monocul.us/de4dot-cex
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity
2,020 Commits 2 Branches 1 Tag 5 MiB
v4.0.0
Commit Graph

1202 Commits

Author SHA1 Message Date
ViR Dash
c019e21743 Check if cctor exists before using it 2019-05-03 01:17:30 +01:00
ViR Dash
8725afae01 Add support for normal mode string decryption 2017-09-26 01:54:47 +01:00
ViR Dash
5ec36c863c Add support for normal predicate control flow; 
Add detection weight to ConfusedBy attribute
 2017-09-26 01:54:42 +01:00
ViR Dash
7adf818194 Implement ConfuserEx generic constants and resource decryption; misc improvements 
Move BeaEngine.dll to /bin/
Make sure BeaEngine.dll is loaded when the working directory is different
Disable file deobfuscation exception handler
Don't remove LZMA methods by default
Trim version read from ConfuserAttribute
Minor refactoring
 2017-08-20 16:25:25 +03:00
ViR Dash
4be6156d9b Move ConfuserEx warning messages to display during the correct deobfuscation stage 2017-08-19 17:44:30 +03:00
ViR Dash
d6a18082af Ensure BeaEngine.dll is present and misc changes 
Copy BeaEngine.dll on build and check if it exists in runtime
Disable more exception handlers to help detect swallowed exceptions
Misc refactoring
 2017-08-19 17:40:14 +03:00
ViR Dash
3e4170deb6 ConfuserEx deobfuscator code clean-up and refactor 2017-08-08 13:27:21 +03:00
ViR Dash
e0a2e805d4 ConfuserEx deobfuscator updates and misc changes 
ConfuserEx changes:
* Implement Proxy Call Fixer
* Refactor Control Flow Fixer
Disable main exception handler to let de4dot throw on error
 2017-07-25 17:37:41 +03:00
ViR Dash
23477ccb5f Implemented ConfuserEx deobfuscator 
x86 cflow and x86 constant decryption
Backport of LINQ (LinqBridge)
Shift left/right emulation fixes in de4dot core
Block class extended to hold additional information
 2017-02-13 11:14:22 +02:00
PoroCYon
126758fa6f Fix compiler errors (on mono) (#123) 2017-01-05 13:46:04 +01:00
XODE0
be964e1637 Fix for .NETReactor versions(4.7+). 2016-03-19 20:13:02 +01:00
XODE0
bbe3d325fb Fix for old .NETReactor versions. 2016-03-19 18:26:07 +01:00
XODE0
38cfc6507a Update EncryptedResource.cs 2016-03-19 16:26:05 +01:00
XODE0
f6a107c9bf Support dotNETReactor v5.0.0.0 2016-03-19 16:16:22 +01:00
xode0
236b1768f4 Fix for the last .NETReactor. 2016-02-16 23:47:14 +01:00
de4dot
958ad86ceb Fix merge 2016-02-11 20:50:54 +01:00
0xd4d
71eddd4689 Merge pull request #119 from XODE0/master 
Add resource name decryption for Crypto.
 2016-02-11 20:43:35 +01:00
xode0
6bfb3bc4a7 Add resource name decryption 
.

Update Crypto StringDecrypter and move DecryptResourceName from ConstantsDecrypter to CoUtils.

Follow de4dot coding style.

