encoding="utf-8")
output_file.write("".join(input_file))
output_file.close()

output_file = open("deobfuscated.bat", "w", encoding="utf-8")
output_file.write("".join(deobfuscated_code))
output_file.close()

[KingKDot]

this why I gotta add DCG and have runtime functions but making a lexer that isn't ass fucking sucks

[KingKDot]

gl on next version tho

[zebwhy]

this why I gotta add DCG and have runtime functions but making a lexer that isn't ass fucking sucks

gl on next version tho

Yeah, well good luck and thank you.

[HydraDragonAntivirus]

Why video is hidden. Except new ones.