Jump to content
Tuts 4 You

.Net Manual Deobfuscating


gholam.illidan

Recommended Posts

gholam.illidan

is there any tut or e-book for .net manual unpacking and deobfuscating? (google == nothing)


and some e-book on .net DataStructure.


 


my .net cracking skill is verywell but im sucks in deobfuscating.


 


tnx


Link to comment
gholam.illidan

https://github.com/XenocodeRCE?tab=repositories

 

You can use dnlib, it's very strong. I may help you, not step by step, but I may.

 

First. tnx for replaying

 

Secound. i saw the link and dnlib library, but i didnt know even the basics of deobfuscating. (i think these are useful when i know how to deobfuscate an assembly manually, then i use dnlib to write its deobfuscator. am i right?)

 

Third. should i start with native unpacking or not?, cause there is lot of tuts here.

Link to comment
XenocodeRCE

Ok so I'll try to reply;


 


  1. Deobfuscation is more simple than Obfuscation. In fact, when you want to obfuscate a file, you have to think about how to encrypt things, where to put this method, how to call this one etc. Deobfuscating is more like looking at a road map, you have everything, the good layout, you only have to do the path in reverse.
  2. First of all you have to know about C# and programming. You can't reverse a path on a road map if you can't read it. Same for deobfuscation.
  3. It's past midnight here and I have exams this week. I may try to write a few lines about how to process, call it "ebook" if you want; for you this week-end.
  4. Learn. But please practice also, that's maybe the most important part.
  • Like 3
Link to comment
gholam.illidan

ok,


 


i know c# well, i tried to deobfuscate and crack almost every .net files that i have just to learn even a little. so i learned things in cracking, but in deobfuscation i am just a dumbass  :|


 


i saw some tuts on how to deobfuscate some of obfuscators but i cant understand what exactle they do, so i just memorize the steps and do them like a BOT.


 


for mention i missed my first exam that was 2days ago just because i was wake all night tring to crack a file protected with ConfEx 5, the only progress that i made was bypassing the packer.


 


i will practice even more, at the end: thanks (a real Thanks ;)) for helping me.

Link to comment

you must understand the IL code.


 


of course you cannot start with Confuser ex 5 to start, download phoenix by daniel pistelli, and try to protect a program.


 


manual deobfuscation is not something complex, you have just to analyze the IL code, read the ECMA 335 or ISO/IEC 23271:2012


 


the way to learn is practice and interest.


 


btw, i wrote a tutorial some tme ago about how to decrypt constants manually.


 


 


.NET Decrypt constants manually using PowerShell1.pdf

  • Like 8
Link to comment
gholam.illidan

.Alcatraz3222


i know ilcode as much as i can crack almost every clean assembly, and yes confex in really big for me. (i didnt know which obfuscator is the easiest, so anytime im in the mood i just pick one obfuscator and try hard to deobfuscate it by myself, cause i have to start from somewhere, sadly no success yet :|)


 


btw, i googled the cli ebooks and downloaded them, ill read them after my exams finished.


 


thanks for your tut that was so clear and useful.


Edited by gholam.illidan
Link to comment
  • 10 months later...

@SameerRaj some obfuscators use the calling method token to decrypt constants, the token is obtained with StackFrame, I'm not sure that you can simulate the stack with powershell so it appears that in this case it won't work.

 

Link to comment
  • 5 weeks later...
TheProxy RE

Watch ubbelol tutorials on YouTube it will be helpful. I starter with these.

after watching these i reccomend u to try deobing Yano Obfuscator sunce its sample 

  • Like 1
Link to comment
  • 3 years later...
  • 1 month later...

Here's the old content of Ubbelol.

 

Edited by Teddy Rogers
Uploaded all the old content in Downloads...
  • Like 2
Link to comment
12 hours ago, kao said:

Cool, thank you! I didn't know he's still around.

 

Still around, but not really doing any RE nowadays. :)

It truly is weird hearing yourself on video 8 years later..

  • Like 1
Link to comment
3 hours ago, ubbelol said:

Still around, but not really doing any RE nowadays. :)

It truly is weird hearing yourself on video 8 years later..

Nice to see you again, we are all getting older now :D

Link to comment

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
×
×
  • Create New...