public static bool Phase1()
{
EmbeddedResource targetRes = null;
foreach (var res in AsmDef.MainModule.Resources)
{
try
{
// ReSharper disable ReturnValueOfPureMethodIsNotUsed
Convert.FromBase64String(res.Name);
// ReSharper restore ReturnValueOfPureMethodIsNotUsed
targetRes = res as EmbeddedResource;
}
catch
{
PhaseError = new PhaseError
{
Level = PhaseError.ErrorLevel.Critical,
Message = "Could not locate compressed resource!"
};
return(false);
}
}
PhaseParam = targetRes.Name;
Logger.VSLog(string.Format("Located compressed resource at {0}...", PhaseParam));
return(true);
}
public static bool Phase2()
{
var resName = PhaseParam;
var resReader = new ResourceReader(AsmDef.FindResource(res => res.Name == "app.resources").GetResourceStream());
var en = resReader.GetEnumerator();
byte[] resData = null;
while (en.MoveNext())
{
if (en.Key.ToString() == resName)
{
resData = en.Value as byte[];
}
}
if (resData == null)
{
PhaseError = new PhaseError
{
Level = PhaseError.ErrorLevel.Critical,
Message = "Could not read resource data!"
};
}
PhaseParam = resData;
return(true);
}
public static bool Phase1()
{
EmbeddedResource targetRes = null;
foreach (var res in AsmDef.MainModule.Resources)
{
try
{
// ReSharper disable ReturnValueOfPureMethodIsNotUsed
Convert.FromBase64String(res.Name);
// ReSharper restore ReturnValueOfPureMethodIsNotUsed
targetRes = res as EmbeddedResource;
}
catch
{
PhaseError = new PhaseError
{
Level = PhaseError.ErrorLevel.Critical,
Message = "Could not locate compressed resource!"
};
return false;
}
}
PhaseParam = targetRes.Name;
Logger.VSLog(string.Format("Located compressed resource at {0}...", PhaseParam));
return true;
}
public static bool Phase2()
{
var orig = PhaseParam;
var inStream = new MemoryStream();
var stream2 = new FileStream(Globals.DeobContext.InPath, FileMode.Open, FileAccess.Read)
{
Position = orig
};
byte[] buffer = new byte[stream2.Length - orig];
stream2.Read(buffer, 0, Convert.ToInt32(buffer.Length));
inStream.Write(buffer, 0, buffer.Length);
inStream.Seek(0L, SeekOrigin.Begin);
if (buffer.Length == 0)
{
PhaseError = new PhaseError
{
Level = PhaseError.ErrorLevel.Critical,
Message = "Data buffer is empty!"
};
return(false);
}
Logger.VSLog(string.Format("Created memorystream ({0} bytes)...", buffer.Length));
PhaseParam = inStream;
return(true);
}
public static bool Phase1()
{
MethodDefinition cctor = null;
var targetType = AsmDef.MainModule.Types.FirstOrDefault(t => IsBadType(t, out cctor));
if (targetType == null || cctor == null)
{
PhaseError = new PhaseError
{
Level = PhaseError.ErrorLevel.Minor,
Message = "No string encryption?"
};
EmergencyCancel = true;
return(true);
}
MarkMember(targetType);
Logger.VSLog("Located bad type at " + targetType.Name);
_staticKey = (cctor.Body.Instructions.FirstOrDefault(op => op.OpCode == OpCodes.Ldtoken).Operand as FieldReference).Resolve().InitialValue;
if (_staticKey == null || _staticKey.Length == 0)
{
ThrowPhaseError("Could not find static key!", 0, true);
return(true);
}
PhaseParam = targetType;
return(true);
}
public static bool Phase2()
{
var resName = PhaseParam;
var resReader = new ResourceReader(AsmDef.FindResource(res => res.Name == "app.resources").GetResourceStream());
var en = resReader.GetEnumerator();
byte[] resData = null;
while (en.MoveNext())
{
if (en.Key.ToString() == resName)
resData = en.Value as byte[];
}
if(resData == null)
{
PhaseError = new PhaseError
{
Level = PhaseError.ErrorLevel.Critical,
Message = "Could not read resource data!"
};
}
PhaseParam = resData;
return true;
}
public static bool Phase1()
{
var orig = AsmDef.EntryPoint.DeclaringType.GetStaticConstructor();
if (orig == null)
{
PhaseError = new PhaseError
{
Level = PhaseError.ErrorLevel.Critical,
Message = "Could not find orig field!"
};
return(false);
}
PhaseParam = (int)orig.Body.Instructions.First(instr => instr.OpCode == OpCodes.Ldc_I4).Operand;
Logger.VSLog(string.Format("Found orig field initializing value; {0}...", PhaseParam));
return(true);
}
public static bool Phase2()
{
var finalData = Decompress(PhaseParam);
if(finalData.Length == 0)
{
PhaseError = new PhaseError
{
Level = PhaseError.ErrorLevel.Critical,
Message = "Could not decompress buffer!"
