EXETOOLS FORUM  

Go Back   EXETOOLS FORUM > General > Community Tools

Notices

Reply
 
Thread Tools Display Modes
  #1  
Old 04-27-2014, 03:32
LordCoder LordCoder is offline
TEAM REiS
 
Join Date: May 2013
Location: TEAM REiS
Posts: 55
Rept. Given: 39
Rept. Rcvd 238 Times in 36 Posts
Thanks Given: 1
Thanks Rcvd at 11 Times in 5 Posts
LordCoder Reputation: 200-299 LordCoder Reputation: 200-299 LordCoder Reputation: 200-299
.NET Obfuscator Detector

Hello,

After a bit period of inactivity I come here with a new project.

As you know, DNiD is not updated. ProtectioniD has a bit of detection for .NET but not all the obfuscators. So I decided to create a new obfuscator detector (and because I don't know how to name my projects I just put that ).

Features:

-Good detection with +85% probability. It doesn't show a result if it's not sure.
-Gives clear information about which is/are the protector/s.
-It even gives information if it's a trial version and how many days are left.
-Drag and drop is enabled.
-Quickly access and check the obfuscator!

Currenctly it detects +20 obfuscators/packers/protectors.

Download it here: https://www.firedrive.com/file/D7D13E361752F551
__________________
TEAM REiS - Reverse Engineering iN Software
Reply With Quote
The Following 19 Users Gave Reputation+1 to LordCoder For This Useful Post:
besoeso (04-27-2014), chessgod101 (04-27-2014), cjack (04-27-2014), copyleft (04-27-2014), Ember (04-27-2014), Jhonjhon_123 (04-28-2014), kjms (04-27-2014), ontryit (04-28-2014), quygia128 (05-18-2014), riverstore (05-02-2014), sendersu (04-27-2014), serseri_1453 (04-27-2014), softgate (04-27-2014), TechLord (05-04-2014), TQN (04-27-2014), XorRanger (04-27-2014), zeuscane (04-27-2014), Zipdecode (04-27-2014)
The Following 2 Users Say Thank You to LordCoder For This Useful Post:
alephz (11-21-2016), WyvernX (12-07-2016)
  #2  
Old 04-27-2014, 17:23
serseri_1453 serseri_1453 is offline
Friend
 
Join Date: Mar 2014
Location: Turkey
Posts: 19
Rept. Given: 40
Rept. Rcvd 13 Times in 4 Posts
Thanks Given: 60
Thanks Rcvd at 0 Times in 0 Posts
serseri_1453 Reputation: 13
Thanks for the Program

Confuser know yet realase of walls does not recognize the
Net Reactor 3-4 does not recognize the version of

Multi-scan feature list in the form indicates that it is much better
Reply With Quote
The Following User Gave Reputation+1 to serseri_1453 For This Useful Post:
LordCoder (04-27-2014)
  #3  
Old 04-28-2014, 15:43
ontryit ontryit is offline
Friend
 
Join Date: Nov 2011
Posts: 129
Rept. Given: 128
Rept. Rcvd 17 Times in 14 Posts
Thanks Given: 188
Thanks Rcvd at 16 Times in 12 Posts
ontryit Reputation: 17
Lightbulb

Quote:
Originally Posted by LordCoder View Post
Hello,

After a bit period of inactivity I come here with a new project.

As you know, DNiD is not updated. ProtectioniD has a bit of detection for .NET but not all the obfuscators. So I decided to create a new obfuscator detector (and because I don't know how to name my projects I just put that ).

Features:

-Good detection with +85% probability. It doesn't show a result if it's not sure.
-Gives clear information about which is/are the protector/s.
-It even gives information if it's a trial version and how many days are left.
-Drag and drop is enabled.
-Quickly access and check the obfuscator!

Currenctly it detects +20 obfuscators/packers/protectors.

Download it here: https://www.firedrive.com/file/D7D13E361752F551
I think just simple name it "LordCoder Obfuscator Detector", its unique and good enogh
Reply With Quote
The Following User Gave Reputation+1 to ontryit For This Useful Post:
LordCoder (05-01-2014)
  #4  
Old 05-01-2014, 20:17
LordCoder LordCoder is offline
TEAM REiS
 
