All
screenshots has been done with http://getgreenshot.org. This is amazing application
and free. If you like it, please donate.
! If you are developing .NET
application for commercial sale, you must implement protection which is other
than simple obfuscation. There is tools on market which can deobfusicate .NET .
One of them
Tools
De4dot http://de4dot.com/ -
tool for deobfusication
FEATURES
|
OBFUSCATORS / PACKERS
|
Reflector : http://www.red-gate.com/products/dotnet-development/reflector/
tool for decompiling code.
Add-ons for Reflector :
1)
Reflexil is an assembly editor and runs as a plug-in for Red Gate's Reflector, ILSpy and Telerik's JustDecompile. Reflexil is using Mono. Cecil, written by Jb Evain and is able to manipulate IL code and save the modified assemblies to disk. Reflexil also supports C#/VB.NET code injection.
Reflexil is an assembly editor and runs as a plug-in for Red Gate's Reflector, ILSpy and Telerik's JustDecompile. Reflexil is using Mono. Cecil, written by Jb Evain and is able to manipulate IL code and save the modified assemblies to disk. Reflexil also supports C#/VB.NET code injection.
2) If you need search in Reflector: http://reflectoraddins.codeplex.com/wikipage?title=CodeSearch Code Search is an add-in for .Net Reflector that allows searching within the source code.
To install
addons :
And
Decrypting obfuscated files
1)
Download and unzip de4dot .
2)
Drag and drop obfuscated file on de4dot icon
3)
You will get TestRename-cleaned.exe
In my case I took file TestRename.exe and DragNDrop on
de4dot.exe. If you have 64 bit application, that drop on de4dot-x64.exe.
Couple seconds later you will see new file created
TestRename-cleaned.exe. this is deobfusicated file which you can use in
Reflector..
Reflector:
You can try to use http://ilspy.net/
as well.
Simple way
1) Open
assembly :
When you
will open assembly, you can search though the code for “goodies”:
Or you can
simply export source code to other folder and work with it in Notepad++ or
other free text editor:
In my case after
exporting (decompile) code, in exported directory I was searching for “License” text and getting list of files which contain some interesting
information:
In one file
I found :
private string GetDiscountCoupon(DiscountypeEnum dt)
private string GetDiscountCoupon(DiscountypeEnum dt)
{
switch (dt)
{
case DiscountypeEnum.Percent10:
return
"LIZA-DPQT";
case DiscountypeEnum.Percent15:
return "LIZA-7XY4-IPCX";
case DiscountypeEnum.Percent20:
return
"LIZA-AM84-XDVM";
case DiscountypeEnum.Percent25:
return
"LIZA-R08M-AWTK";
case DiscountypeEnum.Percent50:
return
"LIZ-R764-LPL";
}
return "";
This is list of discounts.
And in another file I
found:
Data encryptedData = new Data
{
Hex = str2
};
return new Symmetric(Symmetric.Provider.TripleDES,
true) { Key = { Text = "EzF6@CD4-72$C-49b3-96*-329di949mcoB49}" }
}.Decrypt(encryptedData).Text;
}
public static bool
RegisterApplication(string key)
{
key = key.Trim();
string str2 =
"B4FA7A5DA5AF2E63D97F819A5362CDA0";
Hash hash = new
Hash(Hash.Provider.MD5);
Data d = new Data(key);
string hex =
hash.Calculate(d).Hex;
if (((str2.Length >
5) && (key.Length < 30)) && (hex == str2))
{
SetAppConfig("KH", hex, true);
SetAppConfig("RD", Conversions.ToString(DateTime.Today),
true);
m_IsRegisteredProduct = 0;
return true;
Where I
found : string str2 = "B4FA7A5DA5AF2E63D97F819A5362CDA0";
Hash hash = new
Hash(Hash.Provider.MD5);
On the website: http://www.md5online.org/
decrypting this hash revealing the registration key.
That was easiest reversing which I ever done.
Complicated way ( will follow )
