Jump to content
Tuts 4 You

How to determine the method of obfuscation?


jallvar

Recommended Posts

well without take a look at the code it's not easy to determine what protection has been used, at first look looks like appfuscator, but not sure.


Link to comment

To me it also looks like Appfuscator.


Check if you can find a method :



int SomeName(Int32 num, Int32 num2, Int32 num3)

in the Global Module Type, <Module>


That method will only exist if it is Appfuscator and also string encryption has been applied.


Otherwise you can use de4dot to rename the assembly.


De4dot is preserving all important tokens, so the assembly should remain runable.

  • Like 1
Link to comment
CodeExplorer
int SomeName(Int32 num, Int32 num2, Int32 num3)

should be:

string SomeName(Int32 num, Int32 num2, Int32 num3)

the method should return a string!

Also the common method name is c

Edited by CodeCracker
Link to comment
li0nsar3c00l

its defnetly appfuscator, because:


-adding 14 fields to globaltype(7 int, 7 object)


-string decryption with 3 int as params


-incremental char renaming


Link to comment

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
×
×
  • Create New...