};
return false;
}
Logger.VSLog(string.Format("Decompressed data, raw size: {0} bytes...", finalData.Length));
File.WriteAllBytes(Globals.DeobContext.OutPath, finalData);
return true;
}
public static bool Phase1()
{
var orig = AsmDef.EntryPoint.DeclaringType.GetStaticConstructor();
if (orig == null)
{
PhaseError = new PhaseError
{
Level = PhaseError.ErrorLevel.Critical,
Message = "Could not find orig field!"
};
return false;
}
PhaseParam = (int) orig.Body.Instructions.First(instr => instr.OpCode == OpCodes.Ldc_I4).Operand;
Logger.VSLog(string.Format("Found orig field initializing value; {0}...", PhaseParam));
return true;
}
public static bool Phase2()
{
var finalData = Decompress(PhaseParam);
if (finalData.Length == 0)
{
PhaseError = new PhaseError
{
Level = PhaseError.ErrorLevel.Critical,
Message = "Could not decompress buffer!"
};
return(false);
}
Logger.VSLog(string.Format("Decompressed data, raw size: {0} bytes...", finalData.Length));
File.WriteAllBytes(Globals.DeobContext.OutPath, finalData);
return(true);
}
public static bool Phase1()
{
var target = AsmDef.EntryPoint;
target = target.Body.Instructions.FirstOfOpCode((op => op == OpCodes.Call), 3).Operand as MethodDefinition;
PhaseParam = target.Body.Instructions.FirstOfOpCode(OpCodes.Ldstr).Operand as string;
if (PhaseParam == null || PhaseParam == "")
{
PhaseError = new PhaseError
{
Level = PhaseError.ErrorLevel.Critical,
Message = "Could not locate compressed resource!"
};
return(false);
}
Logger.VSLog(string.Format("Found compressed resource: {0}...", PhaseParam));
return(true);
}
public static bool Phase1()
{
var target = AsmDef.EntryPoint;
target = target.Body.Instructions.FirstOfOpCode((op => op == OpCodes.Call), 3).Operand as MethodDefinition;
PhaseParam = target.Body.Instructions.FirstOfOpCode(OpCodes.Ldstr).Operand as string;
if(PhaseParam == null || PhaseParam == "")
{
PhaseError = new PhaseError
{
Level = PhaseError.ErrorLevel.Critical,
Message = "Could not locate compressed resource!"
};
return false;
}
Logger.VSLog(string.Format("Found compressed resource: {0}...", PhaseParam));
return true;
}
public static bool Phase1()
{
var target = AsmDef.FindMethod(mDef => mDef.Name == "lf");
_offset = (int)Convert.ChangeType(target.Body.Instructions.First(instr => instr.IsLdcI4WOperand()).Operand, typeof(Int32));
PhaseParam = lf(Globals.DeobContext.InPath);
if(PhaseParam.Length == 0)
{
PhaseError = new PhaseError
{
Level = PhaseError.ErrorLevel.Critical,
Message = "Failed to retrieve data!"
};
return false;
}
Logger.VSLog("Retrieved compressed data...");
return true;
}
public static bool Phase1()
{
var target = AsmDef.FindMethod(mDef => mDef.Name == "lf");
_offset = (int)Convert.ChangeType(target.Body.Instructions.First(instr => instr.IsLdcI4WOperand()).Operand, typeof(Int32));
PhaseParam = lf(Globals.DeobContext.InPath);
if (PhaseParam.Length == 0)
{
PhaseError = new PhaseError
{
Level = PhaseError.ErrorLevel.Critical,
Message = "Failed to retrieve data!"
};
return(false);
}
Logger.VSLog("Retrieved compressed data...");
return(true);
}
public static bool Phase2()
{
var blockList = PhaseParam as Dictionary<MethodDefinition, List<ILBlock>>;
var finalList = new Dictionary<MethodDefinition, List<Instruction>>();
foreach (var entry in blockList)
{
var blocks = entry.Value;
var mDef = entry.Key;
var cleanBody = new List<Instruction>();
var tmpBlock = blocks.Find(block => block.StartIndex == 0);
Instruction instr;
while (tmpBlock.NextBlock != null)
{
//mDef.Body.SimplifyMacros();
instr = mDef.Body.Instructions[tmpBlock.StartIndex];
while (mDef.Body.Instructions.IndexOf(instr.Next) <= tmpBlock.EndIndex)
{
cleanBody.Add(instr);
instr = instr.Next;
if (instr == null)
break;
if(cleanBody.Count >= 10000)
{
PhaseError = new PhaseError
{
Level = PhaseError.ErrorLevel.Minor,
Message = "Internal block error!"
