Thread: SMD For Agile
View Single Post
  #1  
Old 05-20-2019, 01:23
CodeCracker CodeCracker is online now
VIP
  
Join Date: Jun 2011
Posts: 466
Rept. Given: 27
Rept. Rcvd 404 Times in 132 Posts
Thanks Given: 21
Thanks Rcvd at 1,871 Times in 357 Posts
CodeCracker Reputation: 400-499 CodeCracker Reputation: 400-499 CodeCracker Reputation: 400-499 CodeCracker Reputation: 400-499 CodeCracker Reputation: 400-499
SMD For Agile
SimpleMSILDecryptorForAgile:
this tool decrypts methods of last version of Agile;
inspirited by duyan13 https://board.b-at-s.info/index.php?showtopic=9313

Two Frameworks are supported: Framework 2.0 and Framework 4.0;
Framework 4+ (latter Frameworks like 4.6.1 etc.) should be supported
by Framework 4.0:
Place Simple_MSIL_Decryptor.exe.config, SJITHook.dll and Simple_MSIL_Decryptor.exe
in the target program directory; start Simple_MSIL_Decryptor.exe
from NetBox 4.0 and try to decrypt target assembly;
if reports missing assemblies you should place them in the target
directory for being able to decrypt MSIL of those methods;
in the end undecrypted count should be 0.


Next step: unvirtualize Agile with de4dot:
This may not work for some targets!
After we decrypt MSIL we deobfuscate methods with de4dot v3.1.41592,
we just set decrypts methods to false so de4dot won't decrypt methods
by adding to de4dot.exe the parameter:
--an-methods false

in command line do:
de4dot.exe filename.exe --an-methods false
Attached Files
File Type: zip SMD_Agile.zip (185.4 KB, 77 views)
Reply With Quote
The Following 2 Users Gave Reputation+1 to CodeCracker For This Useful Post:
HooK (07-14-2019), yoza (05-29-2019)
The Following 15 Users Say Thank You to CodeCracker For This Useful Post:
0xNOP (02-23-2022), Bidasci (10-17-2022), cachito (05-23-2019), congviet (05-22-2019), embassy (02-29-2024), Fyyre (06-08-2019), h4sh3m (05-20-2019), HooK (07-14-2019), Indigo (07-19-2019), rooster1 (01-12-2023), wilson bibe (05-20-2019), yoza (05-29-2019), zionoobie (11-28-2023)