this is a very good tool..

Thank you very mutch
 

I hope this message finds you well with everything, I really appriciate your work that you have done on de4dot

I have a question when the protection is deteced as Eazfuscator.NET 3.3.149 - 3.4 what is the best way to run the de4dot with that parameters cause when i replace the cleaned dll it does not work.:(

can you send me that file on pm i want to try

Did someone contacted author?
looks like he is very busy.... (sent him already some reports but..)

Hey guys,

Is this project still alive? I was wondering if de4dot v2.0.4 or v.2.1 are in the works.

Several Obfuscators that have recently failed on me with v2.0.3 are:
Desaware QND Obfuscator
Crypto Obfuscator

The Desaware QND Obfuscated file was actually "cleaned" but not runnable. I may have to do some manual work on it...
But I was wondering if anyone already has a re-compiled version of de4dot that could "clean" a newer version of Crypto Obfuscated code.

Thanks!
-HooK

I have checked this. Not working with new version Eazfuscator.NET. I hope de4dot fixes the issues.

the newest maxtocode is not supported

it is obvious that de4dot is out of the game,
it is the time to start learning thing by ourselves.

Using NET Internals and Code Injection Test MaxToCode can see most of the code il code, MaxTocode at runtime by vmp encrypted.

New version: 3.0.2

https://bitbucket.org/0xd4d/de4dot

• Updated Agile.NET support
• Updated CryptoObfuscator support
• Updated Dotfuscator support
• Updated .NET Reactor and IntelliLock support
• Updated Eazfuscator.NET support
• Updated ILProtector support
• Updated MaxtoCode support
• Updated Rummage support
• Updated SmartAssembly support
• Classes, fields etc containing east asian characters are normally not renamed anymore
• Fixed stack overflow exception which could be thrown when deobfuscating huge methods
• Old -> new tokens are printed if -v is used

This is what i was looking for . as always great work sir.

@0xd4d
good job bro
nice see resume your project

v3.0.3 - Nov 22 2013

- bool[]/char[] access instructions are now restored when devirtualizing CSVM code
- Updated Eazfuscator.NET version detection code

direct download

I hope DNGuard HVM go to the hands him.:rolleyes:

Can you please add LogicNP?

Regards

Mate, LogicNP's CryptoObfuscator is already in there - quite great working aswell :)

The program still get errors with "CliSecure"
ERROR: Method System.Void .cctor() (06000B25) is not defined in this module (X.....exe)
Ignored 33 warnings/errors

AFAIK the sources are available. Just update for yourself if you think something is wrong. Is a free software. We just need to be happy with what we get.

New de4dot 3.1.41592:

• Support Agile.NET 6.3.0.10 - 6.3.0.18
• Support CryptoObfuscator (latest build)
• Support Eazfuscator.NET 4.2 - 4.3
• Support ILProtector 2.0.11.1 - 2.0.13.1
• Support more MaxtoCode runtimes
• Detect .NET Reactor 4.8
• Fix bug in Spices.Net resource renamer
• Fix rare CSVM parser bug (it would fail to devirtualize all methods)

The de4dot project is now back @ github.com: https://github.com/0xd4d/de4dot . This also fixes some old links. :)

https://github.com/0xd4d/de4dot/releases

Thank you for the updated link 0xd4d, I was just going to post it here! I really like your work buddy and the improvements are fantastic, I'm the guy who asked you about a .dll encrypted with cryptobfuscator and you said it'll be released sometime in april....Maybe you remember me, I don't know how many e-mails you get :)

Thank you for the changes, thank you for the source; I was actually using the previous version with a changed source that patched the cryptobfuscator bug and made it work for me...so thank you for the program you've provided as well as the source code to do what we want with it ^^

peace. I'll e-mail you any other errors I find but this seems pretty rock-solid!

latest binary zu share?
 

Does anyone has a compiled binary for the latest version 3.1.41592 to share?
Unfortunately I don't have Visual Studio installed to compile the source code.

Thanks.

Here is a direct mirror of the compiled binaries for you guys in case
you won't be able to download it directly form there for longer time:
click me

i builded the The de4dot gui with VS 2010 & 2012
in attachment the vs2010 build.. Put the file in the dedot4 directory where are de4dot &
de4dot-x64..
You can now simply drop your protected file then click on the button deobfuscate..
[winrar v5 archive]
Enjoy

Nikkapedd can you PLEASE pm me a link to the GUI you created for de4dot? I can't download attachments yet. I'm having some issues I think this can assist with.

My friend(Mahmoudnia) coded this tool, you can see in file copyright.
his post in tuts4you:
https://forum.tuts4you.com/topic/35281-de4dotui/

I am unable to access the tuts4u.com forum. Says that I am not allowed to access the forums, all of a sudden...
I was able to access it without problems earlier on last year...
Any ideas ? Emailed the website admin but no reply so far...
(I am a registered member there of course, for a long time)...

Here is the file i downloaded from tuts4you.

http://puu.sh/8OjmF.rar

de4dotUI is an open source project like de4dot because de4dot is open source . So, everyone can modifies or re-compile again But actually de4dotUI compiled in vs2013. In next version I cover all de4dot commands and engine change to WPF but I'm not sure about that .

Sir.V65j, thank you for your notice.

https://github.com/ymahmoudnia/de4dotUI

Oh, I have drag and drop so I love your GUI too much !!! :D:D

Love how the binaries were taken down. It's super easy to follow the exact guide on github..

There are no binaries available anymore because...

If you can't compile de4dot without instructions, then it's probably not for you. If you can't compile de4dot with the help from the Wiki, then de4dot is definitely not for you.

Not disagreeing, but just another point of view - I only have VC++ installed and no .NET compiler, yet I often want to remove a .NET protection and just poke around a binary with reflector/il(d)asm etc.

I of course respect your decisions for your releases though :)

Try this from de4dot root dir:

EDIT: I think csc.exe is always present even if you have only .NET Framework installed.

Heh.... now I feel like a real n00b.

Worked like a charm. Obviously needed to get the dnlib-master too, but I hadn't realised I could do that with just the frameworks installed.

I'm sure I'll check out .NET properly one of these days!
Thanks dude :)

What about people who don't want to install a full-blown Visual Studio in their small Windows xp virtual machine simply to deobfuscate a .net binary?

Did you not see http://forum.exetools.com/showpost.php?p=92424&postcount=113 which is just two posts over yours?

Additionally, you can grab the compiled version here if you are a real lazy guy. ;)

I rebuilded the de4dot suite with VS2012 U4, and included the last version of antinet and dnlib.
The tool now seems much faster..
In attachment my build.. senvenZIP archive..
P.S: of course i used the last stable de4dot source for the great original coder
P.P.S: de4dotUI source is included in my build
Good reversing...!!!!

i have right to post thx i am junior member

Well, if you think "good work thx" contributes much to this topic I'm fine with that. I didn't ban you or something, but I try to keep the forum clean from 'THANKXXX'.

Technically you're right though, if you want I can restore your post.

Greetings