View Single Post
  #9  
Old 04-23-2017, 23:59
yologuy yologuy is offline
Friend
 
Join Date: Nov 2016
Posts: 18
Rept. Given: 0
Rept. Rcvd 0 Times in 0 Posts
Thanks Given: 5
Thanks Rcvd at 23 Times in 9 Posts
yologuy Reputation: 0
Searching a bit for Eazobfuscator deobf, I get something A bit more understable with StringDecryptor from CodeCracker and with de4dot. But that fucked all the string since now they are all eguals to "X0X". But with that I'm able to rename all the methode/class wich is usefull !

Then anyclue for string decryption would be appreciate. Thanks in advance !

EDIT: Ok looks like I success to unpack it with string decryption using
Code:
de4dot-x64.exe MyDll --strtyp delegate --strtok 06000198

For other peoples. I firstly run de4dot without anystring decryption(like that I can easily track wich method is used).
After I look at some GetEnvironmentVariable(which are called with a string).
And I saw all string are called by smethod_0(). So I simpy go to this function check his token with dnSpy And re run de4dot for string decryption.

Can be stupid but is there a way for Go to a specific token into dnSpy or reflector?
And is it possible to just add comment into a source code? It will really help me for reversing .

Anyway thanks you a lot guys !

Last edited by yologuy; 04-24-2017 at 01:17.
Reply With Quote
The Following 2 Users Say Thank You to yologuy For This Useful Post:
thanhtam1306 (11-29-2017), zionoobie (04-13-2020)