- The disassembler and decompiler's break feature now supports multiple techniques, inspired by a talk from BinjaDev at Off by One Conf. I've researched new capabilities to expand on this idea. The code has also been significantly improved to be more efficient and dynamic, allowing for future enhancements.
- Updated README.md to include the new Memory Protection feature.
- Ryujin can now break decompilers and disassemblers using a simple technique. This feature was inspired by a talk from BinjaDev at Off by One Conf. It will definitely be improved in the near future with more techniques.
- Added the shellcode generation code as comments within the "AntiDump" stub for better context and understanding.
- Enhanced README.md with more detailed descriptions and an outline of planned future features.
- Begin work on the foundational structure for the "AntiDump" feature
- Introduced a new capability in Ryujin called "RyujinRunOncePass", which runs only on the first obfuscated function — ideal for volatile features
- Updated "RyujinCoreConfiguration" structures
- Updated "RyujinGUI" to include the "AntiDump" option
- Updated "RyujinConsole" to display the "AntiDump" feature
- Updated "README.md" accordingly
- Fixed a bug related to MSVC optimizations that broke Ryujin's relocation algorithm and its fix-up logic.
- Introduced a standardized FFI argument-passing method for Ryujin Core; the legacy method remains compatible.
- Ryujin GUI now fully supports the Anti-Debug features.
- Various minor bug fixes and improvements to project structure.
- Ryujin is now fully capable of detecting debuggers from both userland and kernel land.
- Ryujin inserts its detection stub without breaking application logic.
- Ryujin supports two modes:
- Troll – triggers a BSOD using a Microsoft Windows bug.
- Normal – simply calls NtTerminateProcess when a debugger is detected.
- This implementation can be improved in the future to handle more advanced detection methods, but it's good for now.
- Researching how to insert a safe stub to handle detections for anti-debugging and troll attempts as part of the TrollReversers feature.
- Currently, it only inserts a "Hello World" MessageBox in each procedure indicated to Ryujin.
- This stub is completely safe and does not break the original code logic or flow. It can be fully mutated and obfuscated when reanalyzing opcodes, making it fully compatible with all Ryujin features simultaneously.
- Started working on the initial concept and base implementation for AntiDebug detection.
- The goal is to use stealthy techniques (similar to Themida) to detect debugging attempts.
- An additional feature is being developed to troll reverse engineers by triggering a forced BSOD upon detection, causing them to lose their analysis progress.
- The Ryujin console can now include the Ryujin core through a dedicated header file.
- Exporting is now standardized using a definition file.
- The project's compiled output is now placed in a folder named compiled, organized by the desired configuration (Release or Debug).
- Some code organization improvements have been made.
- Ryujin now includes a component called Core, where the main obfuscator logic resides. It functions as an independent library that can be used anywhere.
- RyujinConsole now operates by loading the RyujinCore library to run the obfuscator.
- This is a preparation step for additional Ryujin components, such as a future Ryujin GUI and more features like passes and advanced obfuscation options.
