EXETOOLS FORUM  

Go Back   EXETOOLS FORUM > General > Community Tools

Notices

Reply
 
Thread Tools Display Modes
  #61  
Old 12-20-2012, 16:33
ZeNiX's Avatar
ZeNiX ZeNiX is offline
Administrator
 
Join Date: Feb 2009
Posts: 604
Rept. Given: 154
Rept. Rcvd 718 Times in 230 Posts
Thanks Given: 10
Thanks Rcvd at 32 Times in 21 Posts
ZeNiX Reputation: 700-899 ZeNiX Reputation: 700-899 ZeNiX Reputation: 700-899 ZeNiX Reputation: 700-899 ZeNiX Reputation: 700-899 ZeNiX Reputation: 700-899 ZeNiX Reputation: 700-899
Links updated
Reply With Quote
The Following 2 Users Gave Reputation+1 to ZeNiX For This Useful Post:
0xd4d (12-20-2012)
  #62  
Old 12-21-2012, 08:40
riverstore riverstore is offline
Family
 
Join Date: Aug 2012
Posts: 43
Rept. Given: 100
Rept. Rcvd 40 Times in 17 Posts
Thanks Given: 0
Thanks Rcvd at 1 Time in 1 Post
riverstore Reputation: 40
New version de4dot 2.0.1 was out
Code:
https://bitbucket.org/0xd4d/de4dot/downloads/de4dot-2.0.1.zip
Reply With Quote
The Following User Gave Reputation+1 to riverstore For This Useful Post:
chessgod101 (12-21-2012)
  #63  
Old 12-21-2012, 11:11
mdj's Avatar
mdj mdj is offline
♀♥♂KAMDEV♂♥♀
 
Join Date: Nov 2011
Posts: 136
Rept. Given: 105
Rept. Rcvd 136 Times in 48 Posts
Thanks Given: 5
Thanks Rcvd at 0 Times in 0 Posts
mdj Reputation: 100-199 mdj Reputation: 100-199
New version: 2.0.1

https://bitbucket.org/0xd4d/de4dot
https://bitbucket.org/0xd4d/de4dot/downloads
__________________
When Obi-wan talked about the dark side of the force who knew he was referring to windows...?

The goal of software engineers it to make bigger, better, idiot proof software.
The goal of the Universe is to make bigger, better idiots.
As a race, the universe is winning.
Reply With Quote
  #64  
Old 12-22-2012, 01:41
0xd4d 0xd4d is online now
Lo*eXeTools*rd
 
Join Date: Mar 2012
Posts: 53
Rept. Given: 9
Rept. Rcvd 266 Times in 34 Posts
Thanks Given: 0
Thanks Rcvd at 1 Time in 1 Post
0xd4d Reputation: 200-299 0xd4d Reputation: 200-299 0xd4d Reputation: 200-299
2.0.2: bug fix. Sometimes a few SmartAssembly encrypted strings weren't decrypted.
https://bitbucket.org/0xd4d/de4dot/downloads
Reply With Quote
The Following 8 Users Gave Reputation+1 to 0xd4d For This Useful Post:
besoeso (12-22-2012), chessgod101 (12-22-2012), copyleft (12-22-2012), KuNgBiM (12-27-2012), NoneForce (12-22-2012), riverstore (12-22-2012), wilson bibe (12-29-2012), |roe (12-23-2012)
  #65  
Old 12-23-2012, 10:10
s0me0n3 s0me0n3 is offline
Family
 
Join Date: Mar 2012
Posts: 118
Rept. Given: 41
Rept. Rcvd 94 Times in 32 Posts
Thanks Given: 1
Thanks Rcvd at 9 Times in 5 Posts
s0me0n3 Reputation: 94
Nicely done. Any chance to see updated Xenocode Postbuild support? Or any chance to apply a special command line? I don't get the help description cause english isn't my native language. Support via pm? Can provide you with alot info if you could help updating the deobfuscator.
Reply With Quote
  #66  
Old 12-23-2012, 15:22
0xd4d 0xd4d is online now
Lo*eXeTools*rd
 
Join Date: Mar 2012
Posts: 53
Rept. Given: 9
Rept. Rcvd 266 Times in 34 Posts
Thanks Given: 0
Thanks Rcvd at 1 Time in 1 Post
0xd4d Reputation: 200-299 0xd4d Reputation: 200-299 0xd4d Reputation: 200-299
Xenocode Postbuild? What isn't supported already? It has string encryption and cflow obfuscation. Use eg. DotNetDumper to dump assemblies from memory.
Reply With Quote
The Following User Gave Reputation+1 to 0xd4d For This Useful Post:
riverstore (12-24-2012)
  #67  
Old 12-25-2012, 10:51
s0me0n3 s0me0n3 is offline
Family
 
