Jump to content


  • Content Count

  • Joined

  • Days Won


Everything posted by DARKER

  1. Sometime is enough just read carefully homepage/help/documentation. You can find e.g. that for full version you need download extra install


    Eazfuscator.NET 2019.3 released on September 29, 2019 Visualization of homomorphically encrypted regions of code .NET Core 3.0 support .NET Standard 2.1 support Visual Studio 2019 version 16.3+ support JetBrains Rider 2019.2 support Added ability to mark static method as a module initializer Improved ASP.NET Core support Improved .NET Native support Improved Visual Studio integration Improved homomorphic encryption coverage Fixed issue with a locked file that could occur during update installation Fixed issue in method overload matching of ref readonly return types Fixed bug that could lead to an issue with default values of optional method parameters Fixed VM issue that might occur in compiler-generated async state machine code Fixed XML Documentation Filter issue with nested generic classes Fixed XML Documentation Filter issue that occurred in MSBuild project integration mode Fixed XAML issue that could lead to "Unknown BAML record type 0x22" error during obfuscation Fixed issue with .NET Core reflection introspection Fixed issue with .NET Native compilation that could occur when code control flow obfuscation was on Fixed issue with UWP assembly merging that could lead to an endless loop in merger
  3. IMHO, for fast patching is definitely best Hiew.


    Eazfuscator.NET 2019.2 released on June 19, 2019 JetBrains Rider 2019.1 support .NET Framework 4.8 support Improved Visual Studio 2019 support Improved .NET Core 2.2 support Improved reflection analysis for Windows Forms data binding semantics Improved preliminary support for .NET Core 3.0 Fixed issue with .NET Core assemblies resolution Fixed VM issue with System.Span<T> and System.ReadOnlySpan<T> types Fixed VM issue with .NET Framework 4.0 assemblies that could lead to NullReferenceException during runtime under rare specific conditions Fixed issue with MSBuild integration that occurred when Eazfuscator.NET target files were used under .NET Core MSBuild Fixed issue that could lead to "The attribute 'Version' in element <PackageReference> is unrecognized" error during obfuscation
  5. As i remember some parts of InsidePro was written in ASM for better speed.
  6. You can inspire also with this: https://github.com/hashcat/maskprocessor it's BF algo + Mask attack (used also in hashcat)
  7. It works, but has big timeout ... try do some more refresh and sometime it works
  8. Because of these things. They start creating new fake accounts for this war..


    Eazfuscator.NET 2018.3 (released on August 15, 2018) .NET Core 2.1 support Unity 2018.2 support Out-of-the-box support for Fody and PostSharp build tools Added ability to check for closure criteria in conditional obfuscation of types Added ability to separately control obfuscation of method parameters with parameters renaming and optional parameters pruning directives Added automatic expansion of script and environment variables specified in ilmerge custom parameters directive 64 bit is now the preferred mode of Eazfuscator.NET operation Improved Visual Studio integration Improved JSON serialization support Improved reflection analysis for scenarios involving enums Improved debug renaming behavior for method arguments: they are now renamed in accordance to a debug pattern to simplify the obfuscation diagnostics Significantly improved obfuscation speed for some edge-case scenarios Fixed issue with generic methods overloading Fixed issue with serialization of enum array values in custom attributes Fixed issue with a ref return type of a method annotated by modopt/modreq modifiers Fixed issue that could lead to breaking of an indexer property when declaring type implemented several interfaces that defined such a property Fixed issue with handling of InternalsVisibleTo attribute that could lead to an unexpected auto-sealing of an internal class under specific conditions Fixed XAML issue with binding to a static property using a type-qualified path Fixed VM issue with typeof() expressions for generic type definitions Fixed MSBuild integration issue with F# .NET Core and .NET Standard projects
  10. Some my old .NET StringFind + StringDecoder adaptation: Dot Net String Decoder http://progress-tools.x10.mx/dnsd.html Description: Program can list or decrypt strings used in .NET executable based on user decryption plugins and rebuild new assembly with decoded strings. Method names, control flow etc. are unchanged in assembly! Features: - List all strings that are used in .NET executable - Generic search for decoding function like: DecodeFunction(Byval Coded_String as String) As String - Decrypt strings based on your own plugin - Very simple plugin interface (C#, VB.NET) - Preview of string decryption (checking results) - Rebuild application with decoded strings (removing decoding function) - Explorer with all methods for fast navigation - Export method tree to text file - Fast string extraction - Very good and easy searching - Export strings to text file for further processing - DisAssemble selected method - Instruction coloring for fast navigation (Strings, Numbers, Calls, Jumps) - See real file offset and opcode bytes - Jump from opcode to file with hexeditor (patching) DNSD in action:
  11. Another standalone tool for analyzing .NET strings: Dot Net String Decoder http://progress-tools.x10.mx/dnsd.html
  12. DARKER


