Back Engineering Labs @BackEngineerLab

Static Devirtualization of Themida/CodeVirtualizer. The techniques in this article apply to pretty much every virtual machine obfuscator with minor modifications. back.engineering/blog/09/05/202… Original Program & Devirtualized Output github.com/backengineerin…

keyboard_arrow_left Previous keyboard_arrow_right Next

@belabs_engineer has released a binary polynomial MBA explorer. You can check out the website here: tools.codedefender.io

keyboard_arrow_left Previous keyboard_arrow_right Next

Very impressive independent research into modern software obfuscation used by Anti-Cheats, conducted by @belabs_engineer and @belabs_james youtube.com/watch?v=3LtwqJ…

We’re releasing our analysis of ring-1.io, a major game cheat targeted by multiple studios in recent legal actions. We partially deobfuscated several Themida-protected components and document how it hijacks Hyper-V to inject and manipulate game code. back.engineering/blog/04/02/202… github.com/backengineerin…

Bas Zweers (@belabs_engineer) and James McGowan (@backengineerlab) bring a look at a real world commercial binary obfuscator to RE//verse 2026. This talk walks through analysis and custom tooling to peel back obfuscation on Windows kernel mode anti cheat and ends with a full taxonomy of its tricks. Get your ticket: shop.binary.ninja/collections/re…

We released a VirtualBox snapshot that includes a custom ntoskrnl.exe and bootmgfw.efi obfuscated with CodeDefender. The snapshot and the protected binaries are available on our GitHub: github.com/codedefender-i…

keyboard_arrow_left Previous keyboard_arrow_right Next

@frizkedblizz @_xeroxz github.com/codedefender-i…

The next generation of binary obfuscation for the Windows platform is now public. No source code annotations required, full SEH support, CET support, ACG compliant. Join the Discord: discord.gg/VMUpEP2rNg Website: codedefender.io

We have reached a pivotal point in our business journey with CodeDefender. After much consideration we have decided to refocus our attention towards our quickly expanding B2B customer base. Public access to the CodeDefender SaaS will no longer be available after 09/30/2025. If you have a subscription or keys that last after the aforementioned cutoff date please reach out to us to be reimbursed. You can contact us on this Discord or by email: [email protected]. If you have a CodeDefender subscription and can articulate a legitimate use-case, please reach out by Discord or Email and include a short description for the intended use of CodeDefender. This only applies to the CodeDefender SaaS, the CodeDefender discord will remain open to the public as a place of technical discussion mainly centered around obfuscation.

We have recently released a small side project called "Tether" which explores post-compilation extraction of instructions for exclusive server execution. github.com/codedefender-i…

❗️ We discovered a bug in Microsoft's driver compliance checks which are used to determine if "Memory Integrity" can be enabled on a system. ❌The function "vsbapi!HvciIsDriverImage" is comparing an RVA against the raw file size. learn.microsoft.com/en-us/answers/…

keyboard_arrow_left Previous keyboard_arrow_right Next

🧰 CodeDefender API and CLI are live Protect binaries from the terminal or Rust SDK Upload → Analyze → Obfuscate → Download YAML configs give full control over passes, symbols, and transform logic 🔗 github.com/codedefender-i… 📔 docs.codedefender.io/features/api

🚀 CodeDefender SDK now supports source-level macros! Obfuscate functions in Rust/C/C++ by tagging them with your pre-defined obfuscation profile. 🦀 #[codedefender("Profile1")] 💻 CODEDEFENDER("Profile1", ...) Docs + examples 👉 github.com/codedefender-i… #infosec #rustlang #obfuscation

Our CodeDefender SaaS has received a major update which includes the following: 🛠️Our new and improved compiler framework 💥SSE hardened mutations 🚀New UI/UX interface 💪Custom obfuscation pass configuration 🔗Register now: app.codedefender.io #reverseengineering #gamesecurity

keyboard_arrow_left Previous keyboard_arrow_right Next

What has BELabs been up to ⁉️ Check out these new SSE based obfuscations. 🫣 We have completely rewritten our compiler from the ground up to pave the way for ARM support. ✅ This has allowed us to make the world's strongest bin2bin obfuscation framework even stronger.💪 The new compiler will roll out on the SaaS for all customers soon. 👀

Can your bin2bin do this and still boot? CodeDefender.io can. See it in action with a demo at the end! 👉youtu.be/3LOGxOHfUHg

🚨 How are the geniuses at @BackEngineerLab revolutionizing binary obfuscation with CodeDefender.io? Learn about the unique challenges & solutions in bin2bin, virtualization & anti-tamper. See CodeDefender in action with a demo at the end! 👉youtu.be/3LOGxOHfUHg

what is CodeDefender and who is the handsome man in the corner? find out tomorrow when we drop our interview with the @BackEngineerLab team

Given the recent events with VMPSoft DMCA'ing educational YouTube videos demonstrating how to unpack malware protected with VMProtect, we have decided to release a free to use unpacker which works for all versions of VMP 3.x including the most recent version. Simply sign up/login here: app.codedefender.io and then click on "Unpacker" on the top right corner. For context: x.com/rhotav/status/… x.com/allthingsida/s… x.com/herrcore/statu…

VMPSoft has been DMCA-ing YouTube videos which show how to combat malware payloads abusing VMProtect

keyboard_arrow_left Previous keyboard_arrow_right Next

We also released a reproducible dataset of SigBreaker scrambled LLVM binaries to show the stability and correctness of SigBreaker and thus our binary transformation framework 100MB+ binaries transformed (clang, etc) github.com/backengineerin…

Today we are announcing 🚢SigBreaker 1.0🚢a binary diversification engine purpose built for breaking static signatures in code while maintaining performance and semantic correctness. github.com/backengineerin… codedefender.io/blog/2025/04/13