Пример #1
0
        public List <AssemblyInfo> GetAssemblyInfos(ISimpleDeobfuscator simpleDeobfuscator, IDeobfuscator deob)
        {
            var infos = new List <AssemblyInfo>();

            if (embedResolverMethod != null)
            {
                simpleDeobfuscator.Deobfuscate(embedResolverMethod);
                simpleDeobfuscator.DecryptStrings(embedResolverMethod, deob);
                embedPassword = GetEmbedPassword(embedResolverMethod);
            }

            if (embedPassword == null)
            {
                return(infos);
            }

            foreach (var rsrc in module.Resources)
            {
                var resource = rsrc as EmbeddedResource;
                if (resource == null)
                {
                    continue;
                }
                if (!Regex.IsMatch(resource.Name.String, "^cfd_([0-9a-f]{2})+_$"))
                {
                    continue;
                }

                var asmData = Decrypt(embedPassword, Gunzip(resource.Data.ReadAllBytes()));
                var mod     = ModuleDefMD.Load(asmData);
                infos.Add(new AssemblyInfo(asmData, resource, mod.Assembly.FullName, mod.Assembly.Name.String, DeobUtils.GetExtension(mod.Kind)));
            }

            return(infos);
        }
Пример #2
0
        public List <AssemblyInfo> getAssemblyInfos(ISimpleDeobfuscator simpleDeobfuscator, IDeobfuscator deob)
        {
            var infos = new List <AssemblyInfo>();

            if (embedResolverMethod != null)
            {
                simpleDeobfuscator.deobfuscate(embedResolverMethod);
                simpleDeobfuscator.decryptStrings(embedResolverMethod, deob);
                embedPassword = getEmbedPassword(embedResolverMethod);
            }

            if (embedPassword == null)
            {
                return(infos);
            }

            foreach (var rsrc in module.Resources)
            {
                var resource = rsrc as EmbeddedResource;
                if (resource == null)
                {
                    continue;
                }
                if (!Regex.IsMatch(resource.Name, "^cfd_([0-9a-f]{2})+_$"))
                {
                    continue;
                }

                var asmData = decrypt(embedPassword, gunzip(resource.GetResourceData()));
                var mod     = ModuleDefinition.ReadModule(new MemoryStream(asmData));
                infos.Add(new AssemblyInfo(asmData, resource, mod.Assembly.FullName, mod.Assembly.Name.Name, DeobUtils.getExtension(mod.Kind)));
            }

            return(infos);
        }
Пример #3
0
        static byte[] Decrypt(PasswordInfo password, byte[] data)
        {
            const int iterations = 2;
            const int numBits    = 0x100;
            var       key        = new Rfc2898DeriveBytes(password.passphrase, Encoding.UTF8.GetBytes(password.salt), iterations).GetBytes(numBits / 8);

            return(DeobUtils.AesDecrypt(data, key, Encoding.UTF8.GetBytes(password.iv)));
        }
        public void find(out PasswordInfo mainAsmPassword, out PasswordInfo embedPassword)
        {
            var asmBuilder = AppDomain.CurrentDomain.DefineDynamicAssembly(new AssemblyName("asm"), AssemblyBuilderAccess.Run);
            var moduleBuilder = asmBuilder.DefineDynamicModule("mod");
            var serializedTypes = new SerializedTypes(moduleBuilder);
            var allTypes = serializedTypes.deserialize(serializedData);
            asmTypes = toList(readField(allTypes, "Types"));

            mainAsmPassword = findMainAssemblyPassword();
            embedPassword = findEmbedPassword();
        }
Пример #5
0
        public void Find(out PasswordInfo mainAsmPassword, out PasswordInfo embedPassword)
        {
            var asmBuilder      = AppDomain.CurrentDomain.DefineDynamicAssembly(new AssemblyName("asm"), AssemblyBuilderAccess.Run);
            var moduleBuilder   = asmBuilder.DefineDynamicModule("mod");
            var serializedTypes = new SerializedTypes(moduleBuilder);
            var allTypes        = serializedTypes.Deserialize(serializedData);

            asmTypes = ToList(ReadField(allTypes, "Types"));

            mainAsmPassword = FindMainAssemblyPassword();
            embedPassword   = FindEmbedPassword();
        }
Пример #6
0
		public AssemblyDecrypter(ModuleDefMD module, AssemblyDecrypter oldOne) {
			this.module = module;
			this.embedPassword = oldOne.embedPassword;
		}
Пример #7
0
		public List<AssemblyInfo> GetAssemblyInfos(ISimpleDeobfuscator simpleDeobfuscator, IDeobfuscator deob) {
			var infos = new List<AssemblyInfo>();

			if (embedResolverMethod != null) {
				simpleDeobfuscator.Deobfuscate(embedResolverMethod);
				simpleDeobfuscator.DecryptStrings(embedResolverMethod, deob);
				embedPassword = GetEmbedPassword(embedResolverMethod);
			}

			if (embedPassword == null)
				return infos;

			foreach (var rsrc in module.Resources) {
				var resource = rsrc as EmbeddedResource;
				if (resource == null)
					continue;
				if (!Regex.IsMatch(resource.Name.String, "^cfd_([0-9a-f]{2})+_$"))
					continue;

				var asmData = Decrypt(embedPassword, Gunzip(resource.Data.ReadAllBytes()));
				var mod = ModuleDefMD.Load(asmData);
				infos.Add(new AssemblyInfo(asmData, resource, mod.Assembly.FullName, mod.Assembly.Name.String, DeobUtils.GetExtension(mod.Kind)));
			}

			return infos;
		}
Пример #8
0
		static byte[] Decrypt(PasswordInfo password, byte[] data) {
			const int iterations = 2;
			const int numBits = 0x100;
			var key = new Rfc2898DeriveBytes(password.passphrase, Encoding.UTF8.GetBytes(password.salt), iterations).GetBytes(numBits / 8);
			return DeobUtils.AesDecrypt(data, key, Encoding.UTF8.GetBytes(password.iv));
		}
Пример #9
0
 public AssemblyDecrypter(ModuleDefMD module, AssemblyDecrypter oldOne)
 {
     this.module        = module;
     this.embedPassword = oldOne.embedPassword;
 }
Пример #10
0
        public List<AssemblyInfo> getAssemblyInfos(ISimpleDeobfuscator simpleDeobfuscator, IDeobfuscator deob)
        {
            var infos = new List<AssemblyInfo>();

            if (embedResolverMethod != null) {
                simpleDeobfuscator.deobfuscate(embedResolverMethod);
                simpleDeobfuscator.decryptStrings(embedResolverMethod, deob);
                embedPassword = getEmbedPassword(embedResolverMethod);
            }

            if (embedPassword == null)
                return infos;

            foreach (var rsrc in module.Resources) {
                var resource = rsrc as EmbeddedResource;
                if (resource == null)
                    continue;
                if (!Regex.IsMatch(resource.Name, "^cfd_([0-9a-f]{2})+_$"))
                    continue;

                var asmData = decrypt(embedPassword, gunzip(resource.GetResourceData()));
                var mod = ModuleDefinition.ReadModule(new MemoryStream(asmData));
                infos.Add(new AssemblyInfo(asmData, resource, mod.Assembly.FullName, mod.Assembly.Name.Name, DeobUtils.getExtension(mod.Kind)));
            }

            return infos;
        }