Join Date: May 2013
Location: TEAM REiS
Posts: 55
Rept. Given: 39
Rept. Rcvd 238 Times in 36 Posts
Thanks Given: 1
Thanks Rcvd at 11 Times in 5 Posts
LordCoder Reputation: 200-299 LordCoder Reputation: 200-299 LordCoder Reputation: 200-299
New version! I hope you like it . It's now stable and added more obfuscators:
Quote:
-Added njRAT:
-Gives information about hacker's IP, fake process and njRAT's version.
-Added DotNet Reactor
-Added context menu for Explorer
-Added "Check for updates" function
-Improved & fixed detection on ILProtector
-Fixed CryptoObfuscator detection
Download it here: https://www.firedrive.com/file/E468DCBBBAFB396C

Any bug found? Please report!
__________________
TEAM REiS - Reverse Engineering iN Software
Reply With Quote
The Following 2 Users Gave Reputation+1 to LordCoder For This Useful Post:
giv (05-02-2014), ontryit (05-02-2014)
  #5  
Old 05-01-2014, 21:40
LordCoder LordCoder is offline
TEAM REiS
 
Join Date: May 2013
Location: TEAM REiS
Posts: 55
Rept. Given: 39
Rept. Rcvd 238 Times in 36 Posts
Thanks Given: 1
Thanks Rcvd at 11 Times in 5 Posts
LordCoder Reputation: 200-299 LordCoder Reputation: 200-299 LordCoder Reputation: 200-299
Here the link: https://www.firedrive.com/file/38831938053F98FC
I removed the other one.
__________________
TEAM REiS - Reverse Engineering iN Software
Reply With Quote
The Following 7 Users Gave Reputation+1 to LordCoder For This Useful Post:
alekine322 (05-02-2014), leetone (05-02-2014), ontryit (05-02-2014), riverstore (05-02-2014), sendersu (05-02-2014), serseri_1453 (05-02-2014), zeuscane (05-02-2014)
  #6  
Old 05-02-2014, 01:56
lihanbok lihanbok is offline
Friend
 
Join Date: Apr 2014
Posts: 23
Rept. Given: 3
Rept. Rcvd 2 Times in 1 Post
Thanks Given: 5
Thanks Rcvd at 1 Time in 1 Post
lihanbok Reputation: 2
This is good tools. I will try it! Thank you so much!
Brs,'
li
Reply With Quote
  #7  
Old 05-02-2014, 15:43
riverstore riverstore is offline
Family
 
Join Date: Aug 2012
Posts: 47
Rept. Given: 111
Rept. Rcvd 40 Times in 17 Posts
Thanks Given: 22
Thanks Rcvd at 3 Times in 3 Posts
riverstore Reputation: 40
It's a good tool. Do you support Confuser? The tool can't detect a program packed by Confuser
Reply With Quote
The Following 2 Users Gave Reputation+1 to riverstore For This Useful Post:
LordCoder (05-04-2014), serseri_1453 (05-04-2014)
  #8  
Old 05-02-2014, 18:35
leetone's Avatar
leetone leetone is offline
Family
 
Join Date: Apr 2014
Location: The Bay Area, United States
Posts: 146
Rept. Given: 42
Rept. Rcvd 31 Times in 20 Posts
Thanks Given: 19
Thanks Rcvd at 24 Times in 12 Posts
leetone Reputation: 34
Quote:
Originally Posted by LordCoder View Post
Here the link: https://www.firedrive.com/file/38831938053F98FC
I removed the other one.
Much appreciated. I am so glad to have an updated obfuscation checker.
Reply With Quote
  #9  
Old 05-02-2014, 21:05
ontryit ontryit is offline
Friend
 
Join Date: Nov 2011
Posts: 129
Rept. Given: 128
Rept. Rcvd 17 Times in 14 Posts
Thanks Given: 188
Thanks Rcvd at 16 Times in 12 Posts
ontryit Reputation: 17
Lightbulb

Quote:
Originally Posted by LordCoder View Post
New version! I hope you like it . It's now stable and added more obfuscators:


Download it here: https://www.firedrive.com/file/E468DCBBBAFB396C

Any bug found? Please report!
Little suggesstion for the GUI, especially the Report Memo, you should add 'Clear Report' on the right context menu or automatically clear the previous report when load a new .NET Assemblies.

Why there no -> [Language: ... ] item report like the screenshot you put on tuts4you?

Thank you
Reply With Quote
  #10  
Old 05-04-2014, 03:26
LordCoder LordCoder is offline
TEAM REiS
 
Join Date: May 2013
Location: TEAM REiS
Posts: 55
Rept. Given: 39
Rept. Rcvd 238 Times in 36 Posts
Thanks Given: 1
Thanks Rcvd at 11 Times in 5 Posts
LordCoder Reputation: 200-299 LordCoder Reputation: 200-299 LordCoder Reputation: 200-299
Quote:
Originally Posted by riverstore View Post
It's a good tool. Do you support Confuser? The tool can't detect a program packed by Confuser
Oh forgot to add the packer option. Thanks for the report!

