Beispiel #1
0
 public void ReferenceReplace(MethodDef method)
 {
     method.Body.SimplifyBranches();
     if (Keys.ContainsKey(method.RVA))
     {
         List <Tuple <int, int, int> > keys = Keys[method.RVA];
         keys.Reverse();
         foreach (Tuple <int, int, int> v in keys)
         {
             // Experimental renamer
             method.Body.Instructions[v.Item1].Operand = Renamer.GetRandomName();
             method.Body.Instructions.Insert(v.Item1 + 1, new Instruction(OpCodes.Ldc_I4, v.Item2));
             method.Body.Instructions.Insert(v.Item1 + 2, new Instruction(OpCodes.Ldc_I4, v.Item3));
             method.Body.Instructions.Insert(v.Item1 + 3, new Instruction(OpCodes.Call, Decryptor));
         }
     }
     method.Body.OptimizeBranches();
 }
Beispiel #2
0
        public void Execute(ModuleDefMD md)
        {
            var      consttype = RuntimeHelper.GetRuntimeType("AsStrongAsFuck.Runtime.Constants");
            FieldDef field     = consttype.FindField("array");

            Renamer.Rename(field, Renamer.RenameMode.Base64, 2);
            field.DeclaringType = null;
            foreach (TypeDef type in md.Types)
            {
                foreach (MethodDef method in type.Methods)
                {
                    if (method.HasBody && method.Body.HasInstructions)
                    {
                        ExtractStrings(method);
                    }
                }
            }
            md.GlobalType.Fields.Add(field);
            MethodDef todef = consttype.FindMethod("Get");

            todef.DeclaringType = null;
            todef.Body.Instructions[59].Operand = field;
            Renamer.Rename(todef, Renamer.RenameMode.Logical);
            md.GlobalType.Methods.Add(todef);
            MethodDef init = consttype.FindMethod("Initialize");
            MethodDef add  = consttype.FindMethod("Set");

            init.DeclaringType = null;
            init.Body.Instructions[3].Operand = field;
            List <Instruction> insts = new List <Instruction>(add.Body.Instructions);

            insts[1].Operand = field;
            insts[insts.Count - 1].OpCode = OpCodes.Nop;
            insts.RemoveAt(0);
            insts[1].OpCode = OpCodes.Ldc_I4;
            insts[2].OpCode = OpCodes.Ldc_I4;

            var compressed = Compress(array.ToArray());


            for (int i = 0; i < compressed.Length; i++)
            {
                insts[1].Operand = i;
                insts[2].Operand = Convert.ToInt32(compressed[i]);
                for (int x = insts.Count - 1; x >= 0; x--)
                {
                    init.Body.Instructions.Insert(4, new Instruction(insts[x].OpCode, insts[x].Operand));
                }
            }
            init.Body.Instructions[init.Body.Instructions.Count - 1 - 1].Operand  = field;
            init.Body.Instructions[init.Body.Instructions.Count - 1 - 99].Operand = field;
            Renamer.Rename(init, Renamer.RenameMode.Base64, 2);
            md.GlobalType.Methods.Add(init);
            Decryptor = todef;
            MethodDef cctor = md.GlobalType.FindOrCreateStaticConstructor();

            cctor.Body = new CilBody();
            cctor.Body.Instructions.Add(new Instruction(OpCodes.Ldc_I4, compressed.Length));
            cctor.Body.Instructions.Add(new Instruction(OpCodes.Call, init));
            cctor.Body.Instructions.Add(new Instruction(OpCodes.Ret));
            foreach (TypeDef type2 in md.Types)
            {
                foreach (MethodDef method2 in type2.Methods)
                {
                    if (method2.HasBody && method2.Body.HasInstructions)
                    {
                        ReferenceReplace(method2);
                    }
                }
            }
        }
Beispiel #3
0
        public void ExecuteMethod(MethodDef method)
        {
            for (int i = 0; i < method.Body.Instructions.Count; i++)
            {
                var instr = method.Body.Instructions[i];
                if (instr.OpCode == OpCodes.Call)
                {
                    var target = (IMethod)instr.Operand;
                    if (!target.ResolveMethodDefThrow().IsPublic || !target.ResolveMethodDefThrow().IsStatic || !target.DeclaringType.ResolveTypeDef().IsPublic || target.DeclaringType.ResolveTypeDef().IsSealed)
                    {
                        continue;
                    }

                    var       key = target.FullName;
                    MethodDef value;
                    if (!Proxies.TryGetValue(key, out value))
                    {
                        var consttype = RuntimeHelper.GetRuntimeType("AsStrongAsFuck.Runtime.RefProxy");

                        var proxysig = ReferenceProxyHelper.CreateProxySignature(target, method.Module);

                        var deleg = ReferenceProxyHelper.CreateDelegateType(proxysig, method.Module, target.ResolveMethodDef());

                        FieldDefUser field = new FieldDefUser("ZYXDNGuarder", new FieldSig(deleg.ToTypeSig()));

