EXETOOLS FORUM  

Go Back   EXETOOLS FORUM > General > Community Tools

Notices

Reply
 
Thread Tools Display Modes
  #166  
Old 09-02-2015, 21:56
cachito cachito is online now
Friend
 
Join Date: Aug 2015
Location: argentina
Posts: 43
Rept. Given: 0
Rept. Rcvd 12 Times in 8 Posts
Thanks Given: 114
Thanks Rcvd at 38 Times in 23 Posts
cachito Reputation: 13
Upload exe and I will try for you
Reply With Quote
  #167  
Old 09-30-2015, 19:11
Black_Legion Black_Legion is offline
Friend
 
Join Date: May 2013
Posts: 21
Rept. Given: 7
Rept. Rcvd 5 Times in 4 Posts
Thanks Given: 26
Thanks Rcvd at 9 Times in 6 Posts
Black_Legion Reputation: 5
i have an exe which de4dot detects it as Unknown Obfuscator. class names, method names and member names are all like guids, and it uses "Call Hiding" obfuscating method.
anybody knows what obfuscator it may be?
Attached Images
File Type: jpg unknownobfuscator.jpg‎ (428.7 KB, 8 views)
Reply With Quote
  #168  
Old 10-01-2015, 01:07
giv's Avatar
giv giv is offline
VIP
 
Join Date: Jan 2011
Location: Romania
Posts: 1,619
Rept. Given: 794
Rept. Rcvd 1,261 Times in 549 Posts
Thanks Given: 182
Thanks Rcvd at 324 Times in 99 Posts
giv Reputation: 1100-1299 giv Reputation: 1100-1299 giv Reputation: 1100-1299 giv Reputation: 1100-1299 giv Reputation: 1100-1299 giv Reputation: 1100-1299 giv Reputation: 1100-1299 giv Reputation: 1100-1299 giv Reputation: 1100-1299
You can reserach witch obfuscator might be and add support to de4dot by yourself.
Just take a look here:
Quote:
http://mrexodia.cf/coding/2015/07/17/Extending-de4dot/
Reply With Quote
The Following User Says Thank You to giv For This Useful Post:
Black_Legion (10-01-2015)
  #169  
Old 10-01-2015, 14:33
Black_Legion Black_Legion is offline
Friend
 
Join Date: May 2013
Posts: 21
Rept. Given: 7
Rept. Rcvd 5 Times in 4 Posts
Thanks Given: 26
Thanks Rcvd at 9 Times in 6 Posts
Black_Legion Reputation: 5
as i researched into the obfuscators it seems that it has been obfuscated with something like "disguiser.net". is there any solution available for this one?
Reply With Quote
  #170  
Old 10-02-2015, 05:58
RDGMax's Avatar
RDGMax RDGMax is offline
rdgsoft.net
 
Join Date: Apr 2011
Location: rdgsoft.net
Posts: 57
Rept. Given: 5
Rept. Rcvd 140 Times in 23 Posts
Thanks Given: 4
Thanks Rcvd at 98 Times in 20 Posts
RDGMax Reputation: 100-199 RDGMax Reputation: 100-199
......................................
Reply With Quote
  #171  
Old 10-11-2015, 22:05
Black_Legion Black_Legion is offline
Friend
 
Join Date: May 2013
Posts: 21
Rept. Given: 7
Rept. Rcvd 5 Times in 4 Posts
Thanks Given: 26
Thanks Rcvd at 9 Times in 6 Posts
Black_Legion Reputation: 5
i found it with the help of kao
it was AppFuscator :-)
Reply With Quote
The Following User Says Thank You to Black_Legion For This Useful Post:
niculaita (10-11-2015)
  #172  
Old 10-12-2015, 00:27
giv's Avatar
giv giv is offline
VIP
 
Join Date: Jan 2011
Location: Romania
Posts: 1,619
Rept. Given: 794
Rept. Rcvd 1,261 Times in 549 Posts
Thanks Given: 182
Thanks Rcvd at 324 Times in 99 Posts
giv Reputation: 1100-1299 giv Reputation: 1100-1299 giv Reputation: 1100-1299 giv Reputation: 1100-1299 giv Reputation: 1100-1299 giv Reputation: 1100-1299 giv Reputation: 1100-1299 giv Reputation: 1100-1299 giv Reputation: 1100-1299
There are some tools for unpacking and string decrypting for this protector.
Reply With Quote
The Following User Says Thank You to giv For This Useful Post:
Black_Legion (10-12-2015)
  #173  
Old 12-21-2015, 01:08
Mahmoudnia's Avatar
Mahmoudnia Mahmoudnia is offline
Family
 
Join Date: Nov 2012
Location: Iran
Posts: 107
Rept. Given: 49
Rept. Rcvd 134 Times in 42 Posts
Thanks Given: 23
Thanks Rcvd at 24 Times in 14 Posts
Mahmoudnia Reputation: 100-199 Mahmoudnia Reputation: 100-199
Hi giv
i can not unpack this file with de4dot !
Quote:
http://www.p30office.com/index.php?sdmon=downloads/app-xoffice/SetupP30Office3-6-2-40630.zip
Quote:
POX.Shell.exe
may you help me ?
thanks
Reply With Quote
  #174  
Old 10-07-2016, 01:24
msi_g msi_g is offline
Friend
 
