Skip to content

BatchAlchemy/batchalchemy

BranchesTags

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

5 Commits

docs

docs

 
 

eval

eval

 
 

src

src

 
 

test-scripts

test-scripts

 
 

tree-sitter-batch

tree-sitter-batch

 
 

.editorconfig

.editorconfig

 
 

.gitignore

.gitignore

 
 

.pre-commit-config.yaml

.pre-commit-config.yaml

 
 

.yapf.cfg

.yapf.cfg

 
 

LICENSE

LICENSE

 
 

Makefile

Makefile

 
 

README.md

README.md

 
 

Unveiling_Batch_Script_Obfuscation_report.pdf

Unveiling_Batch_Script_Obfuscation_report.pdf

 
 

Unveiling_Batch_Script_Obfuscation_slides.pdf

Unveiling_Batch_Script_Obfuscation_slides.pdf

 
 

make.bat

make.bat

 
 

requirements.txt

requirements.txt

 
 

Repository files navigation

Welcome to the BatchAlchemy Research Project!

BatchAlchemy is a cyber security related research project designed to address the need for a robust deobfuscation framework for the Windows Batch scripting language. Traditional deobfuscation tools operate on the principle of identifying a known obfuscation method and crafting a rigid deobfuscator for it. With BatchAlchemy, we aim to provide a novel solution by offering malware analysts an easy-to-maintain and easy-to-extend tool capable of crafting tailored responses to both known and upcoming obfuscation samples. The framework is based on a Batch parser (based on the Tree-sitter parser generator tool), enabling to work with the Abstract Syntax Tree (AST) of obfuscated files.

Concerning future research, the most valuable insights have been gathered during our in-depth analysis of the Batch syntax. We collected the most interesting findings of nuances of how Batch internally gets parsed by the Windows Command Prompt (cmd.exe) in a summary located HERE. Because of the lack of official Batch syntax documentation, we are certain that our findings are valuable for every cyber security researcher who tries to enhance their understanding of all the weird and nitty details of Batch.

Our research

  • The write-up of our most interesting findings on the nuances of the Batch scripting language can be found HERE.
  • The scientific report can be found HERE.
  • The slides of our presentation can be found HERE.

Repo structure

Giving some directions to the most important directories of this project:

Requirements (in general)

  • python3
  • python3-pip for pip install tree-sitter
  • node.js
  • cargo, npm or download the tree-sitter binary from its GitHub and put it into PATH
  • C compiler

Requirements (for setup via Makefile on Linux)

  • python3-pip
  • python3-venv
  • node
  • cargo
  • C compiler

Setup via Makefile on Linux

Running make setup will create a virtual python environment, install the dependencies and set up sane defaults for code formatting and linting.

Activate the virtual environment by running source ./venv/bin/activate

About

A Batch obfuscation research project comprising a syntax parser for the Windows Batch scripting language and extensible deobfuscation toolbox.

batchalchemy.github.io/

Topics

parser deobfuscation cybersecurity batch parser-framework deobfuscator batch-syntax

Resources

Readme

License

BSD-3-Clause license
Activity
Custom properties

Stars

0 stars

Watchers

1 watching

Forks

0 forks
Report repository

Contributors 2

  •  
  •  

Languages