|
|
#1
07-27-2022, 21:09
|
|||
|
|||
|
Need help community
Hello Friends,
Need some directions or suggestions. Currently tasked at reversing a dot net executable, but it is obfuscated. Tried De4Dot but it does not reverse or provide something meaningful to process. DnSpy produces the decompiled source code which is filled with functions, variables starting with #=<long names>. Any idea which obfuscator was used in this case? I'm just trying to see if anyone could quickly guide in getting the name of the obfuscator so that I could proceed in that direction to reverse it. Some sample code to understand the above description : Code:
private static void #=zGud5JR$F5ZC4Uc23DVuPuwd27lFw(byte[] #=zHs8_4ViFvF5a2_w0qCR6llOqSSXU, int #=zgkLn5h$uSaTrZRI6KiV4dTI5c$kb, byte[] #=zDaQZNdRiqOTXtrgat4kX3ushtupG)
{
int i = 0;
int num = 0;
int num2 = 128;
int num3 = #=zDaQZNdRiqOTXtrgat4kX3ushtupG.Length;
while (i < num3)
{
if ((num2 <<= 1) == 256)
{
num2 = 1;
num = (int)#=zHs8_4ViFvF5a2_w0qCR6llOqSSXU[#=zgkLn5h$uSaTrZRI6KiV4dTI5c$kb++];
}
if ((num & num2) != 0)
{
int num4 = (#=zHs8_4ViFvF5a2_w0qCR6llOqSSXU[#=zgkLn5h$uSaTrZRI6KiV4dTI5c$kb] >> 2) + 3;
int num5 = (((int)#=zHs8_4ViFvF5a2_w0qCR6llOqSSXU[#=zgkLn5h$uSaTrZRI6KiV4dTI5c$kb] << 8) | (int)#=zHs8_4ViFvF5a2_w0qCR6llOqSSXU[#=zgkLn5h$uSaTrZRI6KiV4dTI5c$kb + 1]) & 1023;
#=zgkLn5h$uSaTrZRI6KiV4dTI5c$kb += 2;
int num6 = i - num5;
if (num6 < 0)
{
return;
}
while (--num4 >= 0 && i < num3)
{
#=zDaQZNdRiqOTXtrgat4kX3ushtupG[i++] = #=zDaQZNdRiqOTXtrgat4kX3ushtupG[num6++];
}
}
else
{
#=zDaQZNdRiqOTXtrgat4kX3ushtupG[i++] = #=zHs8_4ViFvF5a2_w0qCR6llOqSSXU[#=zgkLn5h$uSaTrZRI6KiV4dTI5c$kb++];
}
}
}
|
|
|
Similar Threads
|
||||
| Thread | Thread Starter | Forum | Replies | Last Post |
| TitanEngine Community Edition | mr.exodia | Community Tools | 7 | 06-21-2014 19:34 |
| Forum OllyDbg Community Down ?!? | Epsylon3 | General Discussion | 2 | 12-19-2005 03:09 |
Threaded Mode