private MethodDef GenerateRefMethod(string methodName)
{
var refMethod = new MethodDefUser(
"_" + Guid.NewGuid().ToString("D").ToUpper().Substring(2, 5),
MethodSig.CreateStatic(_moduleDefMd.ImportAsTypeSig(typeof(double))),
MethodAttributes.Private | MethodAttributes.Static | MethodAttributes.HideBySig)
{
Signature = new MethodSig
{
Params = { _moduleDefMd.ImportAsTypeSig(typeof(double)) },
RetType = _moduleDefMd.ImportAsTypeSig(typeof(double))
}
};
var cil = new CilBody
{
Instructions =
{
OpCodes.Ldarg_0.ToInstruction(),
OpCodes.Call.ToInstruction(GetMethod(typeof(Math),
methodName, new[]{ typeof(double) })),
OpCodes.Stloc_0.ToInstruction(),
OpCodes.Ldloc_0.ToInstruction(),
OpCodes.Ret.ToInstruction()
}
};
refMethod.Body = cil;
refMethod.Body.Variables.Add(new Local(_moduleDefMd.ImportAsTypeSig(typeof(double))));
return(refMethod.ResolveMethodDef());
}
public void Obfuscate()
{
var i = 0;
_protectionses.ForEach(x => { Logger.Push($"{++i}) {x.Name}: {x.Description}"); });
Logger.Push("Select options: ", Logger.TypeLine.Default);
var prefers = Console.ReadLine()?.ToCharArray().Select(x => int.Parse(x.ToString()) - 1).ToList();
if (prefers != null)
{
foreach (var options in prefers)
{
_protectionses[options].Run(_moduleDefMd);
}
}
void Watermark()
{
Logger.Push("Watermarking...");
var attribute = new TypeDefUser("", "OctopusObfuscator",
_moduleDefMd.ImportAsTypeSig(typeof(Attribute)).ToTypeDefOrRef());
_moduleDefMd.Types.Add(attribute);
var body = new MethodDefUser(
"_" + Guid.NewGuid().ToString("n").ToUpper().Substring(2, 5),
MethodSig.CreateStatic(_moduleDefMd.ImportAsTypeSig(typeof(void))),
MethodAttributes.Static | MethodAttributes.Public);
attribute.Methods.Add(body);
_moduleDefMd.CustomAttributes.Add(new CustomAttribute(body));
}
Watermark();
SaveAssembly(_moduleDefMd);
_stopwatch.Stop();
Logger.Push($"Obfuscation task finished. Time elapsed: {_stopwatch.Elapsed}");
}
public void Run(ModuleDefMD moduleDefMd)
{
var memoryStream = new MemoryStream {
Position = 0
};
var antiTamperData = new AntiTamperData(moduleDefMd);
antiTamperData.Initialize();
var released = new List <Tuple <MethodDef, List <Instruction> > >();
foreach (var typeDef in moduleDefMd.GetTypes().Where(x => x.HasMethods && !x.IsGlobalModuleType))
{
foreach (var methodDef in typeDef.Methods.Where(x =>
x.HasBody && x.ReturnType == moduleDefMd.ImportAsTypeSig(typeof(void))))
{
var boolean = new Local(moduleDefMd.ImportAsTypeSig(typeof(bool)));
methodDef.Body.Variables.Add(boolean);
var instructions = methodDef.Body.Instructions;
instructions.Insert(0,
OpCodes.Newobj.ToInstruction(antiTamperData.GetMethod(".ctor")));
instructions.Insert(1, OpCodes.Ldc_I4.ToInstruction(0));
instructions.Insert(2, OpCodes.Callvirt.ToInstruction(antiTamperData.GetMethod("GetFrame")));
instructions.Insert(3, OpCodes.Callvirt.ToInstruction(antiTamperData.GetMethod("GetMethod")));
instructions.Insert(4, OpCodes.Callvirt.ToInstruction(antiTamperData.GetMethod("GetMethodBody")));
instructions.Insert(5,
OpCodes.Callvirt.ToInstruction(antiTamperData.GetMethod("GetILAsByteArray")));
instructions.Insert(6, OpCodes.Ldlen.ToInstruction());
instructions.Insert(7, OpCodes.Conv_I4.ToInstruction());
instructions.Insert(8, OpCodes.Ldc_I4.ToInstruction(methodDef.Body.GetILAsByteArray().Length));
instructions.Insert(9, OpCodes.Ceq.ToInstruction());
instructions.Insert(10, OpCodes.Stloc.ToInstruction(boolean));
instructions.Insert(11, OpCodes.Ldloc.ToInstruction(boolean));
instructions.Insert(12, OpCodes.Brfalse.ToInstruction(instructions[instructions.Count - 1]));
released.Add(new Tuple <MethodDef, List <Instruction> >(methodDef, instructions.ToList()));
}
}
