[Tool] de4dot - Deobfuscator for .NET

[Kalle200000 7]

This program is made by 

Please login or register to see this link.

. Credits to him.

de4dot

Deobfuscator for .NET

Description
de4dot is an open source (GPLv3) .NET deobfuscator and unpacker written in C#. It will try its best to restore a packed and obfuscated assembly to almost the original assembly. Most of the obfuscation can be completely restored (eg. string encryption), but symbol renaming is impossible to restore since the original names aren't (usually) part of the obfuscated assembly.

Features
Here's a pseudo random list of the things it will do depending on what obfuscator was used to obfuscate an assembly:
Inline methods. Some obfuscators move small parts of a method to another static method and calls it.

• Decrypt strings statically or dynamically
• Decrypt other constants. Some obfuscators can also encrypt other constants, such as all integers, all doubles, etc.
• Decrypt methods statically or dynamically
• Remove proxy methods. Many obfuscators replace most/all call instructions with a call to a delegate. This delegate in turn calls the real method.
• Rename symbols. Even though most symbols can't be restored, it will rename them to human readable strings. Sometimes, some of the original names can be restored, though.
• Devirtualize virtualized code
• Decrypt resources. Many obfuscators have an option to encrypt .NET resources.
• Decrypt embedded files. Many obfuscators have an option to embed and possibly encrypt/compress other assemblies.
• Remove tamper detection code
• Remove anti-debug code
• Control flow deobfuscation. Many obfuscators modify the IL code so it looks like spaghetti code making it very difficult to understand the code.
• Restore class fields. Some obfuscators can move fields from one class to some other obfuscator created class.
• Convert a PE exe to a .NET exe. Some obfuscators wrap a .NET assembly inside a Win32 PE so a .NET decompiler can't read the file.
• Removes most/all junk classes added by the obfuscator.
• Fixes some peverify errors. Many of the obfuscators are buggy and create unverifiable code by mistake.
• Restore the types of method parameters and fields

Supported obfuscators/packers

• Agile.NET (aka CliSecure)
• Babel.NET
• CodeFort
• CodeVeil
• CodeWall
• CryptoObfuscator
• DeepSea Obfuscator
• Dotfuscator
• .NET Reactor
• Eazfuscator.NET
• Goliath.NET
• ILProtector
• MaxtoCode
• MPRESS
• Rummage
• Skater.NET
• SmartAssembly
• Spices.Net
• Xenocode

 

How to use de4dot

Easy: Drag and drop the file(s) onto de4dot.exe and wait a few seconds.

Advanced: Start de4dot without any arguments and it will show all options.

 

 

Download

Please login or register to see this link.

 

UPDATED: June 19, 2016

Edited June 19, 2016 by Kalle200000

[Pnurt 186]

0xd4d deserves more credits then size 1 text top-right!

OnT: This is an awesome piece of software.

[M4trixD3Cod3R 17]

A really great tools, i used that to decompile HB 

[Ocrion 699]

I've compiled the latest version of de4dot and it can be downloaded here for anyone that's intressted.

 

de4dot-3.1.41592

Please login or register to see this link.

 

• Support Agile.NET 6.3.0.10 - 6.3.0.18
• Support CryptoObfuscator (latest build)
• Support Eazfuscator.NET 4.2 - 4.3
• Support ILProtector 2.0.11.1 - 2.0.13.1
• Support more MaxtoCode runtimes
• Detect .NET Reactor 4.8
• Fix bug in Spices.Net resource renamer
• Fix rare CSVM parser bug (it would fail to devirtualize all methods)

[Ussagui 11]

A really great tools, i used that to decompile HB 

What do you mean with decopile? can give a better example?

maby with prnt scrn or video?

Thanks

[Ocrion 699]

What do you mean with decopile? can give a better example?

maby with prnt scrn or video?

Thanks

With decompile he means view the "sourcecode" from a debugger, like .NET reflector, OllyDBG or IDA.

[Ussagui 11]

you guys cold do some tutorials about those software ... i want to be an IE =)

teach how to reverse and etc... easy stuff just to learn something

[Foxez 463]

you guys cold do some tutorials about those software ... i want to be an IE =)

teach how to reverse and etc... easy stuff just to learn something

Google crackme  

[AcidRain 78]

Anybody who can share the last version ?

