gholam.illidan Posted June 10, 2015 Share Posted June 10, 2015 is there any tut or e-book for .net manual unpacking and deobfuscating? (google == nothing)and some e-book on .net DataStructure. my .net cracking skill is verywell but im sucks in deobfuscating. tnx Link to comment Share on other sites More sharing options...
XenocodeRCE Posted June 10, 2015 Share Posted June 10, 2015 https://github.com/XenocodeRCE?tab=repositories You can use dnlib, it's very strong. I may help you, not step by step, but I may. 2 Link to comment Share on other sites More sharing options...
gholam.illidan Posted June 10, 2015 Author Share Posted June 10, 2015 https://github.com/XenocodeRCE?tab=repositories You can use dnlib, it's very strong. I may help you, not step by step, but I may. First. tnx for replaying Secound. i saw the link and dnlib library, but i didnt know even the basics of deobfuscating. (i think these are useful when i know how to deobfuscate an assembly manually, then i use dnlib to write its deobfuscator. am i right?) Third. should i start with native unpacking or not?, cause there is lot of tuts here. Link to comment Share on other sites More sharing options...
XenocodeRCE Posted June 10, 2015 Share Posted June 10, 2015 Ok so I'll try to reply; Deobfuscation is more simple than Obfuscation. In fact, when you want to obfuscate a file, you have to think about how to encrypt things, where to put this method, how to call this one etc. Deobfuscating is more like looking at a road map, you have everything, the good layout, you only have to do the path in reverse.First of all you have to know about C# and programming. You can't reverse a path on a road map if you can't read it. Same for deobfuscation.It's past midnight here and I have exams this week. I may try to write a few lines about how to process, call it "ebook" if you want; for you this week-end.Learn. But please practice also, that's maybe the most important part. 3 Link to comment Share on other sites More sharing options...
gholam.illidan Posted June 11, 2015 Author Share Posted June 11, 2015 ok, i know c# well, i tried to deobfuscate and crack almost every .net files that i have just to learn even a little. so i learned things in cracking, but in deobfuscation i am just a dumbass :| i saw some tuts on how to deobfuscate some of obfuscators but i cant understand what exactle they do, so i just memorize the steps and do them like a BOT. for mention i missed my first exam that was 2days ago just because i was wake all night tring to crack a file protected with ConfEx 5, the only progress that i made was bypassing the packer. i will practice even more, at the end: thanks (a real Thanks ) for helping me. Link to comment Share on other sites More sharing options...
Derberux Posted June 11, 2015 Share Posted June 11, 2015 you must understand the IL code. of course you cannot start with Confuser ex 5 to start, download phoenix by daniel pistelli, and try to protect a program. manual deobfuscation is not something complex, you have just to analyze the IL code, read the ECMA 335 or ISO/IEC 23271:2012 the way to learn is practice and interest. btw, i wrote a tutorial some tme ago about how to decrypt constants manually. .NET Decrypt constants manually using PowerShell1.pdf 8 Link to comment Share on other sites More sharing options...
gholam.illidan Posted June 11, 2015 Author Share Posted June 11, 2015 (edited) .Alcatraz3222i know ilcode as much as i can crack almost every clean assembly, and yes confex in really big for me. (i didnt know which obfuscator is the easiest, so anytime im in the mood i just pick one obfuscator and try hard to deobfuscate it by myself, cause i have to start from somewhere, sadly no success yet :|) btw, i googled the cli ebooks and downloaded them, ill read them after my exams finished. thanks for your tut that was so clear and useful. Edited June 11, 2015 by gholam.illidan Link to comment Share on other sites More sharing options...
SameerRaj Posted May 11, 2016 Share Posted May 11, 2016 @Alcatraz3222 does using powershell can decrypt any constant obfuscated with any obfuscator??? Link to comment Share on other sites More sharing options...
cob_258 Posted May 12, 2016 Share Posted May 12, 2016 @SameerRaj some obfuscators use the calling method token to decrypt constants, the token is obtained with StackFrame, I'm not sure that you can simulate the stack with powershell so it appears that in this case it won't work. Link to comment Share on other sites More sharing options...
TheProxy RE Posted June 11, 2016 Share Posted June 11, 2016 Watch ubbelol tutorials on YouTube it will be helpful. I starter with these. after watching these i reccomend u to try deobing Yano Obfuscator sunce its sample 1 Link to comment Share on other sites More sharing options...
turkverisoft Posted March 31, 2020 Share Posted March 31, 2020 this video secret? Link to comment Share on other sites More sharing options...
kao Posted March 31, 2020 Share Posted March 31, 2020 @turkverisoft: Ubbelol removed all his videos years ago. They are gone. Link to comment Share on other sites More sharing options...
Hayokuma Posted May 18, 2020 Share Posted May 18, 2020 (edited) Here's the old content of Ubbelol. Edited May 23, 2020 by Teddy Rogers Uploaded all the old content in Downloads... 2 Link to comment Share on other sites More sharing options...
kao Posted May 18, 2020 Share Posted May 18, 2020 @Hayokuma: that's awesome, thank you! Ubbelol made 7 videos and you uploaded 2. Do you have the remaining ones as well? Link to comment Share on other sites More sharing options...
Hayokuma Posted May 18, 2020 Share Posted May 18, 2020 I haven't more videos from Ubbe, here's the full list BTW https://web.archive.org/web/20141008223240/https://www.youtube.com/user/UbbeLoLHF/ Videos are private in ubbe's channel, I guess he could share them with someone if requested. Link to comment Share on other sites More sharing options...
TheProxy RE Posted May 18, 2020 Share Posted May 18, 2020 Okay asked ubbe to make videos public again it should be fine now https://www.youtube.com/user/UbbeLoLHF/videos 1 Link to comment Share on other sites More sharing options...
Sangavi Posted May 18, 2020 Share Posted May 18, 2020 1 hour ago, TheProxy RE said: Okay asked ubbe to make videos public again it should be fine now https://www.youtube.com/user/UbbeLoLHF/videos The videos were available earlier also. I downloaded them in the past. Link to comment Share on other sites More sharing options...
kao Posted May 18, 2020 Share Posted May 18, 2020 Cool, thank you! I didn't know he's still around. Link to comment Share on other sites More sharing options...
ubbelol Posted May 19, 2020 Share Posted May 19, 2020 12 hours ago, kao said: Cool, thank you! I didn't know he's still around. Still around, but not really doing any RE nowadays. :) It truly is weird hearing yourself on video 8 years later.. 1 Link to comment Share on other sites More sharing options...
Kurapica Posted May 19, 2020 Share Posted May 19, 2020 3 hours ago, ubbelol said: Still around, but not really doing any RE nowadays. It truly is weird hearing yourself on video 8 years later.. Nice to see you again, we are all getting older now Link to comment Share on other sites More sharing options...
Recommended Posts
Create an account or sign in to comment
You need to be a member in order to leave a comment
Create an account
Sign up for a new account in our community. It's easy!
Register a new accountSign in
Already have an account? Sign in here.
Sign In Now