Saturday, July 1, 2017

How to Deobfuscate .net Exe File | .net Deobfuscate Mega Tutorial

What is obfuscation ?


Obfuscation means making something hard to understand.It is the strike out act of making obfuscate code such as source and machine code to difficult understanding for humans. Programmers are obfuscate code to protect intellectual property and prevent an attacker from reverse engineering. Obfuscation may involve encrypt some or all of program code. Programs written in software languages such as c, c++, vb, c# lend themselves to obfuscation.After obfuscate a program code reverse engineer show below code which is very difficult for humans to understand. 




namespace
{
    using ;
    using ;
    using ;
    using ;
    using ;
    using SmartAssembly.Delegates;
    using SmartAssembly.HouseOfCards;
    using System;
    using System.Collections;
    using System.Text;

    internal sealed class : .
    {
        [NonSerialized]
        internal static GetString ”;

        private string ( . 1)
        {
            ArrayList list = new ArrayList();
            ArrayList list2 = new ArrayList();
            foreach ( . in 1. ())
            {
                list2.Add(( . () == null) ? . () : ( . () + ”(0x1aff) + . ()));
            }
            foreach ( . 2 in 1. ())
            {
                list.Add( 2. ());
            }
            list2.Sort();
            list.Sort();
            StringBuilder builder = new StringBuilder();
            foreach (string str in list2)
            {
                builder.Append(str + ”(0x1b04));
            }
            foreach (string str in list)
            {
                builder.Append(str + ”(0x1b04));
            }
            return Convert.ToBase64String( . . (builder.ToString()));
        }

        public void ( . 1)
        {
            this. (this. ( 1));
        }

        public void (string text1)
        {
            base. (”(0x1afa), text1);
        }

        public string ()
        {
            return base. (”(0x1afa));
        }

        static ()
        {
            Strings.CreateGetStringDelegate(typeof( . ));
        }

        public ()
        {
            base. (”(0x1ac8));
            base. (”(0x1acd));
        }
    }
}



Deobfuscation techniques like as programs slicking, sometimes used to reverse engineering of obfuscation.


What is deobfuscation ?



Deobfuscation is to convert a program that difficult for human understanding, into simple, understandable. It is an automated approach to removal of code Obfuscation. We can say that reverse engineering or obfuscation.



How to deobfuscate a .net program?


Step1: There are many deobfuscation tools found in the web. I suggest you to use de4dot. De4dot is a best deobfuscation tool which reverse engineering obfuscates such as smart assembly, .net reactor.
Download and extract De4dot.




Step2: Target your .net program which you want to deobfuscate. Then drag targeted program to drop over de4dot.exe
Please look picture below to understand !




























Step3: De4dot console will start in a while. If your targeted
program was build with .net or vb this program automatically deobfuscate code and show a text press any key to exit.
Press any key to exit de4dot console.






Step4: Check your target .net program destination or path to see a new program which ends with cleaned.exe . If this program packed with components those components will unpack after the deobfuscate.
You have successfully deobfuscated your program.

To get source code of deobfuscated program follow this article How to Decompile .net exe




[NOTE: THIS TUTORIAL ONLY FOR EDUCATIONAL PURPOSE ]

3 comments:

  1. can you share de4dot v3.x for me? i needing it. thanks

    ReplyDelete
  2. can you share de4dot v3.x for me? i needing it. thanks, my email: vhau2003@gmail.com.

    ReplyDelete
  3. Thanks For commenting in section, "how to deobfuscate c# .net exe."
    i have sent a mail to you. Check and cheer !

    ReplyDelete