Byvalver

takes shellcode bad-bytes and banishes them, returning cleaned shellcode with preserved functionalities

Generate Convert Improve

Install / Use

/learn @umpolungfish/Byvalver

About this skill

Quality Score

0/100

README

<div align="center"> <h1>byvalver (·𐑚𐑲𐑝𐑨𐑤𐑝𐑼)</h1> <p><b>THE SHELLCODE BAD-BYTE BANISHER</b></p> <img src="assets/images/byvalver_logo.png" alt="byvalver banishes bad-bytes with extreme prejudice"> </div> <div align="center"> <img src="https://img.shields.io/badge/C++-%2300599C.svg?style=flat&color=blue" alt="C++"> <img src="https://img.shields.io/badge/SHELLCODE-SCRUBBING-%238300FF.svg?style=flat&color=black" alt="SHELLCODE SCRUBBING"> <img src="https://img.shields.io/badge/CROSS--PLATFORM-WINDOWS%20%7C%20LINUX%20%7C%20macOS-%230071C5.svg?style=flat&color=teal" alt="CROSS-PLATFORM"> <img src="https://img.shields.io/badge/ARCHITECTURES-x86%7Cx64%7CARM%7CARM64-%230071C5.svg?style=flat&color=red" alt="ARCHITECTURES"> <img src="https://img.shields.io/badge/build-clean-%23000000.svg?style=flat&color=violet" alt="BUILD CLEAN"> <img src="https://img.shields.io/github/stars/umpolungfish/byvalver?style=flat&color=cyan" alt="GitHub stars"> <img src="https://img.shields.io/github/forks/umpolungfish/byvalver?style=flat&color=pink" alt="GitHub forks"> <a href="https://github.com/sponsors/umpolungfish"><img src="https://img.shields.io/badge/SPONSOR-%E2%9D%A4-ea4aaa?style=flat&color=pink" alt="SPONSOR ON gitHub"></a> <a href="https://ko-fi.com/umpolungfish"><img src="https://img.shields.io/badge/ko--fi-SUPPORT-%23FF5E5B?style=flat&color=tan" alt="SUPPORT ON ko-fi"></a> </div> <p align="center"> <a href="#overview">Overview</a> • <a href="#quick-start">Quick Start</a> • <a href="#interactive-tui">Interactive TUI</a> • <a href="#targeted-bad-byte-elimination">Targeted Bad-Byte Elimination</a> • <a href="#bad-byte-profiles">Bad-Byte Profiles</a> • <a href="#features">Features</a> • <a href="#architecture">Architecture</a> • <a href="#system-requirements">System Requirements</a> • <a href="#dependencies">Dependencies</a> • <a href="#building">Building</a> • <a href="#installation">Installation</a> • <a href="#usage">Usage</a> • <a href="#obfuscation-strategies">Obfuscation Strategies</a> • <a href="#denullification-strategies">Denullification Strategies</a> • <a href="#ml-training--validation">ML Training</a> • <a href="#agent-menagerie">Agent Menagerie</a> • <a href="#development">Development</a> • <a href="#troubleshooting">Troubleshooting</a> • <a href="#license">License</a> </p> <hr>

Overview
Quick-Start
- Installation
- Basic Usage
- Verification
- Cross-Architecture Support
- Batch Processing
Interactive TUI
Targeted Bad-Byte Banishment
Bad-Byte Profiles
Features
- Advanced Transformation Engine
- Performance Metrics
- Obfuscation Layer
- ML-Powered Strategy Selection
- Output Options
- Verification Suite
Architecture
System Requirements
Dependencies
Building
Installation
Usage
Obfuscation Strategies
Denullification Strategies
ML Training & Validation
Agent Menagerie
Development
Documentation
Troubleshooting
License

<hr>

Overview

byvalver is a CLI tool built in C for automatically eliminating (or "banishing") bad-bytes from x86/x64/ARM/ARM64 shellcode while maintaining complete functional equivalence

NEW in v4.0: Cross-Architecture Support

| Architecture | Maturity | Strategies | Notes | |---|---|---|---| | x86 (32-bit Intel/AMD) | Stable v4.2 | 150+ | Production-tested, full coverage | | x64 (64-bit Intel/AMD) | Stable v4.2 | 150+ | Default architecture, production-tested | | ARM (32-bit) | Experimental v0.1 | 7 core | Limited testing, core instructions only | | ARM64 (AArch64) | Experimental v0.1 | Basic | Framework ready, minimal strategies |

Automatic Capstone mode selection via --arch flag

v4.0.1 Bug Fixes:

Fixed ARM SUB instruction encoding (correct opcode 0x2 with I=1 bit)
Fixed ARM64 strategy can_handle logic for pass-through strategies
Added experimental warnings when ARM/ARM64 architecture is selected
Added architecture mismatch detection heuristics
Improved code organization (includes moved to file scope)

NEW in v4.2: Enhanced x64 Support

x86/x64 Strategy Compatibility Layer: 128+ x86 strategies now work on x64 shellcode
5 New x64-Specific Strategy Files: MOVABS, SBB, TEST, SSE Memory, LEA Displacement
Extended Register Encoding: Full R8-R15 support with proper REX prefix handling
REX Prefix Utilities: is_64bit_register(), is_extended_register(), build_rex_prefix()
Resolves 100% failure rate on x64-only shellcode samples

The tool uses the Capstone disassembly framework to analyze instructions and applies over 175+ ranked transformation strategies to replace bad-byte-containing code with equivalent alternatives

