Created
April 25, 2017 17:42
-
-
Save AxDSan/ccdb8dfda3c9ce4f6cec39330fd0a1b2 to your computer and use it in GitHub Desktop.
mild deobfuscator for TestObfuscated.exe from dnPatch
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| using System; | |
| using System.Collections.Generic; | |
| using System.Linq; | |
| using System.Text; | |
| using System.Threading.Tasks; | |
| using dnpatch; | |
| using dnlib; | |
| using MadMilkman.Ini; | |
| using System.IO; | |
| using dnlib.DotNet.Emit; | |
| namespace Deobfuscaterino | |
| { | |
| class Program | |
| { | |
| public const string strSectionName = "Deobfuscation Config"; | |
| public const string strKeyName = "Target"; | |
| public static string strTargetPath = Directory.GetCurrentDirectory() + "\\deob_config.ini"; | |
| public static string targetFromIni; | |
| static void Main(string[] args) | |
| { | |
| targetFromIni = LoadConfig(); | |
| Console.ForegroundColor = ConsoleColor.White; | |
| Console.WriteLine("Welcome to Shitty Deobfuscator v0.1"); | |
| Console.WriteLine("-----------------------------------"); | |
| Console.ForegroundColor = ConsoleColor.Yellow; | |
| Console.WriteLine("[+] Initializing Deobfuscation Helpers"); | |
| Console.WriteLine("[+] Nah Jokes, I'm not that fancy..."); | |
| Console.WriteLine("[+] Preparing File for Deobfuscation"); | |
| Console.ForegroundColor = ConsoleColor.White; | |
| var p = new Patcher(targetFromIni); | |
| Instruction[] instr = new Instruction[] | |
| { | |
| Instruction.Create(OpCodes.Ldc_I4_3), | |
| Instruction.Create(OpCodes.Ldc_I4_3), | |
| Instruction.Create(OpCodes.Ldc_I4_3), | |
| Instruction.Create(OpCodes.Ldc_I4_4), | |
| Instruction.Create(OpCodes.Ldc_I4_4), | |
| Instruction.Create(OpCodes.Ldc_I4_4), | |
| Instruction.Create(OpCodes.Ldc_I4_3), | |
| Instruction.Create(OpCodes.Ldc_I4_4), | |
| Instruction.Create(OpCodes.Ldc_I4_3), | |
| Instruction.Create(OpCodes.Ldc_I4_3), | |
| Instruction.Create(OpCodes.Ldc_I4_4), | |
| Instruction.Create(OpCodes.Ldc_I4_4), | |
| Instruction.Create(OpCodes.Ldc_I4_3), | |
| Instruction.Create(OpCodes.Ldc_I4_3), | |
| Instruction.Create(OpCodes.Ldc_I4_3), | |
| Instruction.Create(OpCodes.Ldc_I4_3), | |
| Instruction.Create(OpCodes.Ldc_I4_3), | |
| Instruction.Create(OpCodes.Ldc_I4_3), | |
| Instruction.Create(OpCodes.Ldc_I4_4), | |
| Instruction.Create(OpCodes.Ldc_I4_4), | |
| Instruction.Create(OpCodes.Ldc_I4_4), | |
| Instruction.Create(OpCodes.Ldc_I4_3), | |
| Instruction.Create(OpCodes.Ldc_I4_3), | |
| Instruction.Create(OpCodes.Ldc_I4_4), | |
| Instruction.Create(OpCodes.Ldc_I4_3), | |
| Instruction.Create(OpCodes.Ldc_I4_3), | |
| Instruction.Create(OpCodes.Ldc_I4_4), | |
| Instruction.Create(OpCodes.Ldc_I4_4), | |
| Instruction.Create(OpCodes.Ldc_I4_4), | |
| Instruction.Create(OpCodes.Ldc_I4_3), | |
| Instruction.Create(OpCodes.Ldc_I4_3), | |
| Instruction.Create(OpCodes.Ldc_I4_4), | |
| Instruction.Create(OpCodes.Ldc_I4_3), | |
| Instruction.Create(OpCodes.Ldc_I4_3), | |
| Instruction.Create(OpCodes.Ldc_I4_4), | |
| Instruction.Create(OpCodes.Ldc_I4_4), | |
| Instruction.Create(OpCodes.Ldc_I4_4), | |
| Instruction.Create(OpCodes.Ldc_I4_3), | |
| Instruction.Create(OpCodes.Ldc_I4_4), | |
| Instruction.Create(OpCodes.Ldc_I4_3), | |
| Instruction.Create(OpCodes.Ldc_I4_3), | |
| Instruction.Create(OpCodes.Ldc_I4_4), | |
| Instruction.Create(OpCodes.Ldc_I4_4), | |
| Instruction.Create(OpCodes.Ldc_I4_4), | |
| Instruction.Create(OpCodes.Ldc_I4_3), | |
