public void initialize(ISimpleDeobfuscator simpleDeobfuscator, IDeobfuscator deob)
{
if (resolverType == null)
{
return;
}
encryptedResource = BabelUtils.findEmbeddedResource(module, resolverType, simpleDeobfuscator, deob);
if (encryptedResource == null)
{
Logger.w("Could not find embedded assemblies resource");
return;
}
var decrypted = resourceDecrypter.decrypt(encryptedResource.Data.ReadAllBytes());
var reader = new BinaryReader(new MemoryStream(decrypted));
int numAssemblies = reader.ReadInt32();
embeddedAssemblyInfos = new EmbeddedAssemblyInfo[numAssemblies];
for (int i = 0; i < numAssemblies; i++)
{
string name = reader.ReadString();
var data = reader.ReadBytes(reader.ReadInt32());
var mod = ModuleDefMD.Load(data);
embeddedAssemblyInfos[i] = new EmbeddedAssemblyInfo(name, DeobUtils.getExtension(mod.Kind), data);
}
}
static void initializeNameAndExtension(AssemblyInfo info)
{
try {
var mod = ModuleDefinition.ReadModule(new MemoryStream(info.Data));
info.AssemblyFullName = mod.Assembly.FullName;
info.SimpleName = mod.Assembly.Name.Name;
info.Extension = DeobUtils.getExtension(mod.Kind);
return;
}
catch {
}
Log.w("Could not load assembly from decrypted resource {0}", Utils.toCsharpString(info.ResourceName));
int index = info.Filename.LastIndexOf('.');
if (index < 0)
{
info.SimpleName = info.Filename;
info.Extension = "";
}
else
{
info.SimpleName = info.Filename.Substring(0, index);
info.Extension = info.Filename.Substring(index);
}
}
AssemblyInfo getAssemblyInfo(byte[] decryptedData, EmbeddedResource resource)
{
var asm = AssemblyDef.Load(decryptedData);
var fullName = asm.FullName;
var simpleName = asm.Name.String;
var extension = DeobUtils.getExtension(asm.Modules[0].Kind);
return(new AssemblyInfo(decryptedData, fullName, simpleName, extension, resource));
}
AssemblyInfo getAssemblyInfo(byte[] decryptedData, EmbeddedResource resource)
{
var asm = AssemblyDefinition.ReadAssembly(new MemoryStream(decryptedData));
var fullName = asm.Name.FullName;
var simpleName = asm.Name.Name;
var extension = DeobUtils.getExtension(asm.Modules[0].Kind);
return(new AssemblyInfo(decryptedData, fullName, simpleName, extension, resource));
}
void dumpResourceFiles()
{
foreach (var resource in libAssemblyResolver.Resources)
{
var mod = ModuleDefinition.ReadModule(resource.GetResourceStream());
addResourceToBeRemoved(resource, string.Format("Embedded assembly: {0}", mod.Assembly.FullName));
DeobfuscatedFile.createAssemblyFile(resource.GetResourceData(),
Utils.getAssemblySimpleName(mod.Assembly.FullName),
DeobUtils.getExtension(mod.Kind));
}
removeInitCall(libAssemblyResolver.InitMethod);
addCallToBeRemoved(module.EntryPoint, libAssemblyResolver.InitMethod);
addTypeToBeRemoved(libAssemblyResolver.Type, "Assembly resolver type (library mode)");
}
void findEmbeddedAssemblies()
{
var data = bundleData.Data.ReadAllBytes();
var doc = new XmlDocument();
bundleXmlFile.Data.Position = 0;
doc.Load(XmlReader.Create(bundleXmlFile.Data.CreateStream()));
var manifest = doc.DocumentElement;
if (manifest.Name.ToLowerInvariant() != "manifest")
{
Logger.w("Could not find Manifest element");
return;
}
foreach (var tmp in manifest.ChildNodes)
{
var assemblyElem = tmp as XmlElement;
if (assemblyElem == null)
{
continue;
}
if (assemblyElem.Name.ToLowerInvariant() != "assembly")
{
Logger.w("Unknown element: {0}", assemblyElem.Name);
continue;
}
int offset = getAttributeValueInt32(assemblyElem, "offset");
if (offset < 0)
{
Logger.w("Could not find offset attribute");
continue;
}
var assemblyData = DeobUtils.inflate(data, offset, data.Length - offset, true);
var mod = ModuleDefMD.Load(assemblyData);
infos.Add(new AssemblyInfo(mod.Assembly.FullName, DeobUtils.getExtension(mod.Kind), assemblyData));
}
}
void decryptAllAssemblies()
{
if (assemblyResource == null)
{
return;
}
var resourceSet = ResourceReader.read(resourceModule, assemblyResource.GetResourceStream());
foreach (var resourceElement in resourceSet.ResourceElements)
{
if (resourceElement.ResourceData.Code != ResourceTypeCode.ByteArray)
{
throw new ApplicationException("Invalid resource");
}
var resourceData = (BuiltInResourceData)resourceElement.ResourceData;
var assemblyData = decrypt((byte[])resourceData.Data);
var theModule = ModuleDefinition.ReadModule(new MemoryStream(assemblyData));
bool isMain = resourceElement.Name == entryPointAssemblyKey;
assemblyInfos.Add(new AssemblyInfo(assemblyData, DeobUtils.getExtension(theModule.Kind), theModule.Assembly.FullName, theModule.Assembly.Name.Name, isMain));
}
}
public List <AssemblyInfo> getAssemblyInfos(ISimpleDeobfuscator simpleDeobfuscator, IDeobfuscator deob)
{
var infos = new List <AssemblyInfo>();
if (embedResolverMethod != null)
{
simpleDeobfuscator.deobfuscate(embedResolverMethod);
simpleDeobfuscator.decryptStrings(embedResolverMethod, deob);
embedPassword = getEmbedPassword(embedResolverMethod);
}
if (embedPassword == null)
{
return(infos);
}
foreach (var rsrc in module.Resources)
{
var resource = rsrc as EmbeddedResource;
if (resource == null)
{
continue;
}
if (!Regex.IsMatch(resource.Name.String, "^cfd_([0-9a-f]{2})+_$"))
{
continue;
}
var asmData = decrypt(embedPassword, gunzip(resource.Data.ReadAllBytes()));
var mod = ModuleDefMD.Load(asmData);
infos.Add(new AssemblyInfo(asmData, resource, mod.Assembly.FullName, mod.Assembly.Name.String, DeobUtils.getExtension(mod.Kind)));
}
return(infos);
}