Join Date: Mar 2012
Posts: 118
Rept. Given: 41
Rept. Rcvd 94 Times in 32 Posts
Thanks Given: 1
Thanks Rcvd at 9 Times in 5 Posts
s0me0n3 Reputation: 94
Nah, meant better string decryption. It may be that some apps I wanna crack don't are fully decrypted cause some routines are missing or the standard command line is just not enough what brings me back to my question: Is there any special command line which strings to decrypt in which way? Or do you want some help updating? I am not the coder I just can explain things. BTW: I don't get it with the /help switch (don't understand the use), some strings are still crypted.
Reply With Quote
  #68  
Old 12-26-2012, 05:04
0xd4d 0xd4d is online now
Lo*eXeTools*rd
 
Join Date: Mar 2012
Posts: 53
Rept. Given: 9
Rept. Rcvd 266 Times in 34 Posts
Thanks Given: 0
Thanks Rcvd at 1 Time in 1 Post
0xd4d Reputation: 200-299 0xd4d Reputation: 200-299 0xd4d Reputation: 200-299
PM me a link (eg. installer link) to those Xenocode obfuscated assemblies where string decryption doesn't work. Could be a slightly different version from the ones I've seen.
Also who uses Xenocode Postbuild anymore?
Reply With Quote
  #69  
Old 12-26-2012, 19:58
Kameo Kameo is offline
Friend
 
Join Date: Mar 2004
Posts: 81
Rept. Given: 3
Rept. Rcvd 1 Time in 1 Post
Thanks Given: 0
Thanks Rcvd at 0 Times in 0 Posts
Kameo Reputation: 1
Thanks for the share, it's working great.
Reply With Quote
  #70  
Old 12-26-2012, 21:24
giv giv is offline
VIP
 
Join Date: Jan 2011
Location: Romania
Posts: 1,414
Rept. Given: 756
Rept. Rcvd 1,198 Times in 518 Posts
Thanks Given: 3
Thanks Rcvd at 29 Times in 6 Posts
giv Reputation: 1100-1299 giv Reputation: 1100-1299 giv Reputation: 1100-1299 giv Reputation: 1100-1299 giv Reputation: 1100-1299 giv Reputation: 1100-1299 giv Reputation: 1100-1299 giv Reputation: 1100-1299 giv Reputation: 1100-1299
Quote:
Originally Posted by Kameo View Post
Thanks for the share, it's working great.
It's not about sharing mate, it's free by definition this software.
Reply With Quote
  #71  
Old 12-29-2012, 12:41
heima911
Guest
 
Posts: n/a
Hope to support Confuser
Reply With Quote
  #72  
Old 12-29-2012, 22:46
giv giv is offline
VIP
 
Join Date: Jan 2011
Location: Romania
Posts: 1,414
Rept. Given: 756
Rept. Rcvd 1,198 Times in 518 Posts
Thanks Given: 3
Thanks Rcvd at 29 Times in 6 Posts
giv Reputation: 1100-1299 giv Reputation: 1100-1299 giv Reputation: 1100-1299 giv Reputation: 1100-1299 giv Reputation: 1100-1299 giv Reputation: 1100-1299 giv Reputation: 1100-1299 giv Reputation: 1100-1299 giv Reputation: 1100-1299
Here is a solution for Confuser 1.9

Quote:
Originally Posted by heima911 View Post
Hope to support Confuser
///////////////////// Keyz World-Dev.com - to DDC Team //////////////////////

Unpacking confuser v1.9 max settings enabled.
first download the msil decryptor.

http://uppit.com/irrah14pjhm6/Simple_MSIL_Decryptor.zip
http://uppit.com/qinahamvavsw/1_msil_fix12.rar
Now Just browse the confused assembly... its important to check on the use loadlibrary, then click on decrypt..

You still cant browse on the methods when you open it on SAE dont use reflector coz that was a trash as simple as that.

So here's the next step..

