- The Ryujin console can now include the Ryujin core through a dedicated header file.
- Exporting is now standardized using a definition file.
- The project's compiled output is now placed in a folder named compiled, organized by the desired configuration (Release or Debug).
- Some code organization improvements have been made.
- Ryujin now includes a component called Core, where the main obfuscator logic resides. It functions as an independent library that can be used anywhere.
- RyujinConsole now operates by loading the RyujinCore library to run the obfuscator.
- This is a preparation step for additional Ryujin components, such as a future Ryujin GUI and more features like passes and advanced obfuscation options.
- The "Encrypt Obfuscated Code" feature is now complete, using a new encryption algorithm called TeaDelKew, which is based on XTEA, to encrypt all obfuscated code and decrypt it at the entry point before execution.
- Some code improvements were also made.
- The encryption feature in Ryujin is now fully implemented and functional. Currently, it uses a simple XOR-based algorithm for encryption and decryption. This approach will be improved in the future to enhance security.
- The feature overrides the Original Entry Point (OEP) with a new stub that decrypts all obfuscated code at runtime, then transfers control to the original entry point to continue normal execution.
- Started working on the logic to obfuscate opcodes in the Ryujin section to prevent static analysis. This is just the initial groundwork for the feature.
- Ryujin MiniVM now supports dynamic register values, allowing it to store immediate values and registers using dual arguments: the first as the register operand (argument one) and the VM bytecode as the second (argument two).
- Code improvements and bug fixes.
- Ryujin can now interpret MiniVM bytecode. It inserts the MiniVM entry routine's RVA to enable execution of the VM interpreter.
- This is just the initial implementation and will be significantly improved in future commits. We're pushing our first working solution for now.
- Ryujin can now locate candidate instructions, convert them into VM bytecode, and insert the MiniVM entry point to enable execution of these bytecodes.
- Minor bug fixes.
- Ryujin can now generate dynamic junk code instructions that are truly random on every iteration.
- Fixed several constants used in junk code obfuscation.
- Implemented the base for Junk Code dynamic generation.
- Implemented logic for ZydisRegister to GP register conversion.
- Fixed a heuristic analysis feature that stored unused stack registers.
- Ignored reserved stack registers.
- Increased the number of obfuscation passes.
- Completed the core Junk Code Insertion feature.
-Translated comments.
- Made minor code improvements.
- Planned future enhancements for the Junk Code Insertion feature.
- Some parts of the code have been organized.
- A new obfuscation option to encrypt the obfuscated code is now available.
- The foundation for junk code insertion has been implemented.
- Completed the implementation of the IAT obfuscation logic.
- Integrated AsmJit-based code emission for obfuscation.
- Obfuscated the PEB and its offset entries to evade automated scanning.
- Added a randomized algorithm to generate a unique key for each iteration.
- Implemented runtime polymorphic IAT resolution to disrupt disassemblers and decompilers.
- Initial IAT obfuscation feature, Ryujin can now obfuscate the IAT for the configured procedures.
- New basic block context generation.
- Bug fixes.
- Improved obfuscation logic for better organization.
- Now Ryujin removes all the original procedure code after obfuscation.
- Now Ryujin redirects the original procedure to the correct obfuscated location for execution.
- Now Ryujin can handle multiple procedures at once and their relocation, organizing each obfuscated procedure sequentially in the new section.
- Fixed the bug in "RyujinObfuscationCore::fix_branch_near_far_short" that could break in some unexpected branching cases.
- Now after processing the obfuscated opcodes the ryujin can fix all the relocations for the obfuscated code turning this code valid again after obfuscating considering all possible relocation cases.
- The section generator was been improved as well
- The logic to handle obfuscated opcodes and function is also improved.
- Some unused field for our logic has been removed.
- Finished the logic for add new segments.
- Moved the segments code to a independent class for PESections.
- New method utils.
- Bug fixies.
- Code organization.
- Adding a new option on obfuscator for IAT obfuscation support.
- Adding a new logic to randomize section names.
- Adding the initial logic to add a new section in the PE file. and writing some ideas and some things to be able to continue the logic in a correct way.