    Eazfuscator.NET 5.4 (October 4, 2016) .NET Framework 4.6.2 support Out of the box support for Entity Framework Core Obfuscation attributes prioritization Automatic authenticode signing of obfuscated ClickOnce assemblies when corresponding certificate is specified in Visual Studio project settings Preliminary support for Visual Studio "15" Preview Improved Visual Studio integration Improved compatibility with .NET Native Improved LINQ to SQL support Improved reflection analysis for LINQ expressions Fixed issue with lost calling convention of calli instruction's operand Fixed issue that occured when trying to obfuscate UWP assemblies with a NuGet reference to Microsoft.NETCore.UniversalWindowsPlatform 5.2.2 package Fixed issue that could lead to endless loop during analysis of IL code Fixed issue that could lead to exception during obfuscation related to serialization of assembly custom attributes in .netmodule files Fixed issue in Visual Studio extension that could lead to error dialogs in Visual Studio 2015 versions prior to Update 1 Fixed issue with ClickOnce manifests and timestamp server URL which might not be considered during obfuscation Fixed issue with NuGet package assemblies resolution Fixed issue that could lead to exception "A numeric comparison was attempted on A.B that evaluates to X.Y instead of a number" during obfuscation. The issue was caused by MSBuild integration subsystem of Eazfuscator.NET and manifested itself with UWP and PCL projects when Visual Studio 2015 Update 3 was installed on developer machine Eazfuscator.NET 5.3 (June 15, 2016) Deeper Visual Studio integration Resource sanitization Out of the box support for ServiceStack framework Automatic handling of NuGet 3 project semantics Better code optimization. Added new hot spot optimizers Greatly improved reflection analysis for scenarios involving reflection calls Improved JSON serialization support Improved support for Unity projects Fixed issue that occured when trying to add protection to UWP 1.3 projects Fixed issue with design-time usage protection option and methods marked with System.Web.Services.WebMethodAttribute Fixed regression that could lead to StackOverflowException during obfuscation under some rare circumstances Fixed rare issue that could lead to race condition during obfuscation Fixed issue with inlining of entry point methods
  13. DARKER


    For templates in old DOS times i was using StructLook - very old product from Eugene Suslikov (Hiew) - probably first "templator", now it can be done also in HIEW via HEM. Last time i try this: http://www.fairdell.com/hextemplate/ but Hexinator has better coloring and is "new supported" product.
  14. DARKER


    Yes, templates looks great but how many time you use it? :-) For me WinHex can do every job that i need.
  15. DARKER


    Version 5.1 released on December 4, 2015 http://www.gapotchenko.com/eazfuscator.net/esd/Eazfuscator.NET%205.1%20Setup.msi There exist also remover (EazUnlock) for the restrictions placed on executables by trial version (cannot run on another computer, and expires after a few days). Maybe has someone access there ... https://www.nulled.cr/topic/24434-eazunlock-remove-eazfuscatornet-trial-restrictions/
  16. Here i upload small test file (original.dll) and file that is nicely deobfuscated (target.dll, just for imagination, how it should look, not my work). See attached picture where is output compared (OnConnection procedure) So i test it with these parameters: de4dot-x64.exe original.dll (automatic mode that correctly detect Dotfuscator) de4dot-x64.exe original.dll -p un --un-name "(^[a-zA-Z0-9]{2,}$)" But none of this parameters produce so nice output as is in target.dll, in de4dot documentation is this mentioned: Eg., currently the following is the default regex used when Dotfuscator is detected !^[a-z][a-z0-9]{0,2}$&!^A_[0-9]+$&^[\u2E80-\u9FFFa-zA-Z_<{$][\u2E80-\u9FFFa-zA-Z_0-9<>{}$.`-]*$ As you can see, it's not just one regex, it's more than one. Each one is separated by & and each regex can be negated by using ! in front of it. To show it more clearly, these regexes are used: (negated) ^[a-z][a-z0-9]{0,2}$ (negated) ^A_[0-9]+$ ^[\u2E80-\u9FFFa-zA-Z_<{$][\u2E80-\u9FFFa-zA-Z_0-9<>{}$.`-]*$ maybe some other parameters? or other deobfuscator? NOP: i already use RegexBudy, best tool for testing Regex :-) d.zip
  17. I play little with last version of de4dot but variable names stay with original names (dotfuscator example) ... i try it wit auto and also with unsupported/unknown obfuscator mode ... (same result) Question is: what is currently best for generic renaming of objects in .NET ? (eg, String_1, Integer_1, Form_1, Class_1 ...) In past i use something but it was very old tool ....
  18. DARKER

    IDA6.6 + HexRays 2.0

    It doesn't help you in this case. Password is used as key for decrypting files. Skipping it by changing jump cause bad decrypting/unpacking files. Inno stores SHA1 hash of the password for comparing if it's password right. BF is useless -> 3226266762397899821056 combinations (password used 12 chars aA9).
  19. And what about free VS 2013 Community edition? (it's same as Professional edition) http://www.visualstudio.com/en-us/news/vs2013-community-vs.aspx Any experiences?
  20. You can disable it by HKEY_CURRENT_USER\Software\Micro soft\VisualStudio\12.0\General\SuppressUppercaseConversion set REG_DWORD value: 1
  21. 1.10 - [17.04.2013] + Added command line and Drag & Drop Support + Remember last window position + Small fixes + Better columns resizing + New Explorer for code navigation + New Disassembler + Exports to text files + a lot of new functionality Your best tool for hunting "Bad boy" messages in .NET :-) Check video: [media=] [/media] Home: http://progress-tools.x10.mx/dnsd.html Download: http://progress-tools.x10.mx/dnsd.zip
  22. Yes, at the end i stay only with some black modified scheme :-) No need to slow down already slow VS with some additional addon :-))
  23. Visual Studio 2012 Dark Theme for Visual Studio 2010 http://gallery.expression.microsoft.com/VS2012DarkFor2010
  24. On full screen too slow, maybe can be algo little bit optimized? ;) (take 100% of CPU) If i find somewhere my old VB6 "Stars" project i put it here ...
  25. Yes i spend some time also with BASS, but i can't find way to play files from buffer or memory. Your case create stream from the file: Dim stream As Integer = Bass.BASS_StreamCreateFile("test.mp3", 0, 0, BASSFlag.BASS_DEFAULT) If stream <> 0 Then ' play the stream channel Bass.BASS_ChannelPlay(stream, False) For this moment is winner FMOD, at the end of my work i put here some summary ;-)
  • Create New...