#1
|
|||
|
|||
SMD For Agile
SimpleMSILDecryptorForAgile:
this tool decrypts methods of last version of Agile; inspirited by duyan13 https://board.b-at-s.info/index.php?showtopic=9313 Two Frameworks are supported: Framework 2.0 and Framework 4.0; Framework 4+ (latter Frameworks like 4.6.1 etc.) should be supported by Framework 4.0: Place Simple_MSIL_Decryptor.exe.config, SJITHook.dll and Simple_MSIL_Decryptor.exe in the target program directory; start Simple_MSIL_Decryptor.exe from NetBox 4.0 and try to decrypt target assembly; if reports missing assemblies you should place them in the target directory for being able to decrypt MSIL of those methods; in the end undecrypted count should be 0. Next step: unvirtualize Agile with de4dot: This may not work for some targets! After we decrypt MSIL we deobfuscate methods with de4dot v3.1.41592, we just set decrypts methods to false so de4dot won't decrypt methods by adding to de4dot.exe the parameter: --an-methods false in command line do: de4dot.exe filename.exe --an-methods false |
The Following 15 Users Say Thank You to CodeCracker For This Useful Post: | ||
0xNOP (02-23-2022), Bidasci (10-17-2022), cachito (05-23-2019), congviet (05-22-2019), embassy (02-29-2024), Fyyre (06-08-2019), h4sh3m (05-20-2019), HooK (07-14-2019), Indigo (07-19-2019), rooster1 (01-12-2023), wilson bibe (05-20-2019), yoza (05-29-2019), zionoobie (11-28-2023) |
#2
|
|||
|
|||
Thanks for interesting tool
why it says on startup this? --------------------------- Warning --------------------------- GAC installation failed! --------------------------- OK --------------------------- |
#3
|
|||
|
|||
It will try to install the assembly on GAC (Global Assembly Cache):
https://en.wikipedia.org/wiki/Global_Assembly_Cache On Windows 7 or latter system will fail! So what you should do? You should Simple_MSIL_Decryptor.exe.config, SJITHook.dll and Simple_MSIL_Decryptor.exe to the target program directory; and ignore that warning! During Appdomain creating the program (Simple_MSIL_Decryptor.exe) try to loads itself; which fails it won't find proper file (Simple_MSIL_Decryptor.exe) in GAC or in current directory! http://www.adamtuliper.com/2009/12/adding-permissions-to-add-items-to-gac.html |
#5
|
|||
|
|||
Missing dlls:
AgileDotNetRT64.dll RevitAPI, Version=17.0.0.0, Culture=neutral, PublicKeyToken=null RevitAPIUI, Version=17.0.0.0, Culture=neutral, PublicKeyToken=null 0 undecrypted methods! File saved! So RevitAPI and RevitAPIUI must be placed in the program directory else some methods like: public Result Execute(ExternalCommandData commandData, ref string message, ElementSet elements); Declaring Type: ohM=.oRM= Assembly: DecryptMe, Version=1.0.0.0 If you have RevitAPI and RevitAPIUI please share them! |
The Following User Says Thank You to CodeCracker For This Useful Post: | ||
Indigo (07-19-2019) |
#6
|
|||
|
|||
Quote:
RevitAPI.dll: Quote:
Quote:
|
The Following User Says Thank You to congviet For This Useful Post: | ||
Indigo (07-19-2019) |
#7
|
|||
|
|||
Sorry but still can't do it: they are lots of missing referenced assemblies!
Those are part of Revit API 2017 x64 right? Is there any Revit API 2017 x32? |
The Following User Says Thank You to CodeCracker For This Useful Post: | ||
Indigo (07-19-2019) |
#8
|
|||
|
|||
Autodesk has only x64 version.