moduleDefMd.Write(memoryStream);
released.ForEach(x =>
{
/* Overriding size of il, because new instructions have been added */
x.Item2[8].Operand = OpCodes.Ldc_I4;
x.Item2[8].Operand = GetIlLength((x.Item1, memoryStream.ToArray()));
});
}
public void Execute(ModuleDefMD moduleDefMD)
{
Console.ForegroundColor = ConsoleColor.Green;
Logger.Push($"{nameof(StringMelt)} working...");
Console.ForegroundColor = ConsoleColor.Gray;
int countFixed = 0;
var junkMethod = new List <MethodDef>();
foreach (var typeDef in moduleDefMD.GetTypes())
{
foreach (var methodDef in typeDef.Methods.Where(x => x.HasBody))
{
var instructions = methodDef.Body.Instructions;
for (int i = 0; i < instructions.Count; i++)
{
if (instructions[i].OpCode == OpCodes.Call &&
instructions[i].Operand is MethodDef refMethod && refMethod.ReturnType == moduleDefMD.ImportAsTypeSig(typeof(string)) && refMethod.IsStatic && refMethod.Body.Instructions.Count == 2)
{
instructions[i].OpCode = OpCodes.Ldstr;
instructions[i].Operand = refMethod.Body.Instructions.First().Operand.ToString();
junkMethod.Add(refMethod);
countFixed++;
}
}
}
foreach (var methodDef in junkMethod)
{
typeDef.Methods.Remove(methodDef);
}
junkMethod.Clear();
}
Logger.Push($"{nameof(StringMelt)} fixed: {countFixed}");
}
private static TypeDefUser GenerateTraceType(ModuleDefMD mod)
{
var traceType = new TypeDefUser(
typeof(SharpFuzz.Common.Trace).FullName,
mod.CorLibTypes.Object.TypeDefOrRef
);
traceType.Attributes = TypeAttributes.Public
| TypeAttributes.Abstract
| TypeAttributes.Sealed
| TypeAttributes.BeforeFieldInit;
var sharedMemField = new FieldDefUser(
nameof(Common.Trace.SharedMem),
new FieldSig(new PtrSig(mod.CorLibTypes.Byte)),
FieldAttributes.Public | FieldAttributes.Static
);
var prevLocationField = new FieldDefUser(
nameof(Common.Trace.PrevLocation),
new FieldSig(mod.CorLibTypes.Int32),
FieldAttributes.Public | FieldAttributes.Static
);
var onBranchField = new FieldDefUser(
nameof(Common.Trace.OnBranch),
new FieldSig(mod.ImportAsTypeSig(typeof(Action <int, string>))),
FieldAttributes.Public | FieldAttributes.Static
);
traceType.Fields.Add(sharedMemField);
traceType.Fields.Add(prevLocationField);
traceType.Fields.Add(onBranchField);
var cctorSig = MethodSig.CreateStatic(mod.CorLibTypes.Void);
var cctorImplFlags = MethodImplAttributes.IL | MethodImplAttributes.Managed;
var cctorFlags = MethodAttributes.Private
| MethodAttributes.HideBySig
| MethodAttributes.SpecialName
| MethodAttributes.RTSpecialName
| MethodAttributes.Static;
var cctor = new MethodDefUser(".cctor", cctorSig, cctorImplFlags, cctorFlags);
traceType.Methods.Add(cctor);
var body = new CilBody {
InitLocals = false, MaxStack = 1
};
cctor.Body = body;
var local = new Local(mod.CorLibTypes.IntPtr);
body.Variables.Add(local);
var marshalType = mod.Types.Single(type => type.FullName == typeof(Marshal).FullName);
var intPtrType = mod.Types.Single(type => type.FullName == typeof(IntPtr).FullName);
var allocHGlobal = marshalType.FindMethod(
nameof(Marshal.AllocHGlobal),
MethodSig.CreateStatic(mod.CorLibTypes.IntPtr,
mod.CorLibTypes.Int32)
);
var toPointer = intPtrType.FindMethod(
nameof(IntPtr.ToPointer),
MethodSig.CreateInstance(new PtrSig(mod.CorLibTypes.Void))
);
body.Instructions.Add(OpCodes.Ldc_I4.ToInstruction(MapSize));
body.Instructions.Add(OpCodes.Call.ToInstruction(allocHGlobal));
body.Instructions.Add(OpCodes.Stloc_0.ToInstruction());
body.Instructions.Add(OpCodes.Ldloca_S.ToInstruction(local));
body.Instructions.Add(OpCodes.Call.ToInstruction(toPointer));
body.Instructions.Add(OpCodes.Stsfld.ToInstruction(sharedMemField));
body.Instructions.Add(OpCodes.Ret.ToInstruction());
return(traceType);
}