| Instruction.Create(OpCodes.Ldc_I4_4), | |
| Instruction.Create(OpCodes.Ldc_I4_3), | |
| Instruction.Create(OpCodes.Ldc_I4_4), | |
| Instruction.Create(OpCodes.Ldc_I4_3), | |
| Instruction.Create(OpCodes.Ldc_I4_3), | |
| Instruction.Create(OpCodes.Ldc_I4_3), | |
| Instruction.Create(OpCodes.Ldc_I4_3), | |
| Instruction.Create(OpCodes.Ldc_I4_3), | |
| Instruction.Create(OpCodes.Ldc_I4_3), | |
| Instruction.Create(OpCodes.Ldc_I4_4), | |
| Instruction.Create(OpCodes.Ldc_I4_3), | |
| Instruction.Create(OpCodes.Ldc_I4_3), | |
| Instruction.Create(OpCodes.Ldc_I4_3), | |
| Instruction.Create(OpCodes.Ldc_I4_4), | |
| Instruction.Create(OpCodes.Ldc_I4_4), | |
| Instruction.Create(OpCodes.Ldc_I4_4), | |
| Instruction.Create(OpCodes.Ldc_I4_3), | |
| Instruction.Create(OpCodes.Ldc_I4_4), | |
| Instruction.Create(OpCodes.Ldc_I4_3), | |
| Instruction.Create(OpCodes.Ldc_I4_3), | |
| Instruction.Create(OpCodes.Ldc_I4_3), | |
| Instruction.Create(OpCodes.Ldc_I4_4), | |
| Instruction.Create(OpCodes.Ldc_I4_3), | |
| Instruction.Create(OpCodes.Ldc_I4_3), | |
| Instruction.Create(OpCodes.Ldc_I4_4), | |
| Instruction.Create(OpCodes.Ldc_I4_4), | |
| Instruction.Create(OpCodes.Ldc_I4_4), | |
| Instruction.Create(OpCodes.Ldc_I4_3), | |
| Instruction.Create(OpCodes.Ldc_I4_3), | |
| Instruction.Create(OpCodes.Ldc_I4_4), | |
| Instruction.Create(OpCodes.Ldc_I4_4), | |
| Instruction.Create(OpCodes.Ldc_I4_4), | |
| Instruction.Create(OpCodes.Ldc_I4_3), | |
| Instruction.Create(OpCodes.Ldc_I4_3), | |
| Instruction.Create(OpCodes.Ldc_I4_4), | |
| Instruction.Create(OpCodes.Ldc_I4_3), | |
| Instruction.Create(OpCodes.Ldc_I4_3), | |
| Instruction.Create(OpCodes.Ldc_I4_4), | |
| Instruction.Create(OpCodes.Ldc_I4_4), | |
| Instruction.Create(OpCodes.Ldc_I4_3), | |
| Instruction.Create(OpCodes.Ldc_I4_3), | |
| Instruction.Create(OpCodes.Ldc_I4_3), | |
| Instruction.Create(OpCodes.Ldc_I4_4), | |
| Instruction.Create(OpCodes.Ldc_I4_3), | |
| Instruction.Create(OpCodes.Ldc_I4_4), | |
| Instruction.Create(OpCodes.Ldc_I4_4), | |
| Instruction.Create(OpCodes.Ldc_I4_4), | |
| Instruction.Create(OpCodes.Ldc_I4_3), | |
| Instruction.Create(OpCodes.Ldc_I4_4), | |
| Instruction.Create(OpCodes.Ldc_I4_3), | |
| Instruction.Create(OpCodes.Ldc_I4_3) | |
| }; | |
| int instr_counter = 0; | |
| for (int i = 6; i < 485; i += 5) | |
| { | |
| Instruction opCodeReplaceInstruction = instr[instr_counter]; | |
| var target = new Target() | |
| { | |
| Namespace = "TestObfuscated", | |
| Class = "Program", | |
| Method = "Main", | |
| Instruction = opCodeReplaceInstruction | |
| }; | |
| target.Index = i; | |
| p.Patch(target); | |
| instr_counter++; | |
| } | |
| p.Save("TestObfuscated_deob.exe"); | |
| Console.WriteLine("\n\nDone!"); | |
| Console.Read(); | |
| } | |
| private static string LoadConfig() | |
| { | |
| // Create new file. | |
| IniFile iniFile = new IniFile(); | |
| if (!File.Exists(strTargetPath)) | |
| { | |
| // Add new section. | |
| IniSection section = iniFile.Sections.Add(strSectionName); | |
| // Add new key and its value. | |
| IniKey key = section.Keys.Add(strKeyName, "C:\\tmp\\test.exe"); | |
| // Read file's specific value. | |
| //Console.WriteLine(file.Sections[strSectionName].Keys[strKeyName].Value); | |
| iniFile.Save(Directory.GetCurrentDirectory() + "\\deob_config.ini"); | |
| } | |
| iniFile.Load(strTargetPath); | |
| return iniFile.Sections[strSectionName].Keys[strKeyName].Value; | |
| } | |
| } | |
| } |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment