private void button2_Click(object sender, EventArgs e) { module = ModuleDefMD.Load(textBox1.Text); FindStringDecrypterMethods(module); DeobedStringNumber = 0; DecryptStringsInMethod(module, Methoddecryption); if (checkBox1.Checked) { RemoveDemo(module); } string text2 = Path.GetDirectoryName(textBox1.Text); if (!text2.EndsWith("\\")) { text2 += "\\"; } string path = text2 + Path.GetFileNameWithoutExtension(textBox1.Text) + "_patched" + Path.GetExtension(textBox1.Text); var opts = new ModuleWriterOptions(module); opts.Logger = DummyLogger.NoThrowInstance; module.Write(path, opts); label2.Text = "Successfully decrypted " + DeobedStringNumber + " strings !"; }
public static AssemblyDefinition Translate(ModuleDefMD manifestModule) { using (var assemblyStream = new MemoryStream()) { try { if (manifestModule.IsILOnly) { var writerOptions = new ModuleWriterOptions(manifestModule); writerOptions.Logger = DummyLogger.NoThrowInstance; MetaDataOptions metaDataOptions = new MetaDataOptions(); metaDataOptions.Flags = MetaDataFlags.PreserveAll; manifestModule.Write(assemblyStream, writerOptions); } else { var writerOptions = new NativeModuleWriterOptions(manifestModule); writerOptions.Logger = DummyLogger.NoThrowInstance; MetaDataOptions metaDataOptions = new MetaDataOptions(); metaDataOptions.Flags = MetaDataFlags.PreserveAll; manifestModule.NativeWrite(assemblyStream, writerOptions); } } catch (Exception) { if (assemblyStream.Length == 0) return null; } assemblyStream.Position = 0; AssemblyDefinition newAssembly = AssemblyDefinition.ReadAssembly(assemblyStream); return newAssembly; } }
private void button1_Click(object sender, EventArgs e) { module = ModuleDefMD.Load(textBox1.Text); FindStringDecrypterMethods(module); if (Methoddecryption == null) { FindStringDecrypterMethodsWithflow(module); x = 1; } DecryptStringsInMethod(module, Methoddecryption); string text2 = Path.GetDirectoryName(textBox1.Text); if (!text2.EndsWith("\\")) { text2 += "\\"; } string path = text2 + Path.GetFileNameWithoutExtension(textBox1.Text) + "_patched" + Path.GetExtension(textBox1.Text); module.Write(path); label2.Text = "Successfully decrypted " + DeobedStringNumber + " strings !"; }
static void Main(string[] args) { Console.WriteLine(@" _____ _____ _ "); Console.WriteLine(@"| | |___| __| |_ ___ ___ ___ ___ ___ "); Console.WriteLine(@"| | | |__ | | .'| _| . | -_| _|"); Console.WriteLine(@"|_____|_|_|_____|_|_|__,|_| | _|___|_| "); Console.WriteLine(@" |_|XenocodeRCE"); Console.WriteLine(@""); Console.WriteLine(@""); if (args == null || args.Length == 0) { Console.ForegroundColor = ConsoleColor.Red; Console.WriteLine("[!]Error : No file to deobfuscate ! "); Console.ForegroundColor = ConsoleColor.White; Console.ReadKey(); return; } else{ try { asm = ModuleDefMD.Load(args[0]); Console.ForegroundColor = ConsoleColor.Blue; Console.WriteLine("[!]Loading assembly " + asm.FullName); Console.ForegroundColor = ConsoleColor.Gray; asmpath = args[0]; var dec_method = Core.Helper.GetDecryptType(asm); if(dec_method != null) { Console.WriteLine("[!]Instancing decryption method : " + dec_method.FullName); Console.WriteLine("[!]Decrypting Strings ... : "); var decryptedstr = Core.Helper.Extract_string_value(dec_method); if(decryptedstr != 0) { DeobedStringNumber = decryptedstr; } Console.ForegroundColor = ConsoleColor.Yellow; Console.WriteLine(@"[!] Successfully decrypted " + DeobedStringNumber + " strings."); Console.ForegroundColor = ConsoleColor.Gray; Console.ForegroundColor = ConsoleColor.Gray; Console.WriteLine(@"[!] Saving Module..."); Console.ForegroundColor = ConsoleColor.Gray; string text2 = Path.GetDirectoryName(args[0]); if (!text2.EndsWith("\\")) { text2 += "\\"; } string path = text2 + Path.GetFileNameWithoutExtension(args[0]) + "_patched" + Path.GetExtension(args[0]); var opts = new ModuleWriterOptions(asm); opts.Logger = DummyLogger.NoThrowInstance; asm.Write(path, opts); Console.ForegroundColor = ConsoleColor.Green; Console.WriteLine(@"[!] Saved ! "); Console.ForegroundColor = ConsoleColor.Gray; return; Console.ReadKey(); } else { Console.ForegroundColor = ConsoleColor.Red; Console.WriteLine("[!]Error : Cannot find the decryption method !"); Console.ForegroundColor = ConsoleColor.White; Console.ReadKey(); return; } } catch (Exception) { Console.ForegroundColor = ConsoleColor.Red; Console.WriteLine("[!]Error : Cannot load the file. Make sure it's a valid .NET file !"); Console.ForegroundColor = ConsoleColor.White; Console.ReadKey(); return; } } }
private void button2_Click(object sender, EventArgs e) { module = ModuleDefMD.Load(textBox1.Text); asm = Assembly.LoadFile(textBox1.Text); //if (!Checker.IsDNP.Check(module)) //{ // label2.Text = "Not a DNP protectedt file !"; // return; //} //Remove Anti if (chk_antitamp.Checked) { Helpers.GetAntitamper(module); if (AntitampMethodDef != null) Helpers.NopCall(module, AntitampMethodDef); } if (chk_antidebug.Checked) { Helpers.GetAntidebug(module); if (AntidebugMethodDef != null) Helpers.NopCall(module, AntidebugMethodDef); } if (chk_antidump.Checked) { Helpers.GetAntidump(module); if (AntidumpMethodDef != null) Helpers.NopCall(module, AntidumpMethodDef); } if (chk_Integers.Checked) { //Decrypt Integers Helpers.ResolveMathPow(module); } if (chk_str.Checked) { //Decrypt Strings Helpers.GetStrDecMeth(module); } if (chk_Integers.Checked) { //Decrypt remaining integers Helpers.ResolveLastInt(module); Helpers.ExtractIntFromRes(module); } if (chk_prune.Checked) { //Prune Assembly Helpers.PruneModule(module); } var text2 = Path.GetDirectoryName(textBox1.Text); if (text2 != null && !text2.EndsWith("\\")) { text2 += "\\"; } var path = text2 + Path.GetFileNameWithoutExtension(textBox1.Text) + "_DNPDeob" + Path.GetExtension(textBox1.Text); var opts = new ModuleWriterOptions(module) {Logger = DummyLogger.NoThrowInstance}; module.Write(path, opts); label2.Text = "Successfully deobfuscated " + DeobedString + " String, " + DeobedInts +" Integers, and " + PrunedMembers + " members has been removed !"; }