Derberux Posted May 17, 2015 Posted May 17, 2015 well without take a look at the code it's not easy to determine what protection has been used, at first look looks like appfuscator, but not sure.
noob.exe Posted May 17, 2015 Posted May 17, 2015 To me it also looks like Appfuscator.Check if you can find a method : int SomeName(Int32 num, Int32 num2, Int32 num3)in the Global Module Type, <Module>That method will only exist if it is Appfuscator and also string encryption has been applied.Otherwise you can use de4dot to rename the assembly.De4dot is preserving all important tokens, so the assembly should remain runable. 1
CodeExplorer Posted May 17, 2015 Posted May 17, 2015 (edited) Quote int SomeName(Int32 num, Int32 num2, Int32 num3) should be: string SomeName(Int32 num, Int32 num2, Int32 num3) the method should return a string! Also the common method name is c Edited May 17, 2015 by CodeCracker
CodeExplorer Posted May 18, 2015 Posted May 18, 2015 jallvar:Check this topic:https://forum.tuts4you.com/topic/37118-appfuscator-unpacking-tools/ The strange part is that Appfuscator calls the string decryption with some invalid int parameterswhen some beq conditions will lead there - probable that code shouldn't be reached.I still don't know how to fix this problem.
li0nsar3c00l Posted May 18, 2015 Posted May 18, 2015 its defnetly appfuscator, because:-adding 14 fields to globaltype(7 int, 7 object)-string decryption with 3 int as params-incremental char renaming
jallvar Posted May 19, 2015 Author Posted May 19, 2015 On 5/18/2015 at 4:27 PM, CodeCracker said: jallvar: Check this topic: https://forum.tuts4you.com/topic/37118-appfuscator-unpacking-tools/ The strange part is that Appfuscator calls the string decryption with some invalid int parameters when some beq conditions will lead there - probable that code shouldn't be reached. I still don't know how to fix this problem. It did not help.
Derberux Posted May 21, 2015 Posted May 21, 2015 On 5/21/2015 at 12:36 PM, jallvar said: people, help!? you're funny, asking help even when your question was resolved -Determine Obfuscation? -Appfuscator 98% -How to deobfuscate? -CodeCracker answered you, https://forum.tuts4you.com/topic/37128-how-to-determine-the-method-of-obfuscation/#entry174512 1
Recommended Posts
Create an account or sign in to comment
You need to be a member in order to leave a comment
Create an account
Sign up for a new account in our community. It's easy!
Register a new accountSign in
Already have an account? Sign in here.
Sign In Now