Skip to content

FFRI/XPRSecretConfigs

BranchesTags

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

30 Commits
LICENSE
LICENSE
 
 
README.md
README.md
 
 
XProtectRemediatorAdload_config.txt
XProtectRemediatorAdload_config.txt
 
 
XProtectRemediatorBadGacha_config.txt
XProtectRemediatorBadGacha_config.txt
 
 
XProtectRemediatorBlueTop_config.txt
XProtectRemediatorBlueTop_config.txt
 
 
XProtectRemediatorBundlore_config.txt
XProtectRemediatorBundlore_config.txt
 
 
XProtectRemediatorCardboardCutout_config.txt
XProtectRemediatorCardboardCutout_config.txt
 
 
XProtectRemediatorColdSnap_config.txt
XProtectRemediatorColdSnap_config.txt
 
 
XProtectRemediatorCrapyrator_config.txt
XProtectRemediatorCrapyrator_config.txt
 
 
XProtectRemediatorDolittle_config.txt
XProtectRemediatorDolittle_config.txt
 
 
XProtectRemediatorDubRobber_config.txt
XProtectRemediatorDubRobber_config.txt
 
 
XProtectRemediatorEicar_config.txt
XProtectRemediatorEicar_config.txt
 
 
XProtectRemediatorFloppyFlipper_config.txt
XProtectRemediatorFloppyFlipper_config.txt
 
 
XProtectRemediatorGenieo_config.txt
XProtectRemediatorGenieo_config.txt
 
 
XProtectRemediatorGreenAcre_config.txt
XProtectRemediatorGreenAcre_config.txt
 
 
XProtectRemediatorKeySteal_config.txt
XProtectRemediatorKeySteal_config.txt
 
 
XProtectRemediatorPirrit_config.txt
XProtectRemediatorPirrit_config.txt
 
 
XProtectRemediatorRankStank_config.txt
XProtectRemediatorRankStank_config.txt
 
 
XProtectRemediatorRedPine_config.txt
XProtectRemediatorRedPine_config.txt
 
 
XProtectRemediatorRoachFlight_config.txt
XProtectRemediatorRoachFlight_config.txt
 
 
XProtectRemediatorSheepSwap_config.txt
XProtectRemediatorSheepSwap_config.txt
 
 
XProtectRemediatorSnowBeagle_config.txt
XProtectRemediatorSnowBeagle_config.txt
 
 
XProtectRemediatorSnowDrift_config.txt
XProtectRemediatorSnowDrift_config.txt
 
 
XProtectRemediatorToyDrop_config.txt
XProtectRemediatorToyDrop_config.txt
 
 
XProtectRemediatorTrovi_config.txt
XProtectRemediatorTrovi_config.txt
 
 
XProtectRemediatorWaterNet_config.txt
XProtectRemediatorWaterNet_config.txt
 
 

Repository files navigation

XProtect Remediator "Secret" Configurations

About

XProtect Remediator stores its configuration data (such as file paths, regular expressions, and YARA rules) in encrypted form. This encrypted configuration data is decrypted at runtime by the _mod_init_func function and the resulting data is written to the __DATA.__bss section. The details of this process are described in this blog post.

This repository contains the decrypted configuration data of XProtect Remediator. To track which configuration data was added in each version of XProtect Remediator, each git commit corresponds to a specific version of XProtect Remediator. You can use the git diff command to check what configuration data was introduced with each version update.

Update History

Date Version
2022/09/29 75
2023/05/02 97
2023/06/08 99
2023/08/08 108
2023/09/01 109
2023/09/15 111
2023/09/29 112
2023/10/12 114
2023/10/26 118
2023/12/07 120
2023/12/19 122
2024/01/16 123
2024/02/05 125
2024/02/21 126
2024/03/05 128
2024/03/19 129
2024/04/02 130
2024/04/23 131
2024/04/30 132
2024/05/02 133
2024/05/28 135
2024/06/18 137
2024/07/09 139
2024/07/23 140
2024/08/06 141
2024/08/20 142
2024/09/03 145
2024/10/16 147
2024/12/17 149
2025/03/04 151

Author

Koh M. Nakagawa (@tsunek0h) © FFRI Security, Inc. 2025

LICENSE

Apache version 2.0

About

XProtect Remediator "secret" configurations

Resources

Readme

License

Apache-2.0 license
Activity
Custom properties

Stars

1 star

Watchers

0 watching

Forks

0 forks
Report repository

Releases

29 tags

Packages

No packages published