de4dot - Deobfuscator for .NET

[EHS4N]

Modified de4dot it now supports the latest version of .NET Reactor 4.9.7.0
all credits to SHADOW785

http://i58.tinypic.com/alq0xv.png

Code:

http://rghost.net/6ll86FcYf

BR

[Git]

If there was a special 'VIP' version of de4dot, I haven't seen anywhere.

Git

[leetone]

Quote:

Originally Posted by Git

If there was a special 'VIP' version of de4dot, I haven't seen anywhere.

Git

Good. That's how it should be. This is the post that prompted me to say that:

Quote:

Originally Posted by giv

For those who does not know all start when a private version was leaked from VIP area by a VIP of Exetools.

Don't worry.
Common obfuscations will always have a tool coded for deobfuscate.
Or you can start to learn I.L. and maybe make your own deobfuscator or modify de4dot to adapt to new requirements.

Anyways, I'm gonna check out this 4.9 reactor modded version posted above...very excited!

[Git]

"leaked from VIP area". This is precisely what I mean. There is no special version in the VIP area, and I don't recall ever seeing one there. I don't know where giv is getting his info.

Git

[daqstar]

Here is the latest Release:

[NoYes]

Quote:

Originally Posted by daqstar

Here is the latest Release:

Hello daqstar,
Can you tell us what's the difference between your post version and the 0xd4d's last release version, because the files version are the same.

[sendersu]

Quote:

Originally Posted by EHS4N

Modified de4dot it now supports the latest version of .NET Reactor 4.9.7.0
all credits to SHADOW785

http://i58.tinypic.com/alq0xv.png

Code:

http://rghost.net/6ll86FcYf

BR

does not recover following binary (supposing it is a new ver of .net reactor)

just says a ton of mesages like
.........
WARNING: Could not deobfuscate method 06000004. Hello, E.T.: System.ArgumentOutOfRangeException
.........
ERROR: Local/arg index doesn't fit in a UInt16
ERROR: Local/arg index doesn't fit in a UInt16
ERROR: Error calculating max stack value
ERROR: Local/arg index doesn't fit in a UInt16
ERROR: Local/arg index doesn't fit in a UInt16
..........


not sure if someone is interesting in reversing.....

[ahmadmansoor]

Yes it is new .net reactor .
I have Target protected .but it is for x64

Where is the special 'VIP' version of de4dot?

[mr.exodia]

Quote:

Originally Posted by speedboy

Where is the special 'VIP' version of de4dot?

There is none as mentioned various times in the thread.

[Sir.V65j]

Quote:

Originally Posted by ιvancιтooz

Today I bring all this de4dot, who works for the latest versions of CryptoObfuscator, PhoenixProtector and NetReactor , I hope you like it, if they have a problem tell me in the comments and I'll try solve.





Crypto With de4dot 3.4.1 without modded: http://prntscr.com/75gvxp

Crypto With this de4dot: http://prntscr.com/75gx1x



Target With CryptoObfuscator Build 150203: http://www74.zippysh...v3LGt/file.html

Target Cleaned With this de4dot: http://www14.zippysh...v849N/file.html



Credits to :

-SHADOW_UA for help me on .NetReactor

-TheProxy for PhoenixProtector and OrangeHeap

source Link

[mdj]

Quote:

Originally Posted by Sir.V65j

source Link

Updated:

- new support added to orangeheap
https://mega.co.nz/#!rRsj1b7S!nW9HOO...x9ykimkDV7ybVY

[leetone]

Hey guys, news on 5/16/2015
mr. EXODIA opened a new repository on github it's a fork of 0xd4d/de4dot -- and can be found here: https://github.com/mrexodia/de4dot

What is it?
Well, as of right now there are 2 branches. 'master' which is inline with the de4dot upstream, or 'dynamic-loading' which has 7-9 commits beyond master:
http://i.imgur.com/aM8ZoKG.png

Really good stuff....

[Hypnz]

Well done Mr.Exodia
Now de4dot has public sources as supposed to be

[mr.exodia]

@leetone: The new branch of interest is dynamic_loading_fix, which allows for dynamic deobfuscator module loading (making the spread of all these modified versions unnecessary since you can just give the dll required).