Join Date: Jul 2013
Location: .text/.rdata/.data/.rsrc!!
Posts: 15
Rept. Given: 3
Rept. Rcvd 5 Times in 2 Posts
Thanks Given: 14
Thanks Rcvd at 0 Times in 0 Posts
msi_g Reputation: 5
A newbie question indeed.. i used de4dot.exe to deobfuscate the attached folder usig -d flag it deobfuscated all obfuscated exes (crypto obfuscator) but the problem is no the program does not run rather hangs..

https://mega.nz/#!00QmSZYK!56oBkSL9-7pc9KsMKEr7lW4cftLLluTyKyL-erLqvpQ
Reply With Quote
  #175  
Old 10-07-2016, 01:44
sendersu sendersu is offline
VIP
 
Join Date: Oct 2010
Posts: 585
Rept. Given: 321
Rept. Rcvd 211 Times in 105 Posts
Thanks Given: 63
Thanks Rcvd at 80 Times in 31 Posts
sendersu Reputation: 200-299 sendersu Reputation: 200-299 sendersu Reputation: 200-299
>but the problem is no the program does not run rather hangs..

deobfuscating != correct run

you need to charge your mind and go to rabbit hole
Reply With Quote
  #176  
Old 10-07-2016, 03:11
Sound Sound is offline
Family
 
Join Date: Apr 2016
Location: TaiWan
Posts: 64
Rept. Given: 0
Rept. Rcvd 35 Times in 11 Posts
Thanks Given: 24
Thanks Rcvd at 193 Times in 45 Posts
Sound Reputation: 35
de4dot-Support.Reactor5.0-wuhensoft

http://crack.vc/RceTools/NET/de4dot-Support.Reactor5.0-wuhensoft.7z
Reply With Quote
The Following 2 Users Gave Reputation+1 to Sound For This Useful Post:
niculaita (10-07-2016), tonyweb (10-08-2016)
The Following 8 Users Say Thank You to Sound For This Useful Post:
Ghost0507 (10-21-2016), gsaralji (01-27-2017), ivanov (01-27-2017), niculaita (10-07-2016), NimDa2k (10-25-2016), pnta (10-08-2016), pps44 (10-08-2016), serseri_1453 (10-07-2016)
  #177  
Old 10-07-2016, 05:07
msi_g msi_g is offline
Friend
 
Join Date: Jul 2013
Location: .text/.rdata/.data/.rsrc!!
Posts: 15
Rept. Given: 3
Rept. Rcvd 5 Times in 2 Posts
Thanks Given: 14
Thanks Rcvd at 0 Times in 0 Posts
msi_g Reputation: 5
Hi all thanks for all! I unpacked it but the problem is my patching is nasty so license window appears frequently though it is not a big problem since you can put anything of proper length and get licensed!!

Is there a better solution?

https://mega.nz/#!E0gTCKCb!hFeYMsc40_9ftsh0O-5GU19WosWFTCn333RoGA2JYBc
Reply With Quote
  #178  
Old 01-16-2017, 22:55
nocturo nocturo is offline
Friend
 
Join Date: May 2016
Posts: 4
Rept. Given: 0
Rept. Rcvd 1 Time in 1 Post
Thanks Given: 3
Thanks Rcvd at 2 Times in 1 Post
nocturo Reputation: 1
I'm trying to use this, but it says unknown obfuscator and while it worked partially, most important stuff are still obfuscated and can't be browsed. Can anyone help? Here's the link to exe

https://mega.nz/#!awFjCIZL!FobLU14jimDuOKAv8MdEjzyU0Jg0haLiIQztSOv1ps0
Reply With Quote
  #179  
Old 01-21-2017, 18:45
simx simx is offline
Friend
 
Join Date: May 2012
Posts: 29
Rept. Given: 4
Rept. Rcvd 1 Time in 1 Post
Thanks Given: 19
Thanks Rcvd at 1 Time in 1 Post
simx Reputation: 1
You can force De4dot to select which de-obfuscation technique is to be used.
Reply With Quote
  #180  
Old 01-27-2017, 04:25
ivanov ivanov is offline
uninvited_guest
 
Join Date: Aug 2004
Location: Lubljana
Posts: 162
Rept. Given: 58
Rept. Rcvd 3 Times in 3 Posts
Thanks Given: 15
Thanks Rcvd at 1 Time in 1 Post
ivanov Reputation: 3
Quote:
Originally Posted by Sound View Post
de4dot-Support.Reactor5.0-wuhensoft

http://crack.vc/RceTools/NET/de4dot-Support.Reactor5.0-wuhensoft.7z
interesting, works perfect except still found something like "b0494a1f-4bd3-bFLN5Q3B5OEj76UB/UqymA==" in the Resources line.

Last edited by ivanov; 01-27-2017 at 04:33.
Reply With Quote
Reply

Tags
de4dot, deobfusacator

Thread Tools
Display Modes

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off


Similar Threads
Thread Thread Starter Forum Replies Last Post
[C#] De4Dot GUI V0K3 Source Code 2 04-17-2015 06:07


All times are GMT +8. The time now is 03:17.


ICP05004977
vBulletin Security provided by vBSecurity v2.2.0 (Lite) - vBulletin Mods & Addons Copyright © 2017 DragonByte Technologies Ltd.
Always Your Best Friend: Aaron, JMI, ahmadmansoor, ZeNiX