[{"data":1,"prerenderedAt":-1},["ShallowReactive",2],{"project-80027":3},{"id":4,"name":5,"fullName":6,"owner":7,"repo":5,"description":8,"homepage":9,"htmlUrl":9,"language":10,"languages":9,"totalLinesOfCode":9,"stars":11,"forks":12,"watchers":13,"openIssues":14,"contributorsCount":14,"subscribersCount":14,"size":14,"stars1d":14,"stars7d":15,"stars30d":16,"stars90d":14,"forks30d":14,"starsTrendScore":14,"compositeScore":17,"rankGlobal":9,"rankLanguage":9,"license":9,"archived":18,"fork":18,"defaultBranch":19,"hasWiki":20,"hasPages":18,"topics":21,"createdAt":9,"pushedAt":9,"updatedAt":22,"readmeContent":23,"aiSummary":24,"trendingCount":14,"starSnapshotCount":14,"syncStatus":25,"lastSyncTime":26,"discoverSource":27},80027,"MicroSMT","eversinc33\u002FMicroSMT","eversinc33","IDA plugin for automatic deobfuscation of opaque predicates by lifting microcode to z3 for SMT reasoning.",null,"Python",75,3,66,0,6,8,42.61,false,"main",true,[],"2026-06-12 04:01:26","# MicroSMT\n\nMicroSMT is an IDA Pro Plugin that aims at generic solving of opaque predicates.\n\nIt works by backwards slicing from `jcc`\u002F`setcc` instructions and lifting relevant Hex-Ray microcode slices to z3 expressions. These expressions can then be solved via SMT and the instructions can be patched accordingly.\n\nMicroSMT is currently in *pre-alpha* state - working with microcode has some pitfalls and I do not expect it to work everywhere. Also, not all instruction are currently implemented in the lifter.\n\nNevertheless, MicroSMT can already autonomously solve opaque predicates in several families (see Examples below).\n\nThere are some limitations regarding opaque predicates that can be solved - notable exceptions:\n* Predicates that rely on memory access\n* Predicates that rely on external API calls and their results\n* Predicates that go over several basic blocks\n\nFor these types, I recommend full symbolic execution or similar.\n\n*MicroSMT was tested on IDA Pro 9.2*\n\n### Installation\n\nCopy `MicroSMT.py` into your IDA plugins folder (e.g. `~\u002F.idapro\u002Fplugins`). Make sure that `z3` is installed via `pip`.\n\n### Usage\n\nPoint the cursor over a `jcc` or `setcc` instruction, press `Alt+m` and MicroSMT will decide if the condition is an opaque predicate, and if yes, solve it. If you tick the box to patch in the plugin settings menu, MicroSMT will additionally patch accordingly (e.g. `nop` or `jmp` a `jcc` or replace a `setcc` with an assignment to 0 or 1).\n\n### Examples\n\n```\nLumma Stealer\n00f1a9c6185b346f8fdf03e7928facfc44fc63e6a847eb21fa0ecd7fb94bb7e3\n```\n\n![\u002Fimg\u002Flumma.gif](\u002Fimg\u002Flumma.gif)\n\n```\nANELLOADER (Apt10)\n362b0959b639ab720b007110a1032320970dd252aa07fc8825bb48e8fdd14332 \n```\n\n![\u002Fimg\u002Fapt10.gif](\u002Fimg\u002Fapt10.gif)\n\n### Motivation\n\nWhile implementing an IR lifter for a bin2bin obfuscator I worked on, I had the idea to lift microcode to z3 for deobfuscation. Since I have never really used SMTs in reverse engineering before, but usually relied on dynamic analysis \u002F tracing, I wanted to try it out. Also, I like generic\u002Fautomated solutions to problems and MicroSMT fills a gap in tooling I needed.\n","MicroSMT 是一个IDA Pro插件，用于通过将微代码提升到z3进行SMT推理来自动去混淆不透明谓词。其核心功能包括从`jcc`\u002F`setcc`指令反向切片并将其相关的Hex-Ray微代码片段提升为z3表达式，进而求解这些表达式并对指令进行相应修补。该项目适合于需要对二进制文件中的控制流保护进行分析和去混淆的场景，特别是针对恶意软件分析领域。需要注意的是，当前版本处于预alpha阶段，存在一些限制，例如无法处理依赖内存访问或跨多个基本块的谓词等复杂情况。尽管如此，MicroSMT已经能够在某些恶意软件家族中自主解决不透明谓词问题。",2,"2026-06-11 03:58:57","CREATED_QUERY"]