The generic bad-byte banishment framework provides 2x usage modes:

Direct specification: The --bad-bytes option allows specification of arbitrary bytes to banish (e.g., --bad-bytes "00,0a,0d" for newline-safe shellcode)
Profile-based: The --profile option uses pre-configured bad-byte sets for common exploit scenarios (e.g., --profile http-newline, --profile sql-injection, --profile alphanumeric-only)

Supports Windows, Linux, and macOS

CORE TECH:

Pure C implementation for efficiency and low-level control
Capstone for precise disassembly
NASM for generating decoder stubs
Modular strategy pattern for extensible transformations (153+ strategy implementations)
Neural network integration for intelligent strategy selection
Biphasic processing: Obfuscation followed by denullification

[!NOTE] Null-byte elimination (--bad-bytes "00" or default): WELL-TESTED / Generic bad-byte elimination (--bad-bytes "00,0a,0d" etc.): NEWLY IMPLEMENTED

BAD-BYTE BANISHMENT IN ACTION

QUICK-START

Get started with byvalver in minutes:

INSTALLATION

OPTION 1: FROM GITHUB (RECOMMENDED)

curl -sSL https://raw.githubusercontent.com/umpolungfish/byvalver/main/install.sh | bash

OPTION 2: BUILD FROM SOURCE

git clone https://github.com/umpolungfish/byvalver.git
cd byvalver
make
sudo make install
sudo make install-man  # Install man page

Basic Usage

banish NULL BYTES (DEFAULT):

byvalver input.bin output.bin

USING BAD-BYTE PROFILES:

# HTTP contexts (removes null, newline, carriage return)
byvalver --profile http-newline input.bin output.bin

# SQL injection contexts
byvalver --profile sql-injection input.bin output.bin

# Alphanumeric-only shellcode (most restrictive)
byvalver --profile alphanumeric-only input.bin output.bin

MANUAL BAD-BYTE SPECIFICATION:

# banish null bytes and newlines
byvalver --bad-bytes "00,0a,0d" input.bin output.bin

ADVANCED FEATURES:

# Add obfuscation layer before denullification
byvalver --biphasic input.bin output.bin

# Enable ML-powered strategy selection
byvalver --ml input.bin output.bin

# Generate XOR-encoded shellcode with decoder stub
byvalver --xor-encode DEADBEEF input.bin output.bin

# Output in different formats
byvalver --format c input.bin output.c      # C array
byvalver --format python input.bin output.py # Python bytes
byvalver --format hexstring input.bin output.hex # Hex string

VERIFICATION

Always verify your transformed shellcode:

# Check for remaining bad bytes
python3 verify_denulled.py --bad-bytes "00,0a,0d" output.bin

# Verify functional equivalence
python3 verify_functionality.py input.bin output.bin

CROSS-ARCHITECTURE SUPPORT

byvalver supports multiple architectures via the --arch flag:

x86 (32-bit Intel/AMD) - Fully supported with 150+ strategies

byvalver --arch x86 --bad-bytes "00" x86_shellcode.bin output.bin

x64 (64-bit Intel/AMD) - Fully supported (default)

byvalver --arch x64 --bad-bytes "00,0a,0d" x64_shellcode.bin output.bin

ARM (32-bit) - Experimental support with basic strategies

byvalver --arch arm --bad-bytes "00" arm_shellcode.bin output.bin

ARM64 (AArch64) - Experimental support with basic strategies

byvalver --arch arm64 --bad-bytes "00,0a" arm64_shellcode.bin output.bin

Notes:

ARM/ARM64 support focuses on core instructions (MOV, arithmetic, loads/stores)
Use simpler bad-byte profiles for ARM (e.g., null-byte only)
Experimental warnings are displayed when ARM/ARM64 is selected
Basic architecture mismatch detection warns if shellcode appears to be wrong architecture
Automatic architecture detection is planned for future releases

BATCH PROCESSING

Process entire directories:

# Process all .bin files recursively
byvalver -r --pattern "*.bin" input_dir/ output_dir/

# Apply HTTP profile to all shellcode in directory
byvalver -r --profile http-newline input_dir/ output_dir/

INTERACTIVE TUI

byvalver includes an interactive TUI (Text User Interface) with 1:1 CLI feature parity.

The TUI provides an intuitive, visual interface for all bad-byte banishment operations, including:

batc

Related Skills

node-connect

349.0k

Diagnose OpenClaw node connection and pairing failures for Android, iOS, and macOS companion apps

frontend-design

109.4k

Create distinctive, production-grade frontend interfaces with high design quality. Use this skill when the user asks to build web components, pages, or applications. Generates creative, polished code that avoids generic AI aesthetics.

openai-whisper-api

349.0k

Transcribe audio via OpenAI Audio Transcriptions API (Whisper).

qqbot-media

349.0k

QQBot 富媒体收发能力。使用 <qqmedia> 标签，系统根据文件扩展名自动识别类型（图片/语音/视频/文件）。

umpolungfish

View profile

View on GitHub

GitHub Stars62

CategoryDevelopment

Updated1d ago

Forks9

umpolungfish/byvalver

Languages

Security Score

100/100

Audited on Apr 4, 2026

No findings

Byvalver

Install / Use

README

Table of Contents

Overview

BAD-BYTE BANISHMENT IN ACTION

QUICK-START

INSTALLATION

Basic Usage

VERIFICATION

CROSS-ARCHITECTURE SUPPORT

BATCH PROCESSING

INTERACTIVE TUI

Related Skills