Jump to content
View in the app

A better way to browse. Learn more.
Tuts 4 You

A full-screen app on your home screen with push notifications, badges and more.

To install this app on iOS and iPadOS
  1. Tap the Share icon in Safari
  2. Scroll the menu and tap Add to Home Screen.
  3. Tap Add in the top-right corner.
To install this app on Android
  1. Tap the 3-dot menu (⋮) in the top-right corner of the browser.
  2. Tap Add to Home screen or Install app.
  3. Confirm by tapping Install.

Dotnet Reflection on obfuscated sample

Futex
Futex
in Programming and Coding

Featured Replies

Posted

Hi all,

I wanted to execute a fonction on a loaded assembly, my code run well on a normal assembly, but it's failed when i try it on a obfuscated one (rdg packer says .net crypter)

I list the string inside the binary like this: 

try
{
	Assembly asm = Assembly.LoadFrom(executable);

	foreach (Type type in asm.GetTypes())
	{

		foreach (MethodInfo method in type.GetMethods())
		{
			if (method.MetadataToken == testToken)
			{

				Type t = asm.GetType(type.FullName);

				var methodInfoStatic = t.GetMethod(method.Name);

				if (methodInfoStatic == null)
				{
					throw new Exception("No such static method exists.");
				}

				object[] constructorParameters = new object[0];

				var o = Activator.CreateInstance(t, constructorParameters);

				object[] parameters = new object[2];
				parameters[0] = 124;            
				parameters[1] = "Some text.";


				methodInfoStatic.Invoke(o, parameters);    
			}
		}
	}
}
catch (ReflectionTypeLoadException e) 
{ 
	throw new Exception(string.Format("Failed to load type due to the following:{0}{1}{0}", Environment.NewLine, string.Join(Environment.NewLine, e.LoaderExceptions.Select(le => le.ToString()).ToArray()))); 
}
catch (Exception ex)
{
	if (ex.Source != null)
		Console.WriteLine("DecryptString IOException source: {0}", ex.Message);
}

When i launch it on the obfuscated assembly i have these type of error on the line  foreach (Type type in asm.GetTypes());

  

Main IOException source: Failed to load type due to the following:
System.TypeLoadException: Could not load type 'cd1f1ff1-32e7-42a3-b836-f97c7529b0e7' from assembly 'DSKUY1SYB8EWZF4Z73LSC112J0BO92TISHQ8Y3T1, Version=0.0.0.0, Culture=neutral, PublicKeyToken=null'.
System.TypeLoadException: Could not load type '9265c019-154b-42b8-a817-e4687366c95d' from assembly 'DSKUY1SYB8EWZF4Z73LSC112J0BO92TISHQ8Y3T1, Version=0.0.0.0, Culture=neutral, PublicKeyToken=null'.
 
  A lot of same type functions

Example of some of the functions 

using System;

// Token: 0x02000044 RID: 68
internal class 9265c019-154b-42b8-a817-e4687366c95d : 9265c019-154b-42b8-a817-e4687366c95d
{
}

using System;

// Token: 0x02000043 RID: 67
internal class cd1f1ff1-32e7-42a3-b836-f97c7529b0e7 : cd1f1ff1-32e7-42a3-b836-f97c7529b0e7
{
}

Any idea how to correct that?

Thank you

I think you need to first call cctor and decrypt resources and load decrypted linked resource file. Is it confuserex?

  • Author

It's not confuser, rdg packer say .net crypter. I think it's just a generic crypter

There is no cctor in this binary, but there is a resource. Do you have an example of how to do it (for the resource and cctor for my curiosity)?

Rdg says not important can you upload sample ? Or give from PM?

Create an account or sign in to comment

Go to topic listing

Configure browser push notifications
Chrome (Android)
  1. Tap the lock icon next to the address bar.
  2. Tap Permissions → Notifications.
  3. Adjust your preference.
Chrome (Desktop)
  1. Click the padlock icon in the address bar.
  2. Select Site settings.
  3. Find Notifications and adjust your preference.