};
return false;
}
}
tmpBlock = tmpBlock.NextBlock;
}
instr = mDef.Body.Instructions[tmpBlock.StartIndex];
while (mDef.Body.Instructions.IndexOf(instr.Next) <= tmpBlock.EndIndex)
{
cleanBody.Add(instr);
instr = instr.Next;
if (instr == null)
break;
}
if (cleanBody[cleanBody.Count -1].OpCode != OpCodes.Ret)
cleanBody.Add(mDef.Body.GetILProcessor().Create(OpCodes.Ret));
CleanJumps(ref cleanBody);
finalList.Add(mDef, cleanBody);
}
blockList.Clear();
PhaseParam = finalList;
return true;
}
public void DecryptEntry(ref DecryptionContext entry)
{
var rEntry = entry as RummageContext;
if (rEntry.Key == 0)
{
ThrowPhaseError("Failed to decrypt string!", 0, false);
}
var str = "";
using (var fs = new FileStream(Globals.DeobContext.InPath, FileMode.Open, FileAccess.Read))
{
using (var br = new BinaryReader(fs))
{
if (rEntry.Key == 61 + 1)
{
rEntry.Key = 62;
}
uint[] numArray = null;
uint[] numArray2 = null;
fs.Seek((rEntry.Key * 4) - _offset, SeekOrigin.End);
byte[] outData = null;
var x = 0;
while (x < (numArray ?? new uint[1337]).Length)
{
uint num = 0;
try
{
num = br.ReadUInt32();
}
catch (EndOfStreamException e)
{
break;
}
catch
{
PhaseError = new PhaseError
{
Level = PhaseError.ErrorLevel.Minor,
Message = "Message author!"
};
continue;
}
var num2 = br.ReadUInt32();
var num3 = 3337565984;
var tmp = numArray2;
for (var i = 32; i > 0; i--)
{
num2 -= (((num << 4) ^ (num >> 5)) + num) ^
(num3 + _decMod[(int)((IntPtr)((num3 >> 11) & 3))]);
num3 -= 2654435769;
num -= (((num2 << 4) ^ (num2 >> 5)) + num2) ^ (num3 + _decMod[(int)((IntPtr)(num3 & 3))]);
}
uint[] numArray4;
if (tmp == null)
{
outData = new byte[num];
numArray4 = numArray = new uint[num + 11 / 8 * 2 - 1];
}
else
{
numArray[x - 1] = num;
numArray4 = numArray;
}
numArray4[x] = num2;
x += 2;
if (x < numArray.Length)
{
numArray2 = numArray4;
}
Buffer.BlockCopy(numArray4, 0, outData, 0, outData.Length);
str = Encoding.UTF8.GetString(outData);
}
}
}
rEntry.PlainText = str;
}
public static bool Phase2()
{
var blockList = PhaseParam as Dictionary <MethodDefinition, List <ILBlock> >;
var finalList = new Dictionary <MethodDefinition, List <Instruction> >();
foreach (var entry in blockList)
{
var blocks = entry.Value;
var mDef = entry.Key;
var cleanBody = new List <Instruction>();
var tmpBlock = blocks.Find(block => block.StartIndex == 0);
Instruction instr;
while (tmpBlock.NextBlock != null)
{
//mDef.Body.SimplifyMacros();
instr = mDef.Body.Instructions[tmpBlock.StartIndex];
while (mDef.Body.Instructions.IndexOf(instr.Next) <= tmpBlock.EndIndex)
{
cleanBody.Add(instr);
instr = instr.Next;
if (instr == null)
{
break;
}
if (cleanBody.Count >= 10000)
{
PhaseError = new PhaseError
{
Level = PhaseError.ErrorLevel.Minor,
Message = "Internal block error!"
};
return(false);
}
}
tmpBlock = tmpBlock.NextBlock;
}
instr = mDef.Body.Instructions[tmpBlock.StartIndex];
while (mDef.Body.Instructions.IndexOf(instr.Next) <= tmpBlock.EndIndex)
{
cleanBody.Add(instr);
instr = instr.Next;
if (instr == null)
{
break;
}
}
if (cleanBody[cleanBody.Count - 1].OpCode != OpCodes.Ret)
{
cleanBody.Add(mDef.Body.GetILProcessor().Create(OpCodes.Ret));
}
CleanJumps(ref cleanBody);
finalList.Add(mDef, cleanBody);
}
blockList.Clear();
PhaseParam = finalList;
return(true);
}
public static bool Phase2()
{
var orig = PhaseParam;
var inStream = new MemoryStream();
var stream2 = new FileStream(Globals.DeobContext.InPath, FileMode.Open, FileAccess.Read)
{
Position = orig
};
byte[] buffer = new byte[stream2.Length - orig];
stream2.Read(buffer, 0, Convert.ToInt32(buffer.Length));
inStream.Write(buffer, 0, buffer.Length);
inStream.Seek(0L, SeekOrigin.Begin);
if (buffer.Length == 0)
{
PhaseError = new PhaseError
{
Level = PhaseError.ErrorLevel.Critical,
Message = "Data buffer is empty!"
};
return false;
}
Logger.VSLog(string.Format("Created memorystream ({0} bytes)...", buffer.Length));
PhaseParam = inStream;
return true;
}
