How to determine the method of obfuscation?

well without take a look at the code it's not easy to determine what protection has been used, at first look looks like appfuscator, but not sure.

To me it also looks like Appfuscator.

Check if you can find a method :

int SomeName(Int32 num, Int32 num2, Int32 num3)

in the Global Module Type, <Module>

That method will only exist if it is Appfuscator and also string encryption has been applied.

Otherwise you can use de4dot to rename the assembly.

De4dot is preserving all important tokens, so the assembly should remain runable.

int SomeName(Int32 num, Int32 num2, Int32 num3)

should be:

string SomeName(Int32 num, Int32 num2, Int32 num3)

the method should return a string!

Also the common method name is c

Edited May 17, 201510 yr by CodeCracker

Yes, method c exists

how deobfuscation?

 

jallvar:

Check this topic:

https://forum.tuts4you.com/topic/37118-appfuscator-unpacking-tools/

 

The strange part is that Appfuscator calls the string decryption with some invalid int parameters

when some beq conditions will lead there - probable that code shouldn't be reached.

I still don't know how to fix this problem.

its defnetly appfuscator, because:

-adding 14 fields to globaltype(7 int, 7 object)

-string decryption with 3 int as params

-incremental char renaming

jallvar:

Check this topic:

https://forum.tuts4you.com/topic/37118-appfuscator-unpacking-tools/

 

The strange part is that Appfuscator calls the string decryption with some invalid int parameters

when some beq conditions will lead there - probable that code shouldn't be reached.

I still don't know how to fix this problem.

 

It did not help.

 

people, help!?

people, help!?

you're funny, asking help even when your question was resolved

 

-Determine Obfuscation?

     -Appfuscator 98%

-How to deobfuscate?

     -CodeCracker answered you, https://forum.tuts4you.com/topic/37128-how-to-determine-the-method-of-obfuscation/#entry174512