private void button2_Click(object sender, EventArgs e)
{
module = ModuleDefMD.Load(textBox1.Text);
FindStringDecrypterMethods(module);
DeobedStringNumber = 0;
DecryptStringsInMethod(module, Methoddecryption);
if (checkBox1.Checked)
{
RemoveDemo(module);
}
string text2 = Path.GetDirectoryName(textBox1.Text);
if (!text2.EndsWith("\\"))
{
text2 += "\\";
}
string path = text2 + Path.GetFileNameWithoutExtension(textBox1.Text) + "_patched" +
Path.GetExtension(textBox1.Text);
var opts = new ModuleWriterOptions(module);
opts.Logger = DummyLogger.NoThrowInstance;
module.Write(path, opts);
label2.Text = "Successfully decrypted " + DeobedStringNumber + " strings !";
}
public static AssemblyDefinition Translate(ModuleDefMD manifestModule)
{
using (var assemblyStream = new MemoryStream())
{
try
{
if (manifestModule.IsILOnly)
{
var writerOptions = new ModuleWriterOptions(manifestModule);
writerOptions.Logger = DummyLogger.NoThrowInstance;
MetaDataOptions metaDataOptions = new MetaDataOptions();
metaDataOptions.Flags = MetaDataFlags.PreserveAll;
manifestModule.Write(assemblyStream, writerOptions);
}
else
{
var writerOptions = new NativeModuleWriterOptions(manifestModule);
writerOptions.Logger = DummyLogger.NoThrowInstance;
MetaDataOptions metaDataOptions = new MetaDataOptions();
metaDataOptions.Flags = MetaDataFlags.PreserveAll;
manifestModule.NativeWrite(assemblyStream, writerOptions);
}
}
catch (Exception)
{
if (assemblyStream.Length == 0)
return null;
}
assemblyStream.Position = 0;
AssemblyDefinition newAssembly = AssemblyDefinition.ReadAssembly(assemblyStream);
return newAssembly;
}
}
private void button1_Click(object sender, EventArgs e)
{
module = ModuleDefMD.Load(textBox1.Text);
FindStringDecrypterMethods(module);
if (Methoddecryption == null)
{
FindStringDecrypterMethodsWithflow(module);
x = 1;
}
DecryptStringsInMethod(module, Methoddecryption);
string text2 = Path.GetDirectoryName(textBox1.Text);
if (!text2.EndsWith("\\"))
{
text2 += "\\";
}
string path = text2 + Path.GetFileNameWithoutExtension(textBox1.Text) + "_patched" +
Path.GetExtension(textBox1.Text);
module.Write(path);
label2.Text = "Successfully decrypted " + DeobedStringNumber + " strings !";
}
static void Main(string[] args)
{
Console.WriteLine(@" _____ _____ _ ");
Console.WriteLine(@"| | |___| __| |_ ___ ___ ___ ___ ___ ");
Console.WriteLine(@"| | | |__ | | .'| _| . | -_| _|");
Console.WriteLine(@"|_____|_|_|_____|_|_|__,|_| | _|___|_| ");
Console.WriteLine(@" |_|XenocodeRCE");
Console.WriteLine(@"");
Console.WriteLine(@"");
if (args == null || args.Length == 0)
{
Console.ForegroundColor = ConsoleColor.Red;
Console.WriteLine("[!]Error : No file to deobfuscate ! ");
Console.ForegroundColor = ConsoleColor.White;
Console.ReadKey();
return;
}
else{
try
{
asm = ModuleDefMD.Load(args[0]);
Console.ForegroundColor = ConsoleColor.Blue;
Console.WriteLine("[!]Loading assembly " + asm.FullName);
Console.ForegroundColor = ConsoleColor.Gray;
asmpath = args[0];
var dec_method = Core.Helper.GetDecryptType(asm);
if(dec_method != null)
{
Console.WriteLine("[!]Instancing decryption method : " + dec_method.FullName);
Console.WriteLine("[!]Decrypting Strings ... : ");
var decryptedstr = Core.Helper.Extract_string_value(dec_method);
if(decryptedstr != 0)
{
DeobedStringNumber = decryptedstr;
}
Console.ForegroundColor = ConsoleColor.Yellow;
Console.WriteLine(@"[!] Successfully decrypted " + DeobedStringNumber + " strings.");
Console.ForegroundColor = ConsoleColor.Gray;
Console.ForegroundColor = ConsoleColor.Gray;
Console.WriteLine(@"[!] Saving Module...");
Console.ForegroundColor = ConsoleColor.Gray;
string text2 = Path.GetDirectoryName(args[0]);
if (!text2.EndsWith("\\"))
{
text2 += "\\";
}
string path = text2 + Path.GetFileNameWithoutExtension(args[0]) + "_patched" +
Path.GetExtension(args[0]);
var opts = new ModuleWriterOptions(asm);
opts.Logger = DummyLogger.NoThrowInstance;
asm.Write(path, opts);
Console.ForegroundColor = ConsoleColor.Green;
Console.WriteLine(@"[!] Saved ! ");
Console.ForegroundColor = ConsoleColor.Gray;
return;
Console.ReadKey();
}
else
{
Console.ForegroundColor = ConsoleColor.Red;
Console.WriteLine("[!]Error : Cannot find the decryption method !");
Console.ForegroundColor = ConsoleColor.White;
Console.ReadKey();
return;
}
}
catch (Exception)
{
Console.ForegroundColor = ConsoleColor.Red;
Console.WriteLine("[!]Error : Cannot load the file. Make sure it's a valid .NET file !");
Console.ForegroundColor = ConsoleColor.White;
Console.ReadKey();
return;
}
}
}
private void button2_Click(object sender, EventArgs e)
{
module = ModuleDefMD.Load(textBox1.Text);
asm = Assembly.LoadFile(textBox1.Text);
//if (!Checker.IsDNP.Check(module))
//{
// label2.Text = "Not a DNP protectedt file !";
// return;
//}
//Remove Anti
if (chk_antitamp.Checked)
{
Helpers.GetAntitamper(module);
if (AntitampMethodDef != null) Helpers.NopCall(module, AntitampMethodDef);
}
if (chk_antidebug.Checked)
{
Helpers.GetAntidebug(module);
if (AntidebugMethodDef != null) Helpers.NopCall(module, AntidebugMethodDef);
}
if (chk_antidump.Checked)
{
Helpers.GetAntidump(module);
if (AntidumpMethodDef != null) Helpers.NopCall(module, AntidumpMethodDef);
}
if (chk_Integers.Checked)
{
//Decrypt Integers
Helpers.ResolveMathPow(module);
}
if (chk_str.Checked)
{
//Decrypt Strings
Helpers.GetStrDecMeth(module);
}
if (chk_Integers.Checked)
{
//Decrypt remaining integers
Helpers.ResolveLastInt(module);
Helpers.ExtractIntFromRes(module);
}
if (chk_prune.Checked)
{
//Prune Assembly
Helpers.PruneModule(module);
}
var text2 = Path.GetDirectoryName(textBox1.Text);
if (text2 != null && !text2.EndsWith("\\"))
{
text2 += "\\";
}
var path = text2 + Path.GetFileNameWithoutExtension(textBox1.Text) + "_DNPDeob" +
Path.GetExtension(textBox1.Text);
var opts = new ModuleWriterOptions(module) {Logger = DummyLogger.NoThrowInstance};
module.Write(path, opts);
label2.Text = "Successfully deobfuscated " + DeobedString + " String, " + DeobedInts +" Integers, and " + PrunedMembers + " members has been removed !";
}
