static void Main(string[] args)
{
// Thanks to xeno's old deob and cawk for helping with that one :)
string oldEnv = Environment.CurrentDirectory;
Console.Title = "DeBabel";
Console.WriteLine(@"______ ______ _ _ _ ____ ___");
Console.WriteLine(@"| _ \ | ___ \ | | | | | | | \/ |");
Console.WriteLine(@"| | | |___| |_/ / __ _| |__ ___| | | | | . . |");
Console.WriteLine(@"| | | / _ \ ___ \/ _` | '_ \ / _ \ | | | | |\/| |");
Console.WriteLine(@"| |/ / __/ |_/ / (_| | |_) | __/ \ \_/ / | | |");
Console.WriteLine(@"|___/ \___\____/ \__,_|_.__/ \___|_|\___/\_| |_/");
Console.WriteLine(" V1.1 - LaPanthere & RAMZEZzz ");
try
{
asm = ModuleDefMD.Load(args[0]);
Console.WriteLine("[!]Loading assembly " + asm.FullName);
asmpath = asm.Location;
verbose = true;
}
catch (Exception ex)
{
Console.ForegroundColor = ConsoleColor.Red;
Console.WriteLine("[!] Error: Cannot load the file. Make sure it's a valid .NET file!");
Console.WriteLine("[!] Verbose mode can be activated with -v");
Console.ForegroundColor = ConsoleColor.White;
return;
}
Console.ForegroundColor = ConsoleColor.Green;
Console.WriteLine("[!] Trying to Restore Methods from VM - for best results move VM Restore to target folder!");
Console.ForegroundColor = ConsoleColor.White;
// fix for dll's needed
Environment.CurrentDirectory = Path.GetDirectoryName(asmpath);
Console.ForegroundColor = ConsoleColor.Green;
int restored = RestoreDynamicMethods(asm);
Console.WriteLine("[!] Restored {0} methods from VM", restored);
Console.WriteLine("[!] Restore strings...");
int restoredStrings = RestoreStrings(asm);
Console.WriteLine("[!] Restored {0} strings from VM", restoredStrings);
Console.ForegroundColor = ConsoleColor.White;
//save module
string path = Path.GetDirectoryName(asmpath) + "\\" + Path.GetFileNameWithoutExtension(asmpath) + "_patched" +
Path.GetExtension(asmpath);
var opts = new ModuleWriterOptions(asm)
{
MetaDataOptions = { Flags = MetaDataFlags.PreserveAll }, Logger = DummyLogger.NoThrowInstance
};
asm.Write(path, opts);
Console.ForegroundColor = ConsoleColor.Green;
Console.WriteLine("[!] Assembly saved");
Console.ForegroundColor = ConsoleColor.White;
Console.WriteLine("Press any key to exit...");
Console.ReadKey();
}
public void InitializeFrom(ModuleWriterOptions options)
{
InitializeFromInternal((ModuleWriterOptionsBase)options);
KeepExtraPEData = false;
KeepWin32Resources = false;
}
protected override void Pack(ConfuserContext context, ProtectionParameters parameters)
{
var ctx = context.Annotations.Get <CompressorContext>(context, ContextKey);
if (ctx == null)
{
context.Logger.Error("No executable module!");
throw new ConfuserException(null);
}
ModuleDefMD originModule = context.Modules[ctx.ModuleIndex];
ctx.OriginModuleDef = originModule;
var stubModule = new ModuleDefUser(ctx.ModuleName, originModule.Mvid, originModule.CorLibTypes.AssemblyRef);
if (ctx.CompatMode)
{
var assembly = new AssemblyDefUser(originModule.Assembly);
assembly.Name += ".cr";
assembly.Modules.Add(stubModule);
}
else
{
ctx.Assembly.Modules.Insert(0, stubModule);
ImportAssemblyTypeReferences(originModule, stubModule);
}
stubModule.Characteristics = originModule.Characteristics;
stubModule.Cor20HeaderFlags = originModule.Cor20HeaderFlags;
stubModule.Cor20HeaderRuntimeVersion = originModule.Cor20HeaderRuntimeVersion;
stubModule.DllCharacteristics = originModule.DllCharacteristics;
stubModule.EncBaseId = originModule.EncBaseId;
stubModule.EncId = originModule.EncId;
stubModule.Generation = originModule.Generation;
stubModule.Kind = ctx.Kind;
stubModule.Machine = originModule.Machine;
stubModule.RuntimeVersion = originModule.RuntimeVersion;
stubModule.TablesHeaderVersion = originModule.TablesHeaderVersion;
stubModule.Win32Resources = originModule.Win32Resources;
InjectStub(context, ctx, parameters, stubModule);
var snKey = context.Annotations.Get <StrongNameKey>(originModule, Marker.SNKey);
var snPubKey = context.Annotations.Get <StrongNamePublicKey>(originModule, Marker.SNPubKey);
var snDelaySig = context.Annotations.Get <bool>(originModule, Marker.SNDelaySig, false);
var snSigKey = context.Annotations.Get <StrongNameKey>(originModule, Marker.SNSigKey);
var snPubSigKey = context.Annotations.Get <StrongNamePublicKey>(originModule, Marker.SNSigPubKey);
using (var ms = new MemoryStream()) {
var options = new ModuleWriterOptions(stubModule)
{
StrongNameKey = snKey,
StrongNamePublicKey = snPubKey,
DelaySign = snDelaySig
};
var injector = new KeyInjector(ctx);
options.WriterEvent += injector.WriterEvent;
stubModule.Write(ms, options);
context.CheckCancellation();
ProtectStub(context, context.OutputPaths[ctx.ModuleIndex], ms.ToArray(), snKey, snPubKey, snSigKey, snPubKey, snDelaySig, new StubProtection(ctx, originModule));
}
}
/// <summary>
/// Writes the assembly to a stream.
