Jump to content
Tuts 4 You

String Decryption Help


andmuchmore

Recommended Posts

andmuchmore
Posted

Hey guys,

I am just learning the Mono.Cecil and trying to write a simple string decrypter / junk code remover and I have a couple of questions.

The methods that are added from the obfuscator are duplicated. Loop through the modules and remove the junk I only remove the junk from one instance. 

image.png.b73609cdd6d9774aec908a30604ecfc4.png

My first question how would I go about updating the token of the other methods to be the method with the junk code removed or what is the best practise for fixing this?

The other question is what is the best way to loop through and remove IL code from a binary. I am currently using NOP to remove the junk code (Line 98-106) but when I use mDef.Body.Instructions.Remove(mDef.Body.Instructions) it get errors as it doesn't seem to remove all the code. I am not sure if using a for loop and using instruction.Count is the problem. What is the best way to handle this?

I probably need a better understanding of how .NET binaries work but any help would be greatly appreciated.

Attached is an unpackme sample and my string decrypter source .

Thanks

 

deob.cs UnpackMeSimple.zip

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
×
×
  • Create New...