Quote:
Originally Posted by ontryit View Post
Little suggesstion for the GUI, especially the Report Memo, you should add 'Clear Report' on the right context menu or automatically clear the previous report when load a new .NET Assemblies.

Why there no -> [Language: ... ] item report like the screenshot you put on tuts4you?

Thank you
Thanks for the feature. I will add it for the next version. That language menu was a demo I made. I will implement language options for the next release.
__________________
TEAM REiS - Reverse Engineering iN Software
Reply With Quote
The Following 4 Users Gave Reputation+1 to LordCoder For This Useful Post:
Dreamer (05-04-2014), ontryit (05-05-2014), riverstore (05-05-2014)
  #11  
Old 05-04-2014, 17:11
serseri_1453 serseri_1453 is offline
Friend
 
Join Date: Mar 2014
Location: Turkey
Posts: 19
Rept. Given: 40
Rept. Rcvd 13 Times in 4 Posts
Thanks Given: 60
Thanks Rcvd at 0 Times in 0 Posts
serseri_1453 Reputation: 13
This topic packleri if we add, it's more comfortable for you, so that the individual they do not add in bulk, you will be added. In particular, this version attention if you will be more comfortable "smart assembly" , "net reactor" , "confuser", etc

http://forum.exetools.com/showthread.php?p=91204#post91204

Multi-while browsing, to log you can add a recording.
Reply With Quote
  #12  
Old 05-07-2014, 10:27
heima911
 
Posts: n/a
.NET Obfuscator Detector

Quote:
Originally Posted by LordCoder View Post
Oh forgot to add the packer option. Thanks for the report!



Thanks for the feature. I will add it for the next version. That language menu was a demo I made. I will implement language options for the next release.

. NET Obfuscator Detector, you can give the latest version of downloading? Thank you
Reply With Quote
  #13  
Old 05-14-2014, 18:56
Alcatraz3222
 
Posts: n/a
work really fine, thank you LordCoder, @riverstore for me also not detect confuser, i guess it is not added, anyway is a good detector for NET
Reply With Quote
  #14  
Old 05-18-2014, 14:02
0xd0000 0xd0000 is offline
Family
 
Join Date: Nov 2013
Posts: 37
Rept. Given: 2
Rept. Rcvd 35 Times in 13 Posts
Thanks Given: 5
Thanks Rcvd at 0 Times in 0 Posts
0xd0000 Reputation: 35
I was going to slip a bit of code into your app so I could integrate with the context menu, but realize your still in Beta and and likely adding tons of features.

I used to work the scene with author of DNID - I'm glad to see someone else pick up where he left off.

Request if you have time - Add File Arguments so it could be passed any file, rasher then dealing with drag and drop.

Something simple...

string[] args = Environment.GetCommandLineArgs();
Reply With Quote
  #15  
Old 08-09-2014, 06:09
Mahmoudnia's Avatar
Mahmoudnia Mahmoudnia is offline
Family
 
Join Date: Nov 2012
Location: Iran
Posts: 106
Rept. Given: 49
Rept. Rcvd 134 Times in 42 Posts
Thanks Given: 14
Thanks Rcvd at 20 Times in 13 Posts
Mahmoudnia Reputation: 100-199 Mahmoudnia Reputation: 100-199
Changes from 0.1 to 0.2
=======================
-Added xRAT
-Gives full info about it (like njRAT).
-Improved some detections.
-Some others I don't remember :P

http://www.firedrive.com/file/46116551681C3349
Reply With Quote
The Following User Gave Reputation+1 to Mahmoudnia For This Useful Post:
TQN (08-09-2014)
Reply

Thread Tools
Display Modes

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off


Similar Threads
Thread Thread Starter Forum Replies Last Post
# RDG Packer Detector # RDGMax Community Tools 28 01-14-2017 06:36
The Best Enc / Com DETECTOR How2Crack General Discussion 2 07-26-2002 02:11


All times are GMT +8. The time now is 15:31.


ICP05004977
vBulletin Security provided by vBSecurity v2.2.0 (Lite) - vBulletin Mods & Addons Copyright © 2017 DragonByte Technologies Ltd.
Always Your Best Friend: Aaron, JMI, ahmadmansoor, ZeNiX