jallvar Posted May 17, 2015 Share Posted May 17, 2015 How to determine the method of obfuscation? Link to comment Share on other sites More sharing options...
Derberux Posted May 17, 2015 Share Posted May 17, 2015 well without take a look at the code it's not easy to determine what protection has been used, at first look looks like appfuscator, but not sure. Link to comment Share on other sites More sharing options...
noob.exe Posted May 17, 2015 Share Posted May 17, 2015 To me it also looks like Appfuscator.Check if you can find a method : int SomeName(Int32 num, Int32 num2, Int32 num3)in the Global Module Type, <Module>That method will only exist if it is Appfuscator and also string encryption has been applied.Otherwise you can use de4dot to rename the assembly.De4dot is preserving all important tokens, so the assembly should remain runable. 1 Link to comment Share on other sites More sharing options...
CodeExplorer Posted May 17, 2015 Share Posted May 17, 2015 (edited) int SomeName(Int32 num, Int32 num2, Int32 num3) should be: string SomeName(Int32 num, Int32 num2, Int32 num3) the method should return a string! Also the common method name is c Edited May 17, 2015 by CodeCracker Link to comment Share on other sites More sharing options...
jallvar Posted May 17, 2015 Author Share Posted May 17, 2015 Yes, method c exists how deobfuscation? Link to comment Share on other sites More sharing options...
CodeExplorer Posted May 18, 2015 Share Posted May 18, 2015 jallvar:Check this topic:https://forum.tuts4you.com/topic/37118-appfuscator-unpacking-tools/ The strange part is that Appfuscator calls the string decryption with some invalid int parameterswhen some beq conditions will lead there - probable that code shouldn't be reached.I still don't know how to fix this problem. Link to comment Share on other sites More sharing options...
li0nsar3c00l Posted May 18, 2015 Share Posted May 18, 2015 its defnetly appfuscator, because:-adding 14 fields to globaltype(7 int, 7 object)-string decryption with 3 int as params-incremental char renaming Link to comment Share on other sites More sharing options...
jallvar Posted May 19, 2015 Author Share Posted May 19, 2015 jallvar: Check this topic: https://forum.tuts4you.com/topic/37118-appfuscator-unpacking-tools/ The strange part is that Appfuscator calls the string decryption with some invalid int parameters when some beq conditions will lead there - probable that code shouldn't be reached. I still don't know how to fix this problem. It did not help. Link to comment Share on other sites More sharing options...
jallvar Posted May 21, 2015 Author Share Posted May 21, 2015 people, help!? Link to comment Share on other sites More sharing options...
Derberux Posted May 21, 2015 Share Posted May 21, 2015 people, help!? you're funny, asking help even when your question was resolved -Determine Obfuscation? -Appfuscator 98% -How to deobfuscate? -CodeCracker answered you, https://forum.tuts4you.com/topic/37128-how-to-determine-the-method-of-obfuscation/#entry174512 1 Link to comment Share on other sites More sharing options...
Recommended Posts
Create an account or sign in to comment
You need to be a member in order to leave a comment
Create an account
Sign up for a new account in our community. It's easy!
Register a new accountSign in
Already have an account? Sign in here.
Sign In Now