                        Renamer.Rename(field, Renamer.RenameMode.Base64);
                        method.DeclaringType.Fields.Add(field);
                        field.IsStatic = true;

                        var typedef = target.ResolveMethodDefThrow().DeclaringType;

                        var mdtoken = target.ResolveMethodDef().MDToken;
                        var asshole = consttype.Methods.First(x => x.Name == "Load");
                        asshole.Body.Instructions[1].Operand  = deleg;
                        asshole.Body.Instructions[3].Operand  = method.Module.Import(typedef);
                        asshole.Body.Instructions[6].OpCode   = OpCodes.Ldc_I4;
                        asshole.Body.Instructions[6].Operand  = (int)mdtoken.Raw;
                        asshole.Body.Instructions[10].Operand = deleg;
                        asshole.Body.Instructions[11].Operand = field;
                        asshole.Body.Instructions.RemoveAt(12);

                        var cctor = method.DeclaringType.FindOrCreateStaticConstructor();
                        foreach (var item in asshole.Body.Instructions)
                        {
                            cctor.Body.Instructions.Add(item);
                        }

                        if (cctor.Body.Instructions[0].OpCode == OpCodes.Ret)
                        {
                            cctor.Body.Instructions.RemoveAt(0);
                        }


                        var proxy = new MethodDefUser(Renamer.GetRandomName(), proxysig);

                        proxy.Attributes     = MethodAttributes.PrivateScope | MethodAttributes.Static;
                        proxy.ImplAttributes = MethodImplAttributes.Managed | MethodImplAttributes.IL;

                        method.DeclaringType.Methods.Add(proxy);

                        proxy.Body = new CilBody();
                        proxy.Body.Instructions.Add(Instruction.Create(OpCodes.Ldsfld, field));
                        for (int x = 0; x < target.ResolveMethodDefThrow().Parameters.Count; x++)
                        {
                            proxy.Body.Instructions.Add(Instruction.Create(OpCodes.Ldarg, proxy.Parameters[x]));
                        }
                        proxy.Body.Instructions.Add(Instruction.Create(OpCodes.Callvirt, deleg.FindMethod("Invoke")));
                        proxy.Body.Instructions.Add(Instruction.Create(OpCodes.Ret));

                        value = proxy;
                        Proxies.Add(key, value);
                    }
                    Console.WriteLine($"{key} - {value}");
                    instr.Operand = value;
                }
            }
        }
        public void Watermark()
        {
            Console.WriteLine("Watermarking...");
            var attrType = new TypeDefUser("", "MoneydevAttribute");

            Module.Types.Add(attrType);
            var attrType2 = new TypeDefUser("", "BabelObfuscatorAttribute", Module.CorLibTypes.GetTypeRef("System", "Attribute"));

            Module.Types.Add(attrType2);
            var attrType3 = new TypeDefUser("", "Beds-Protector", Module.CorLibTypes.GetTypeRef("System", "Attribute"));

            Module.Types.Add(attrType3);
            var attrType4 = new TypeDefUser("", "ConfusedByAttribute", Module.CorLibTypes.GetTypeRef("System", "Attribute"));

            Module.Types.Add(attrType4);
            var attrType5 = new TypeDefUser("", "CryptoObfuscator.ProtectedWithCryptoObfuscatorAttribute", Module.CorLibTypes.GetTypeRef("System", "Attribute"));

            Module.Types.Add(attrType5);
            var attrType6 = new TypeDefUser("", "DotfuscatorAttribute", Module.CorLibTypes.GetTypeRef("System", "Attribute"));

            Module.Types.Add(attrType6);
            var attrType7 = new TypeDefUser("", "EMyPID_8234_", Module.CorLibTypes.GetTypeRef("System", "Attribute"));

            Module.Types.Add(attrType7);
            var attrType8 = new TypeDefUser("", "moneydev", Module.CorLibTypes.GetTypeRef("System", "Attribute"));

            Module.Types.Add(attrType8);
            var attrType9 = new TypeDefUser("", "NETGuard", Module.CorLibTypes.GetTypeRef("System", "Attribute"));

            Module.Types.Add(attrType9);
            var attrType10 = new TypeDefUser("", "NineRays.Obfuscator.Evaluation", Module.CorLibTypes.GetTypeRef("System", "Attribute"));

            Module.Types.Add(attrType10);
            var attrType11 = new TypeDefUser("", "ObfuscatedByGoliath", Module.CorLibTypes.GetTypeRef("System", "Attribute"));

            Module.Types.Add(attrType11);
            var attrType12 = new TypeDefUser("", "OiCuntJollyGoodDayYeHavin_____________________________________________________", Module.CorLibTypes.GetTypeRef("System", "Attribute"));

            Module.Types.Add(attrType12);
            var attrType13 = new TypeDefUser("", "Reactor", Module.CorLibTypes.GetTypeRef("System", "Attribute"));

            Module.Types.Add(attrType13);
            var attrType14 = new TypeDefUser("", "SecureTeam.Attributes.ObfuscatedByAgileDotNetAttribute", Module.CorLibTypes.GetTypeRef("System", "Attribute"));

