Ok, I had some time to read the new paper on MBA deobfuscation: usenix.org/conference/use…

TL;DR Cool stuff and great contribution, but tarnished by some omissions that make it seem to have a bigger impact and general applicability than it really has, imho.

A thread 🧵 First things first. I don't consider myself an expert, but I'm quite familiar with academic literature regarding MBA (de)obfuscation. This paper constitutes great research, provides a novel proof and offers promising results.

🔥 #AdventOfReversing 1/24 🔥
Get dirty as soon as possible. Don't fall into thinking you are not ready. Sure, you will be confused by many things at first. That's fine! I used to confuse sections and segments when I started. Keep pushing, and things will become clear naturally. 🔥 #AdventOfReversing 2/24 🔥
Get used to (re)name *everything* in your disassembler. You might be able to mentally track data across registers and memory for small crackmes w/ easy control flow, but this does not scale at all. Unclutter your mind. Make your life easier.

📢Just published my Maths & CS BSc thesis:
📄"Code deobfuscation by program synthesis-aided simplification of Mixed Boolean-Arithmetic expressions".

Serves as an intro/review to:
- Code (de)obfuscation
- MBA expressions
- Program synthesis

👉github.com/arnaugamez/tfg First @radareorg r2syntia prototype was developed in the context of this work. Now it has already been slightly improved and it is being updated and maintained here, in case you are interested: github.com/arnaugamez/r2s…