Jump to content
kao

Fixed Version Of Dumbassembly

Recommended Posts

Dumbassembly 0.3 bugfixed by kao. Updated on 11-Apr-2011.

 

What's fixed:

1) Assertion failed: index >= 0 && index < m_Data.size (), file d:\vs2010\projects\dumbassembly\shared\lazyvector.h, line 17

2) Assertion failed: outputInfo.m_iOffset >=0 && iBBEndOffset <= iSize, file BasicBlockPool.cpp, line 675

3) Assertion failed: m_iSize < SIZE, file c:\dumbassembly\shared\Pool.h, line 305

4) Bunch of other problems

 

If you find some new problems, feel free to report them PUBLICLY in Black Storm Forum.

I WILL NOT provide any technical support through PMs or emails, so don't even try.

 

Files protected with {SA} 5.5 and 6.0 are not supported by Dumbassembly and probably never will be. It requires too many improvements: they use reflection to decrypt resources and strings, they use TypeSpec, they use of "PoweredBy" attribute instead of stream name, etc. I have no motivation to do that.

 

 

EDIT: updated description and ZIP file.

dumbassembly-0.3bugfixed-11-Apr-2011.zip

Edited by kao

Share this post


Link to post

Great work kao.

 

 

Dumbassembly is crashing in one of my targets. You can download it here:

 

dumbassembly crashing test

 

 

Dnid says it's obfuscated by smartassembly 5.x

 

 

Could you please take a look?

 

Thanks in advance.

Share this post


Link to post

Dumbassembly is crashing in one of my targets.

Nice find, thank you! :) There are several bugs in resource and string decryption that are causing such problems. It will take me some time to fix it. I'll post updated version here as soon as I'll finish it.

 

Cheers,

kao.

Share this post


Link to post

Nice find, thank you! :) There are several bugs in resource and string decryption that are causing such problems. It will take me some time to fix it. I'll post updated version here as soon as I'll finish it.

 

Cheers,

kao.

 

Hi kao. Nice work.

 

Couple of question. Did you try to deobfuscate the newest version of reflector? For me it fails, it says that reflector is not protected with smartassembly.

 

Can you give a source code of bugfixed dumbassembly?

 

PS: I noticed that the new version of smartassembly uses TripleDES instead of DES.

 

Cheers.

Share this post


Link to post

Dumbassembly was made to for {SA} 4.x and 5.0. New Reflector is protected with {SA} 6.0.

 

{SA} 5.5 and 6.0 are not supported by Dumbassembly and probably never will be. It requires too many improvements: they use reflection to decrypt resources and strings, they use TypeSpec, they use of "PoweredBy" attribute instead of stream name, etc. I have no motivation to do that.

 

Why do you want the fixed sources? Any binary diffing tool will show you the changes I made, they are very simple. ;)

 

Cheers,

kao.

Share this post


Link to post

Hi Kao,

Tested working fine! You rules!

 

Thanks a lot! Appreciate your hard work!

Share this post


Link to post

BTW kao, do you mind to share the workaround of your fix? Just out of curiousity..

Share this post


Link to post

do you mind to share the workaround of your fix? Just out of curiousity..

Curiosity killed the cat. ;)

 

I'm ready to share the modified sources with anyone who has a good reason to have them, for example - wants to add support for {SA} 5.5. But as you have stated on reteam forum - you have no C++ skills and no interest in learning it. So - why do you want the sources?

Share this post


Link to post

Curiosity killed the cat. ;)

 

I'm ready to share the modified sources with anyone who has a good reason to have them, for example - wants to add support for {SA} 5.5. But as you have stated on reteam forum - you have no C++ skills and no interest in learning it. So - why do you want the sources?

 

Hi Kao,

As quoted by Git in reteam forum in my thread: "The error is in your lack of knowledge.".. I felt ashamed..

Then I deciced to learn C++ now. ;)

Share this post


Link to post

Loading input file...

Stripping 711 methods...

Scanning for indirect imports...

Decrypting strings...

Assertion failed: pAlgoType, file ResourceDecryptor.cpp, line 102

Share this post


Link to post

Assertion failed: pAlgoType, file ResourceDecryptor.cpp, line 102

Thanks for the bugreport! :) Could you please upload (or PM me) that executable? I'll try to fix the bug (or explain why it can't be fixed easily).

Share this post


Link to post

i would like to give but it seems to be a malware

 

its obfuscated using SmartAssembly 5.5.0.153 and uses runtime framework v4.0.30319 so that would be the issue

Share this post


Link to post

Yes, {SA} 5.5 is not really supported. I'll see if I can add some check in dumbassembly, so that it shows proper error message instead of stupid assert.

 

I agree, uploading malware is not a good idea. Could you please tell me MD5/SHA1 of the file? ;)

Share this post


Link to post

here it is

 

CRC32: 1F8060DF

MD5: 3144495C694127DF7CACECF222B07237

SHA-1: 0CF7DDA9859599B1AB8F27083F82A5667B7E4A47

Share this post


Link to post

Is there a way to decrypt the strings of SmartAssembly 6 assembies ?

Of course, there is a way. But it's not as simple as it used to be in {SA} 5.0, so nobody has a motivation to make a tool and publish it.

 

 

@ksanket: thank you, that file really is protected with {SA} 5.5.. I'll replace the assert in dumbassembly with a better version check. :)

Share this post


Link to post

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.
Note: Your post will require moderator approval before it will be visible.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.


×
×
  • Create New...