Exetools  

Go Back   Exetools > General > Community Tools

Notices

Reply
 
Thread Tools Display Modes
  #166  
Old 09-02-2015, 21:56
cachito cachito is offline
Friend
 
Join Date: Aug 2015
Location: argentina
Posts: 58
Rept. Given: 0
Rept. Rcvd 12 Times in 8 Posts
Thanks Given: 162
Thanks Rcvd at 81 Times in 44 Posts
cachito Reputation: 13
Upload exe and I will try for you
Reply With Quote
  #167  
Old 09-30-2015, 19:11
Black_Legion Black_Legion is offline
Friend
 
Join Date: May 2013
Posts: 22
Rept. Given: 7
Rept. Rcvd 5 Times in 4 Posts
Thanks Given: 40
Thanks Rcvd at 13 Times in 9 Posts
Black_Legion Reputation: 5
i have an exe which de4dot detects it as Unknown Obfuscator. class names, method names and member names are all like guids, and it uses "Call Hiding" obfuscating method.
anybody knows what obfuscator it may be?
Attached Images
File Type: jpg unknownobfuscator.jpg (428.7 KB, 14 views)
Reply With Quote
  #168  
Old 10-01-2015, 01:07
giv's Avatar
giv giv is offline
VIP
 
Join Date: Jan 2011
Location: Romania
Posts: 1,657
Rept. Given: 801
Rept. Rcvd 1,283 Times in 561 Posts
Thanks Given: 226
Thanks Rcvd at 562 Times in 240 Posts
giv Reputation: 1100-1299 giv Reputation: 1100-1299 giv Reputation: 1100-1299 giv Reputation: 1100-1299 giv Reputation: 1100-1299 giv Reputation: 1100-1299 giv Reputation: 1100-1299 giv Reputation: 1100-1299 giv Reputation: 1100-1299
You can reserach witch obfuscator might be and add support to de4dot by yourself.
Just take a look here:
Quote:
http://mrexodia.cf/coding/2015/07/17/Extending-de4dot/
Reply With Quote
The Following User Says Thank You to giv For This Useful Post:
Black_Legion (10-01-2015)
  #169  
Old 10-01-2015, 14:33
Black_Legion Black_Legion is offline
Friend
 
Join Date: May 2013
Posts: 22
Rept. Given: 7
Rept. Rcvd 5 Times in 4 Posts
Thanks Given: 40
Thanks Rcvd at 13 Times in 9 Posts
Black_Legion Reputation: 5
as i researched into the obfuscators it seems that it has been obfuscated with something like "disguiser.net". is there any solution available for this one?
Reply With Quote
  #170  
Old 10-02-2015, 05:58
RDGMax's Avatar
RDGMax RDGMax is offline
rdgsoft.net
 
Join Date: Apr 2011
Location: rdgsoft.net
Posts: 71
Rept. Given: 5
Rept. Rcvd 143 Times in 24 Posts
Thanks Given: 8
Thanks Rcvd at 144 Times in 31 Posts
RDGMax Reputation: 100-199 RDGMax Reputation: 100-199
......................................
Reply With Quote
  #171  
Old 10-11-2015, 22:05
Black_Legion Black_Legion is offline
Friend
 
Join Date: May 2013
Posts: 22
Rept. Given: 7
Rept. Rcvd 5 Times in 4 Posts
Thanks Given: 40
Thanks Rcvd at 13 Times in 9 Posts
Black_Legion Reputation: 5
i found it with the help of kao
it was AppFuscator :-)
Reply With Quote
The Following User Says Thank You to Black_Legion For This Useful Post:
niculaita (10-11-2015)
  #172  
Old 10-12-2015, 00:27
giv's Avatar
giv giv is offline
VIP
 
Join Date: Jan 2011
Location: Romania
Posts: 1,657
Rept. Given: 801
Rept. Rcvd 1,283 Times in 561 Posts
Thanks Given: 226
Thanks Rcvd at 562 Times in 240 Posts
giv Reputation: 1100-1299 giv Reputation: 1100-1299 giv Reputation: 1100-1299 giv Reputation: 1100-1299 giv Reputation: 1100-1299 giv Reputation: 1100-1299 giv Reputation: 1100-1299 giv Reputation: 1100-1299 giv Reputation: 1100-1299
There are some tools for unpacking and string decrypting for this protector.
Reply With Quote
The Following User Says Thank You to giv For This Useful Post:
Black_Legion (10-12-2015)
  #173  
Old 12-21-2015, 01:08
Mahmoudnia's Avatar
Mahmoudnia Mahmoudnia is offline
Family
 
Join Date: Nov 2012
Posts: 228
Rept. Given: 64
Rept. Rcvd 142 Times in 49 Posts
Thanks Given: 198
Thanks Rcvd at 282 Times in 97 Posts
Mahmoudnia Reputation: 100-199 Mahmoudnia Reputation: 100-199
Hi giv
i can not unpack this file with de4dot !
Quote:
http://www.p30office.com/index.php?sdmon=downloads/app-xoffice/SetupP30Office3-6-2-40630.zip
Quote:
POX.Shell.exe
may you help me ?
thanks
Reply With Quote
  #174  
Old 10-07-2016, 01:24
msi_g msi_g is offline
Friend
 