Tabify the last commits.
 2016-02-11 20:28:00 +01:00
PythEch
17c23f9ad7 Use default shift constants when Eazfuscator.NET < 5.0 2016-02-06 17:38:14 +02:00
PythEch
d7c7c7ce85 Fix Indentation 2016-01-24 00:47:09 +02:00
PythEch
2581da1c26 Make it compatible with 5.0 again 
Version detection may be flawed since it checks if the string decryptor
method uses cgt.un instead of ceq for flags because the changes in 5.1
are subtle.
 2016-01-24 00:45:37 +02:00
PythEch
84e0aa0b77 Fix the calculation of magic 
It seems that Eazfuscator.NET sometimes calculates the magic with
different constants so I had to get them programmatically
 2016-01-23 22:55:29 +02:00
PythEch
63607a6678 Fix string decryption for Eazfuscator.NET 5.1 
v5.1 changes a few instructions in , other than it's almost the same
 2016-01-23 17:09:01 +02:00
de4dot
4c684bb67e Update copyright years 2015-10-29 22:45:26 +01:00
de4dot
02d6de8f39 Fix old Confuser deobfuscator code 2015-10-29 22:36:17 +01:00
de4dot
eefa799e0d Fix merge. Code used a much older dnlib version 2015-10-29 21:36:57 +01:00
de4dot
7cde561e6b Merge branch 'confuser' 2015-10-29 21:36:34 +01:00
de4dot
436fe05756 Fix some older merges 2015-10-29 21:36:27 +01:00
0xd4d
21318d2161 Merge pull request #111 from angelsl/master 
CryptoObfuscator: Detect if decrypter should skip before reading flag or vice versa
 2015-08-29 12:24:29 +02:00
angelsl
133814073c Actually use index of the not opcode 
Signed-off-by: angelsl <hidingfromhidden@gmail.com>
 2015-08-28 00:01:40 +08:00
saneki
ff708f8116 Renamed file with proper capitalization (as referenced in project file) 2015-08-22 16:25:30 -05:00
angelsl
ffeb7c9472 Detect if decrypter should skip before reading flag or vice versa 
Seems like some versions of CryptoObfuscator skip the bytes before reading the
actual flag instead of the behaviour expected by de4dot currently.

Signed-off-by: angelsl <hidingfromhidden@gmail.com>
 2015-08-21 15:57:44 +08:00
saneki
94596d6fb7 Added support for Eazfuscator.NET 5.0 2015-08-04 17:52:02 -05:00
de4dot
9e2a9016d2 Move .NET resources read/writer code to dnlib 2015-07-08 08:02:34 +02:00
Mr. eXoDia
0f1768b13f fixed the last bracket problems 2015-05-17 13:40:27 +02:00
Mr. eXoDia
a3e0445f0a make de4dot.code interface fully public 2015-05-17 13:29:48 +02:00
de4dot
01179242a7 DotNetFile prop was removed from dnlib, update code 2014-05-23 16:19:25 +02:00
de4dot
a7d9b67b28 Merge branch 'master' into confuser 2014-05-10 09:20:54 +02:00
de4dot
282cabed87 Some updates because of new dnlib version 
- Use a GenericParamContext when resolving tokens
- IDecrypter.GetMethodBody() method signature got updated
- ICustomAttributeType now implements IMethod so we don't need to cast it
- MemberRefFinder now scans all SecurityAttributes and MarshalType for types
 2014-05-10 09:00:43 +02:00
de4dot
b60accb953 Don't email me when new versions come out 2014-05-09 16:00:17 +02:00
de4dot
954f0af743 Support latest CryptoObfuscator 2014-05-09 15:59:50 +02:00
de4dot
9b2ed7acca Support new .NET Reactor resource encryption 2014-04-22 18:04:50 +02:00
de4dot
6278ef1d4b Update DNR resource resolver detector 2014-04-18 19:02:42 +02:00
de4dot
16c5153b00 Fix detection of CO SL resource type 2014-04-16 19:16:17 +02:00
de4dot
3f3bd90688 Support some more MaxtoCode runtimes 2014-04-14 18:27:36 +02:00
de4dot
099233960f Update string decrypter detector 2014-04-14 18:26:59 +02:00
de4dot
c8effe6b5a Retry decrypting methods if it fails for some reason 2014-04-14 06:28:29 +02:00
de4dot
948f20cb94 Fix Dotfuscator rename regex 2014-04-14 06:26:06 +02:00
de4dot
88f22f19a8 Add missing space 2014-04-08 00:16:57 +02:00
de4dot
978c2a7e31 Support ILProtector 2.0.13.0 - 2.0.13.1 2014-04-01 08:20:38 +02:00