            Module.Types.Add(attrType14);
            var attrType15 = new TypeDefUser("", "SkidfuscatorAttribute", Module.CorLibTypes.GetTypeRef("System", "Attribute"));

            Module.Types.Add(attrType15);
            var attrType16 = new TypeDefUser("", "SmartAssembly.Attributes.PoweredByAttribute", Module.CorLibTypes.GetTypeRef("System", "Attribute"));

            Module.Types.Add(attrType16);
            var attrType17 = new TypeDefUser("", "VMProtect", Module.CorLibTypes.GetTypeRef("System", "Attribute"));

            Module.Types.Add(attrType17);
            var attrType18 = new TypeDefUser("", "VMProtectAttribute", Module.CorLibTypes.GetTypeRef("System", "Attribute"));

            Module.Types.Add(attrType18);
            var attrType19 = new TypeDefUser("", "Xenocode.Client.Attributes.AssemblyAttributes.ProcessedByXenocode", Module.CorLibTypes.GetTypeRef("System", "Attribute"));

            Module.Types.Add(attrType19);
            var attrType20 = new TypeDefUser("", "YanoAttribute", Module.CorLibTypes.GetTypeRef("System", "Attribute"));

            Module.Types.Add(attrType20);
            var attrType21 = new TypeDefUser("", "ZYXDNGuarder", Module.CorLibTypes.GetTypeRef("System", "Attribute"));

            Module.Types.Add(attrType21);
            var attrType22 = new TypeDefUser("", "<Module>{5463E459-C078-4545-9554-6B8CC9042999}", Module.CorLibTypes.GetTypeRef("System", "Attribute"));

            Module.Types.Add(attrType22);
            var attrType23 = new TypeDefUser("", "ILLicenseModule", Module.CorLibTypes.GetTypeRef("System", "Attribute"));

            Module.Types.Add(attrType23);
            var attrType24 = new TypeDefUser("", "de4fuckyou", Module.CorLibTypes.GetTypeRef("System", "Attribute"));

            Module.Types.Add(attrType24);
            var attrType25 = new TypeDefUser("", "NetShield", Module.CorLibTypes.GetTypeRef("System", "Attribute"));

            Module.Types.Add(attrType25);
            var attrType26 = new TypeDefUser("", "CrytpoObfuscator", Module.CorLibTypes.GetTypeRef("System", "Attribute"));

            Module.Types.Add(attrType26);
            var attrType27 = new TypeDefUser("", "CryptoObfuscator", Module.CorLibTypes.GetTypeRef("System", "Attribute"));

            Module.Types.Add(attrType27);
            var attrType28 = new TypeDefUser("", ".NETReactorAttribute", Module.CorLibTypes.GetTypeRef("System", "Attribute"));

            Module.Types.Add(attrType28);
            var attrType29 = new TypeDefUser("", "MaxtoCodeAttribute", Module.CorLibTypes.GetTypeRef("System", "Attribute"));

            Module.Types.Add(attrType29);
            var attrType30 = new TypeDefUser("", "Shitfuscator-PRO", Module.CorLibTypes.GetTypeRef("System", "Attribute"));

            Module.Types.Add(attrType30);
            var attrType31 = new TypeDefUser("", "VMEntry", Module.CorLibTypes.GetTypeRef("System", "Attribute"));

            Module.Types.Add(attrType31);
            var ctor = new MethodDefUser(
                ".ctor",
                MethodSig.CreateInstance(Module.CorLibTypes.Void, Module.CorLibTypes.String),
                dnlib.DotNet.MethodImplAttributes.Managed,
                dnlib.DotNet.MethodAttributes.HideBySig | dnlib.DotNet.MethodAttributes.Public | dnlib.DotNet.MethodAttributes.SpecialName | dnlib.DotNet.MethodAttributes.RTSpecialName);

            ctor.Body          = new CilBody();
            ctor.Body.MaxStack = 1;
            ctor.Body.Instructions.Add(OpCodes.Ldarg_0.ToInstruction());
            ctor.Body.Instructions.Add(OpCodes.Call.ToInstruction(new MemberRefUser(Module, ".ctor", MethodSig.CreateInstance(Module.CorLibTypes.Void), Module.CorLibTypes.GetTypeRef("System", "Attribute"))));
            ctor.Body.Instructions.Add(OpCodes.Ret.ToInstruction());
            attrType.Methods.Add(ctor);
            var attr = new CustomAttribute(ctor);

            attr.ConstructorArguments.Add(new CAArgument(Module.CorLibTypes.String, Renamer.GetFuckedString(69)));
            Module.CustomAttributes.Add(attr);
        }
Beispiel #5
0
        public void Execute(ModuleDefMD md)
        {
            string shit = Renamer.Hell + Renamer.GetRandomName() + Renamer.Hell + Renamer.GetRandomName() + Renamer.Hell + Renamer.GetRandomName() + Renamer.Hell + Renamer.GetRandomName() + Renamer.Hell + Renamer.GetRandomName() + Renamer.Hell + Renamer.GetRandomName();

            md.Name = shit;
        }