You can try the setup: Quote:
Quote:
|
The Following User Says Thank You to congviet For This Useful Post: | ||
Indigo (07-19-2019) |
#9
|
|||
|
|||
The unpacked file (msil decryted)
The unpacked file (msil decryted):
https://www80.zippyshare.com/v/Zp0cgvVz/file.html As for what I did: I created my own dlls RevitAPI.exe and RevitAPIUI.exe with only their constructions (classes/methods) for being able to unpack MSIL; let me know if the unpacked exe is ok; you got to also nop Agile constructors! |
#10
|
|||
|
|||
To decrypt strings runs the fallowing command:
de4dot filename --an-methods false --strtyp delegate --strtok 06000006 06000006 is the method which decrypt strings in this case. @congviet: Let me know if there is any undecrypted method or other problem! |
The Following User Says Thank You to CodeCracker For This Useful Post: | ||
Indigo (07-19-2019) |
#11
|
|||
|
|||
Quote:
2. This source code: Code:
using System; using System.Collections.Generic; using System.Linq; using System.Text; using System.Threading.Tasks; using Autodesk.Revit.ApplicationServices; using Autodesk.Revit.Attributes; using Autodesk.Revit.DB; using Autodesk.Revit.UI; using Autodesk.Revit.UI.Selection; namespace DecryptMe { [Transaction(TransactionMode.Manual)] [Regeneration(RegenerationOption.Manual)] public class Class1 : IExternalCommand { public Result Execute(ExternalCommandData commandData, ref string message, ElementSet elements) { //Get application and documnet objects UIApplication uiapp = commandData.Application; Document doc = uiapp.ActiveUIDocument.Document; //Define a reference Object to accept the pick result Reference pickedref = null; //Pick a group Selection sel = uiapp.ActiveUIDocument.Selection; pickedref = sel.PickObject(ObjectType.Element, "Please select a group"); Element elem = doc.GetElement(pickedref); Group group = elem as Group; //Pick point XYZ point = sel.PickPoint("Please pick a point to place group"); //Place the group Transaction trans = new Transaction(doc); trans.Start("Lab"); doc.Create.PlaceGroup(point, group.GroupType); trans.Commit(); return Result.Succeeded; } } } Code:
using System; using Autodesk.Revit.Attributes; using Autodesk.Revit.DB; using Autodesk.Revit.UI; using Autodesk.Revit.UI.Selection; namespace ns0 { [Regeneration(0)] [Transaction(1)] public class GClass0 : IExternalCommand { public Result Execute(ExternalCommandData commandData, ref string message, ElementSet elements) { Transaction transaction; for (;;) { int num = 睷.睷_0(-3); for (;;) { switch (num) { case 0: { UIApplication uiapplication; Selection selection = uiapplication.ActiveUIDocument.Selection; Reference reference_ = 睸.睸_0(selection, 1, "Please select a group"); Document document; Element element = 睹.睹_0(document, reference_); Group object_ = element as Group; num = 睷.睷_0(-2); continue; } case 1: goto IL_10D; case 2: { Selection selection; XYZ xyz_ = selection.PickPoint("Please pick a point to place group"); Document document; transaction = new Transaction(document); 睺.睺_0(transaction, "Lab"); Group object_; 睽.睽_0(睻.睻_0(document), xyz_, 睼.睼_0(object_)); num = 睷.睷_0(-1); continue; } case 3: { UIApplication uiapplication = 睾.睾_0(commandData); Document document = 瞀.瞀_0(睿.睿_0(uiapplication)); num = 睷.睷_0(0); continue; } } break; } } IL_10D: transaction.Commit(); return 0; } // Note: this type is marked as 'beforefieldinit'. static GClass0() { <AgileDotNetRT>.Initialize(); <AgileDotNetRT>.PostInitialize(); } } } Thank you very much. |
The Following User Says Thank You to congviet For This Useful Post: | ||
Indigo (07-19-2019) |
#12
|
|||
|
|||
Here are the two dlls
Here are the two dlls:
https://www67.zippyshare.com/v/3MW9QG87/file.html As for the Chinese characters those are some fields - delegates type! I rather not rename at all: the dll may not work after renaming! |
#13
|
|||
|
|||
I tried the file at
Quote:
Quote:
Quote:
|
The Following User Says Thank You to congviet For This Useful Post: | ||
Indigo (07-19-2019) |
#14
|
|||
|
|||
SMD for Agile with any CPU
@congviet:
Sorry for late reply. Compiled SMD for Agile with any CPU. Should load referenced (x64) assemblies just fine, of course they should be present in the target's program directory. Last edited by CodeCracker; 11-07-2023 at 19:52. |
The Following 11 Users Say Thank You to CodeCracker For This Useful Post: | ||
amatory (11-05-2023), Apuromafo (06-14-2019), congviet (06-14-2019), Indigo (07-19-2019), ksh (02-16-2020), sajan_saragam (02-24-2020), tonyweb (06-14-2019), wilson bibe (06-14-2019) |
#15
|
|||
|
|||
Quote:
I get an error when click the decrypt button. My OS is Win10Pro x64. |
The Following User Says Thank You to congviet For This Useful Post: | ||
Indigo (07-19-2019) |
Thread Tools | |
Display Modes | |
|
|
Similar Threads | ||||
Thread | Thread Starter | Forum | Replies | Last Post |
Unpack Agile.NET | Mendax47 | General Discussion | 2 | 06-28-2021 21:38 |
Agile.Net 6.4 Unpack | Hexcode | General Discussion | 7 | 11-30-2020 17:59 |