Download this: universal fixer, if you dont have..

http://uppit.com/tmkcdyz2fc2h/Universal_Fixer.zip

Browse the decryted assembly, then click on fix just use default.. wait for the tool to fix the program, remember that it will takes a longer time to do its job since we know that confuser sucks it also defend on the program size.. seeing on the statistic of the fixer that it successfully fixed and save the assembly on a directory signals us that it already done on its job...

open it on SAE and feel happy to browse on those methods and you gonna see those il codes... Smile

but the last problem is that it wont run.. Mad ?

so here's the solution... on SAE search for the word "broken file" it will be found by the decompiler and go to the first il code of that method,copy its RVA address.

open the fixed file on CFF EXPLORER..

http://www.ntcore.com/exsuite.php

input the RVA ADDRESS on the rva box on the cff explorer and it will give you its offset address of the file, then change the bytes on that offset with this hex byte value 2A (IN SImple word, we ret that method, we just only use hexbyte patching.), and maybe wait also for my search and replace byte patcher to easily do this or someone can generate it or just program the tool.

run the file, and it will run now... so cheers..

the strings are still encrypted, but there is a tool named dotnet tracer, to help you crack easy as like you are blind.. Tongue

de4dot can also cleaned the fixed the running assembly, so newbie cracker will now wont have problem on confuser..

AND SO, CONFUSER WILL NOW ENDS.. Enjoy
Keyz / Jejus.

Quote:
http://pastebin.com/TABT1xPm
Reply With Quote
The Following 2 Users Gave Reputation+1 to giv For This Useful Post:
alekine322 (12-30-2012), wilson bibe (01-04-2013)
  #73  
Old 01-13-2013, 00:15
sendersu sendersu is offline
VIP
 
Join Date: Oct 2010
Posts: 495
Rept. Given: 317
Rept. Rcvd 209 Times in 104 Posts
Thanks Given: 9
Thanks Rcvd at 7 Times in 5 Posts
sendersu Reputation: 200-299 sendersu Reputation: 200-299 sendersu Reputation: 200-299
MaxSea 4.1 has some minor issues (eg: protector left the virtual specifier for nonvirtual methods of Form, etc)
Reply With Quote
  #74  
Old 01-13-2013, 01:39
0xd4d 0xd4d is online now
Lo*eXeTools*rd
 
Join Date: Mar 2012
Posts: 53
Rept. Given: 9
Rept. Rcvd 266 Times in 34 Posts
Thanks Given: 0
Thanks Rcvd at 1 Time in 1 Post
0xd4d Reputation: 200-299 0xd4d Reputation: 200-299 0xd4d Reputation: 200-299
de4dot v2.0.3 https://bitbucket.org/0xd4d/de4dot/
  • Updated CryptoObfuscator deobfuscator code
  • Updated Xenocode deobfuscator code
  • Next version (v2.1) should support the remaining obfuscators I haven't updated yet


Quote:
Originally Posted by sendersu View Post
MaxSea 4.1 has some minor issues (eg: protector left the virtual specifier for nonvirtual methods of Form, etc)
MaxSea is the love child of MaxtoCode and DeepSea?
Reply With Quote
The Following 4 Users Gave Reputation+1 to 0xd4d For This Useful Post:
chessgod101 (01-13-2013), Dreamer (01-13-2013), riverstore (01-13-2013), sendersu (01-13-2013)
  #75  
Old 01-13-2013, 03:03
sendersu sendersu is offline
VIP
 
Join Date: Oct 2010
Posts: 495
Rept. Given: 317
Rept. Rcvd 209 Times in 104 Posts
Thanks Given: 9
Thanks Rcvd at 7 Times in 5 Posts
sendersu Reputation: 200-299 sendersu Reputation: 200-299 sendersu Reputation: 200-299
sorry mate, you cought me
Detected DeepSea 4.1 is the right line

wow, you are great researcher, thanks for update
and oh, 4351 downloads for 202, good rocket lunch for new site

if you are interesting, here is the before and after of what I was writing about:

before (with issues)

internal virtual TableLayoutPanel vmethod_0()
{
return this.tableLayoutPanel_0;
}

compiler shouts as:


Error 6 'x.SplashScreen1.vmethod_0()' is a new virtual member in sealed class 'x.SplashScreen1' ////



after (cleaned by hands)

internal TableLayoutPanel vmethod_0()
{
return this.tableLayoutPanel_0;
}
Reply With Quote
Reply

Tags
deobfusacator

Thread Tools
Display Modes

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off


Similar Threads
Thread Thread Starter Forum Replies Last Post
[C#] De4Dot GUI V0K3 Source Code 2 04-17-2015 06:07
Improve .NET Deobfuscator wilson bibe Community Tools 40 09-14-2014 23:44
De4Dot - Deobfuscator For .net kAy Reversing Software 0 10-09-2011 13:02
Kurapica .net Deobfuscator 0.2 newhope Reversing Software 5 01-26-2008 18:17


All times are GMT +8. The time now is 03:17.


ICP05004977
Always Your Best Friend: Aaron, JMI, ahmadmansoor, ZeNiX