Skip to content

UMSKT/peacestone

BranchesTags

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

13 Commits
README.md
README.md
 
 
notes.txt
notes.txt
 
 
notes2.txt
notes2.txt
 
 
obf_block_data.hexpat
obf_block_data.hexpat
 
 
peacestone.py
peacestone.py
 
 
requirements.txt
requirements.txt
 
 
sppsvc.yml
sppsvc.yml
 
 

Repository files navigation

peacestone

The antithesis of the WARBIRD obfuscator (Vista-7 only).

Join our Zulip chat to discuss findings made with this tool!

Installation/Usage

  1. Run pip install --user -r requirements.txt
  2. Download rootfs from here. Extract rootfs/Windows to the peacestone folder.
  3. Place the program to be deobfuscated in the peacestone folder.
  4. Place the corresponding PDB file for the program in the same folder. Ensure the PDB has the same name as the program.
  5. Run python peacestone.py <program to deobfuscate>
  6. Enjoy!

Notes

This program has only been tested on files from Windows Server 2003 KMS Server version 1.0. If you encounter any bugs with other files, feel free to report them.

Special Thanks

  • Guy who compiled every single activation library into sppsvc.exe for no reason
  • Guy who forgot to remove WARBIRD symbols and encrypted function symbols from the public PDB
  • Guy(s) who left the PDBs up for 17 years

About

Defeating WARBIRD obfuscation with one stone

Resources

Readme
Activity
Custom properties

Stars

43 stars

Watchers

4 watching

Forks

3 forks
Report repository

Releases

No releases published

Packages

No packages published

Languages