Join Date: Jul 2013
Location: .text/.rdata/.data/.rsrc!!
Posts: 18
Rept. Given: 3
Rept. Rcvd 5 Times in 2 Posts
Thanks Given: 20
Thanks Rcvd at 2 Times in 2 Posts
msi_g Reputation: 5
A newbie question indeed.. i used de4dot.exe to deobfuscate the attached folder usig -d flag it deobfuscated all obfuscated exes (crypto obfuscator) but the problem is no the program does not run rather hangs..

https://mega.nz/#!00QmSZYK!56oBkSL9-7pc9KsMKEr7lW4cftLLluTyKyL-erLqvpQ
Reply With Quote
  #175  
Old 10-07-2016, 01:44
sendersu sendersu is offline
VIP
 
Join Date: Oct 2010
Posts: 1,066
Rept. Given: 332
Rept. Rcvd 223 Times in 115 Posts
Thanks Given: 234
Thanks Rcvd at 512 Times in 288 Posts
sendersu Reputation: 200-299 sendersu Reputation: 200-299 sendersu Reputation: 200-299
>but the problem is no the program does not run rather hangs..

deobfuscating != correct run

you need to charge your mind and go to rabbit hole
Reply With Quote
  #176  
Old 10-07-2016, 03:11
Sound Sound is offline
Family
 
Join Date: Apr 2016
Location: TaiWan
Posts: 106
Rept. Given: 8
Rept. Rcvd 52 Times in 22 Posts
Thanks Given: 39
Thanks Rcvd at 421 Times in 97 Posts
Sound Reputation: 52
de4dot-Support.Reactor5.0-wuhensoft

http://crack.vc/RceTools/NET/de4dot-Support.Reactor5.0-wuhensoft.7z
Reply With Quote
The Following 2 Users Gave Reputation+1 to Sound For This Useful Post:
niculaita (10-07-2016), tonyweb (10-08-2016)
The Following 12 Users Say Thank You to Sound For This Useful Post:
dimosdimos (11-20-2017), Ghost0507 (10-21-2016), gsaralji (01-27-2017), ivanov (01-27-2017), lahma (07-22-2017), niculaita (10-07-2016), NimDa2k (10-25-2016), pnta (10-08-2016), pps44 (10-08-2016), rooster1 (05-22-2018), serseri_1453 (10-07-2016)
  #177  
Old 10-07-2016, 05:07
msi_g msi_g is offline
Friend
 
Join Date: Jul 2013
Location: .text/.rdata/.data/.rsrc!!
Posts: 18
Rept. Given: 3
Rept. Rcvd 5 Times in 2 Posts
Thanks Given: 20
Thanks Rcvd at 2 Times in 2 Posts
msi_g Reputation: 5
Hi all thanks for all! I unpacked it but the problem is my patching is nasty so license window appears frequently though it is not a big problem since you can put anything of proper length and get licensed!!

Is there a better solution?

https://mega.nz/#!E0gTCKCb!hFeYMsc40_9ftsh0O-5GU19WosWFTCn333RoGA2JYBc
Reply With Quote
  #178  
Old 01-16-2017, 22:55
nocturo nocturo is offline
Friend
 
Join Date: May 2016
Posts: 8
Rept. Given: 0
Rept. Rcvd 1 Time in 1 Post
Thanks Given: 6
Thanks Rcvd at 2 Times in 1 Post
nocturo Reputation: 1
I'm trying to use this, but it says unknown obfuscator and while it worked partially, most important stuff are still obfuscated and can't be browsed. Can anyone help? Here's the link to exe

https://mega.nz/#!awFjCIZL!FobLU14jimDuOKAv8MdEjzyU0Jg0haLiIQztSOv1ps0
Reply With Quote
  #179  
Old 01-21-2017, 18:45
simx simx is offline
Friend
 
Join Date: May 2012
Posts: 40
Rept. Given: 4
Rept. Rcvd 1 Time in 1 Post
Thanks Given: 30
Thanks Rcvd at 13 Times in 12 Posts
simx Reputation: 1
You can force De4dot to select which de-obfuscation technique is to be used.
Reply With Quote
  #180  
Old 01-27-2017, 04:25
ivanov ivanov is offline
uninvited_guest
 
Join Date: Aug 2004
Location: Lubljana
Posts: 178
Rept. Given: 58
Rept. Rcvd 3 Times in 3 Posts
Thanks Given: 43
Thanks Rcvd at 13 Times in 11 Posts
ivanov Reputation: 3
Quote:
Originally Posted by Sound View Post
de4dot-Support.Reactor5.0-wuhensoft

http://crack.vc/RceTools/NET/de4dot-Support.Reactor5.0-wuhensoft.7z
interesting, works perfect except still found something like "b0494a1f-4bd3-bFLN5Q3B5OEj76UB/UqymA==" in the Resources line.

Last edited by ivanov; 01-27-2017 at 04:33.
Reply With Quote
Reply

Tags
de4dot, deobfusacator

Thread Tools
Display Modes

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off


Similar Threads
Thread Thread Starter Forum Replies Last Post
[C#] De4Dot GUI V0K3 Source Code 2 04-17-2015 06:07


All times are GMT +8. The time now is 08:14.


Always Your Best Friend: Aaron, JMI, ahmadmansoor, ZeNiX, chessgod101
( 1998 - 2024 )