Ejemplo n.º 1
0
        private static void ActivateCommands(ArgumentParser parser, out bool autoDeob, out int token)
        {
            autoDeob = true;
            token = 0;

            foreach(var cmd in parser.ParsedCommands)
            {
                if (cmd is CmdVerbose)
                    DeobfuscatorContext.Output = DeobfuscatorContext.OutputType.Verbose;
                if (cmd is CmdOut)
                    DeobfuscatorContext.OutPath = cmd.UserInput.Substring(1);
                if (cmd is CmdFetchSignature)
                {
                    autoDeob = false;
                    var deob = new Deobfuscator(null);

                    Logger.VSLog(deob.FetchSignature());
                }
                if(cmd is CmdDynamicStringDecryption)
                {
                    token = Int32.Parse(cmd.UserInput.Split(':')[1].Trim(), NumberStyles.HexNumber);
                }
                if (cmd is CmdDebug)
                    DeobfuscatorContext.Debug = true;
            }
        }
Ejemplo n.º 2
0
        private static void Main(string[] args)
        {
            var parser = new ArgumentParser(args);
            bool autoDeob;
            int token;

            if(!parser.ParseRawInput()){
                Console.ReadLine();
                Environment.Exit(-1);
            }

            AssemblyDefinition tmpAsm = null;

            try
            {
                tmpAsm = AssemblyDefinition.ReadAssembly(args[0]);
            }
            catch
            {
                Logger.VSLog("File is not a valid .NET PE file!");
                Console.ReadLine();
                Environment.Exit(-1);
            }

            DeobfuscatorContext.AsmDef = tmpAsm;

            Logger.VSLog(string.Concat("NETDeob ", Version, " BETA"));
            Logger.VSLog("");

            DeobfuscatorContext.OutPath = DeobfuscatorContext.InPath + "_deobf.exe";
            ActivateCommands(parser, out autoDeob, out token);

            DeobfuscatorContext.Options.UnhandledExceptionHandler = GlobalExcHandle;

            if (autoDeob)
            {
                var deob = new Deobfuscator();
                deob.Deobfuscate(token == 0
                                     ? null
                                     : new DynamicStringDecryptionContetx
                                           {
                                               AssociatedTokens = new List<int> { token },
                                               DecryptionType = StringDecryption.Dynamic
                                           });
            }

            Console.Read();
        }
Ejemplo n.º 3
0
        private static void Main(string[] args)
        {
            if (args.Length == 0)
                return;

            var ctx = new DeobfuscatorContext();
            var optionSet = new OptionSet()
                                {
                                    {"st=|strtok=", t =>
                                                            {
                                                                if (t != null)
                                                                   ctx.DynStringCtx = new DeobfuscatorContext.DynamicStringDecryptionContext
                                                                                                           {
                                                                                                               AssociatedToken = Int32.Parse(t, NumberStyles.HexNumber),
                                                                                                               DecryptionType = DeobfuscatorContext.StringDecryption.Dynamic
                                                                                                           };
                                                            }},
                                     {"v|verbose", v =>
                                                        {
                                                           if (v != null)
                                                               ctx.Output = DeobfuscatorContext.OutputType.Verbose;
                                                         }},
                                     { "d|debug", d =>
                                                     {
                                                          if(d != null)
                                                             ctx.Debug = true;
                                                     }},

                                     {"fsig|fetchsignature", fs =>
                                                                {
                                                                    if(fs != null)
                                                                    {
                                                                        Console.WriteLine(new Deobfuscator(ctx).FetchSignature());
                                                                        Console.ReadLine();
                                                                        Environment.Exit(-1);
                                                                    }
                                                                }},
                                     {"o=|output=", o =>
                                                                {
                                                                    if (o != null)
                                                                        ctx.OutPath = o;
                                                                }},
                                     {"pp=|pluginpath=", pp =>
                                                                {
                                                                    if(pp != null)
                                                                    {
                                                                        ctx.Options = new DeobfuscatorOptions();
                                                                        ctx.Options.LoadPlugins = true;
                                                                        ctx.Options.PluginLoadPath = pp;
                                                                    }
                                                                }},
                                     {"prp|preferplugins", prp =>
                                                                 {
                                                                     if(prp != null)
                                                                     {
                                                                         ctx.Options.LoadPlugins = true;
                                                                         ctx.Options.PreferPluginsOverBuiltinIdentifiers = true;
                                                                     }
                                                                 }}
                                };

            AssemblyDefinition tmpAsm = null;

            try
            {
                tmpAsm = AssemblyDefinition.ReadAssembly((ctx.InPath = args[0]));
            }
            catch
            {
                Console.WriteLine("File is not a valid .NET PE file!");
                Console.ReadLine();
                Environment.Exit(-1);
            }

            ctx.AsmDef = tmpAsm;

            Console.WriteLine(string.Concat("NETDeob ", Version, " BETA"));
            Console.WriteLine();

            ctx.OutPath = ctx.OutPath ?? Path.Combine(Path.GetDirectoryName(ctx.InPath), tmpAsm.Name.Name + "_deobf.exe");

            try
            {
                optionSet.Parse(args.FromIndex(1));
            }
            catch (OptionException e)
            {
                Console.WriteLine("Invalid parameters supplied!");
                Console.ReadLine();
                Environment.Exit(-1);
            }

            var deob = new Deobfuscator(ctx);
            deob.Deobfuscate();

            Console.Read();
        }