Re-use v3-v4 string decrypter

de4dot.code/de4dot.code.csproj

@@ -81,7 +81,7 @@
     <Compile Include="deobfuscators\CliSecure\StringDecrypter.cs" />
     <Compile Include="deobfuscators\CodeVeil\v3_v4\Deobfuscator.cs" />
     <Compile Include="deobfuscators\CodeVeil\v3_v4\MethodsDecrypter.cs" />
-    <Compile Include="deobfuscators\CodeVeil\v3_v4\StringDecrypter.cs" />
+    <Compile Include="deobfuscators\CodeVeil\StringDecrypter.cs" />
     <Compile Include="deobfuscators\CodeVeil\v5\Deobfuscator.cs" />
     <Compile Include="deobfuscators\CodeVeil\v5\ProxyDelegateFinder.cs" />
     <Compile Include="deobfuscators\CryptoObfuscator\AntiDebugger.cs" />

de4dot.code/deobfuscators/CodeVeil/StringDecrypter.cs

@@ -23,7 +23,7 @@ using Mono.Cecil;
 using Mono.Cecil.Cil;
 using de4dot.blocks;
 
-namespace de4dot.code.deobfuscators.CodeVeil.v3_v4 {
+namespace de4dot.code.deobfuscators.CodeVeil {
 	class StringDecrypter {
 		ModuleDefinition module;
 		TypeDefinition decrypterType;
@@ -80,6 +80,34 @@ namespace de4dot.code.deobfuscators.CodeVeil.v3_v4 {
 			}
 		}
 
+		public void find2() {
+			foreach (var type in module.Types) {
+				if (!checkType(type))
+					continue;
+				var initMethodTmp = findInitMethod(type);
+				if (initMethodTmp == null)
+					continue;
+
+				decrypterType = type;
+				initMethod = initMethodTmp;
+				return;
+			}
+		}
+
+		MethodDefinition findInitMethod(TypeDefinition type) {
+			foreach (var method in type.Methods) {
+				if (!method.IsStatic || method.Body == null)
+					continue;
+				var key = getKey(method);
+				if (key == null)
+					continue;
+
+				return method;
+			}
+
+			return null;
+		}
+
 		bool checkType(TypeDefinition type) {
 			if (!type.HasNestedTypes)
 				return false;

de4dot.code/deobfuscators/CodeVeil/v5/Deobfuscator.cs

@@ -55,6 +55,7 @@ namespace de4dot.code.deobfuscators.CodeVeil.v5 {
 		string obfuscatorName = DeobfuscatorInfo.THE_NAME + " 5.x";
 
 		ProxyDelegateFinder proxyDelegateFinder;
+		StringDecrypter stringDecrypter;
 
 		internal class Options : OptionsBase {
 		}
@@ -79,7 +80,8 @@ namespace de4dot.code.deobfuscators.CodeVeil.v5 {
 		protected override int detectInternal() {
 			int val = 0;
 
-			int sum = toInt32(proxyDelegateFinder.Detected);
+			int sum = toInt32(proxyDelegateFinder.Detected) +
+					toInt32(stringDecrypter.Detected);
 			if (sum > 0)
 				val += 100 + 10 * (sum - 1);
 
@@ -89,18 +91,28 @@ namespace de4dot.code.deobfuscators.CodeVeil.v5 {
 		protected override void scanForObfuscator() {
 			proxyDelegateFinder = new ProxyDelegateFinder(module);
 			proxyDelegateFinder.findDelegateCreator();
+			stringDecrypter = new StringDecrypter(module);
+			stringDecrypter.find2();
 		}
 
 		public override void deobfuscateBegin() {
 			base.deobfuscateBegin();
 
+			if (Operations.DecryptStrings != OpDecryptString.None) {
+				stringDecrypter.initialize();
+				staticStringInliner.add(stringDecrypter.DecryptMethod, (method, args) => {
+					return stringDecrypter.decrypt((int)args[0]);
+				});
+				DeobfuscatedFile.stringDecryptersAdded();
+			}
+
 			proxyDelegateFinder.initialize();
 			proxyDelegateFinder.find();
 		}
 
-		public override void deobfuscateMethodEnd(blocks.Blocks blocks) {
+		public override void deobfuscateMethodBegin(blocks.Blocks blocks) {
 			proxyDelegateFinder.deobfuscate(blocks);
-			base.deobfuscateMethodEnd(blocks);
+			base.deobfuscateMethodBegin(blocks);
 		}
 
 		public override void deobfuscateEnd() {