Repo is now private

 

greetings

[Angel 0]

Anybody who can share the last version ?

Repo is now private

 

greetings

 

binaries are, source isn't. 

Please login or register to see this link.

, have fun.

[Ocrion 699]

Anybody who can share the last version ?

Repo is now private

 

greetings

 

Compiled and ready

Please login or register to see this link.

[leetone 26]

Woah seriously the binaries were made private? I don't see what someone who can't compile it would  do with it anyways but thanks orcrion for making it convenient

[Ussagui 11]

Compiled and ready

Please login or register to see this link.

can you tell me how did you compiled?

[Ocrion 699]

can you tell me how did you compiled?

I followed the instructions on the github page.

[0xE5CA 1]

download the dnlib first.

put it in dnlib folder.

 

correct 1 mistake ... there is a mistake in de4dot.cui that was class instead of public class.

so like 

	public class Program {		static IList<IDeobfuscatorInfo> deobfuscatorInfos = CreateDeobfuscatorInfos();		static IList<IDeobfuscatorInfo> CreateDeobfuscatorInfos() {			return new List<IDeobfuscatorInfo> {				new de4dot.code.deobfuscators.Unknown.DeobfuscatorInfo(),				new de4dot.code.deobfuscators.Agile_NET.DeobfuscatorInfo(),...

gl

[Ocrion 699]

download the dnlib first.

put it in dnlib folder.

 

correct 1 mistake ... there is a mistake in de4dot.cui that was class instead of public class.

so like 

	public class Program {		static IList<IDeobfuscatorInfo> deobfuscatorInfos = CreateDeobfuscatorInfos();		static IList<IDeobfuscatorInfo> CreateDeobfuscatorInfos() {			return new List<IDeobfuscatorInfo> {				new de4dot.code.deobfuscators.Unknown.DeobfuscatorInfo(),				new de4dot.code.deobfuscators.Agile_NET.DeobfuscatorInfo(),...

gl

Mistake? I haven't had any issues without correcting anything?

[leetone 26]

Please login or register to see this link.

 

What's the problem? I figured it out in 5 minutes.

You need to install git and sed, and then once you git clone to the directory and you have sed as a command, you gotta copy the files where sed.exe is to your de4dot folder for the command to work. Also remove the ' ' around the link. then you won't get any errors.

 

Compile as usual ..

[Casca 5]

Thanks for the tool. I typically don't tinker much with .NET stuff, but I'd rather have too many tools than too few.

[AlphaX 0]

Hello Guys , I need some help. I keep getting this error.Can anyone please help me ? And please give the answer in simple language :3 I am not too good with this stuff.Thanks

 

Please login or register to see this link.

 

 

[Ocrion 699]

48 minutes ago, AlphaX said:

Hello Guys , I need some help. I keep getting this error.Can anyone please help me ? And please give the answer in simple language :3 I am not too good with this stuff.Thanks

 

Please login or register to see this link.

 

 

Find out which obfuscator was used first of all

[AlphaX 0]

Microsoft Visual C# / Basic .NET [Overlay]   it says (coding is done in this).

Edited May 9, 2016 by AlphaX

[AlphaX 0]

3 minutes ago, AlphaX said:

Microsoft Visual C# / Basic .NET [Overlay]   it says (coding is done in this).

 

10 minutes ago, Ocrion said:

Find out which obfuscator was used first of all

Microsoft Visual C# / Basic .NET [Overlay] Coding is done in these.

[Ocrion 699]

Just now, AlphaX said:

 

Microsoft Visual C# / Basic .NET [Overlay] Coding is done in these.

Indeed, but that's just the coding. You need to open the code up too and find out which obfuscator was used

[AlphaX 0]

3 minutes ago, Ocrion said:

Indeed, but that's just the coding. You need to open the code up too and find out which obfuscator was used

How to do that ? Can you please elaborate , coz i am new with this stuff.Thanks.

[FiNNDEVZ 0]

ty