/// </summary>
/// <param name="dest">Destination stream</param>
/// <param name="options">Writer options</param>
public void Write(Stream dest, ModuleWriterOptions options)
{
ManifestModule.Write(dest, options);
}
/// <summary>
/// Writes the assembly to a file on disk. If the file exists, it will be truncated.
/// </summary>
/// <param name="filename">Filename</param>
/// <param name="options">Writer options</param>
public void Write(string filename, ModuleWriterOptions options)
{
ManifestModule.Write(filename, options);
}
static void Main(string[] args)
{
if (args.Length < 1)
{
return;
}
string modulePath = args[0];
ModuleDef module;
try
{
module = ModuleDefMD.Load(modulePath);
}
catch { return; }
MethodDef decryptionMethod = null;
int? decryptionKey = null;
foreach (var type in module.GetTypes())
{
foreach (var method in type.Methods)
{
if (!method.HasBody)
{
continue;
}
if (method.Signature.ToString() != "System.String (System.String,System.Int32)")
{
continue;
}
var instructions = method.Body.Instructions;
if (instructions.Count < 15)
{
continue;
}
if (!instructions[0].IsLdcI4())
{
continue;
}
if (!instructions[1].IsLdarg())
{
continue;
}
if (instructions[2].OpCode != OpCodes.Add)
{
continue;
}
if (!instructions[3].IsStloc())
{
continue;
}
if (!instructions[4].IsLdarg())
{
continue;
}
if (instructions[5].OpCode != OpCodes.Call)
{
continue;
}
if (instructions[5].Operand.ToString() != "System.Char[] System.String::ToCharArray()")
{
continue;
}
if (!instructions[6].IsStloc())
{
continue;
}
if (!instructions[7].IsLdcI4() || instructions[7].GetLdcI4Value() != 0)
{
continue;
}
if (!instructions[8].IsStloc())
{
continue;
}
if (!instructions[9].IsLdloc())
{
continue;
}
if (!instructions[10].IsLdloc())
{
continue;
}
if (instructions[11].OpCode != OpCodes.Ldlen)
{
continue;
}
if (instructions[12].OpCode != OpCodes.Conv_I4)
{
continue;
}
if (instructions[13].OpCode != OpCodes.Clt)
{
continue;
}
decryptionKey = instructions[0].GetLdcI4Value();
decryptionMethod = method;
break;
}
}
if (decryptionMethod == null || decryptionKey == null)
{
return;
}
int decrypted = 0;
foreach (var type in module.GetTypes())
{
foreach (var method in type.Methods)
{
if (!method.HasBody)
{
continue;
}
var instructions = method.Body.Instructions;
for (int i = 2; i < instructions.Count; i++)
{
if (instructions[i].OpCode != OpCodes.Call)
{
continue;
}
var calledMethod = instructions[i].Operand as MethodDef;
if (calledMethod == null || calledMethod != decryptionMethod)
{
continue;
}
if (!instructions[i - 1].IsLdcI4() || instructions[i - 2].OpCode != OpCodes.Ldstr)
{
continue;
}
var strParameter = instructions[i - 2].Operand.ToString();
var intParameter = instructions[i - 1].GetLdcI4Value();
var decryptedString = Decrypt(strParameter, intParameter, decryptionKey.Value);
Console.WriteLine(decryptedString);
instructions[i].OpCode = OpCodes.Ldstr;
instructions[i].Operand = decryptedString;
instructions[i - 1].OpCode = OpCodes.Nop;
instructions[i - 2].OpCode = OpCodes.Nop;
decrypted++;
}
}
}
Console.WriteLine("Decrypted {0} strings", decrypted);
module.Types.Remove(decryptionMethod.DeclaringType);
var newPath = FormatPath(modulePath, "_strDecrypted");
var moduleWriterOptions = new ModuleWriterOptions(module);
moduleWriterOptions.Logger = DummyLogger.NoThrowInstance;
module.Write(newPath, moduleWriterOptions);
Console.WriteLine("Saved {0}", newPath);
Console.ReadKey();
}
