Jump to content


Photo

Help, not show protector (it look like a .net reactor)


  • Please log in to reply
4 replies to this topic

#1 reoto

reoto

    Junior

  • Members
  • Pip
  • 16 posts
  • Gender:Male
  • Team:None-Stop

Posted 03 May 2019 - 01:54 PM

I can't see any protector on this file  ->  https://drive.google...iew?usp=sharing

 

virus total -> https://www.virustot...TU1Njg5MTYzOA==


  • 0

#2 CodeExplorer

CodeExplorer

    .NET/JAVA reverser

  • B@S Team
  • PipPipPipPipPip
  • 917 posts
  • Gender:Male
  • Location:Romania
  • Interests:girls, RE/coding
  • Team:BlackStorm

Posted 03 May 2019 - 04:34 PM

It looks like .NET reactor,
MSIL doesn't seems to be encrypted;
it is only name obfuscation, plus some branches and switches added.
 


  • 1

#3 reoto

reoto

    Junior

  • Members
  • Pip
  • 16 posts
  • Gender:Male
  • Team:None-Stop

Posted 03 May 2019 - 06:09 PM

It looks like .NET reactor,
MSIL doesn't seems to be encrypted;
it is only name obfuscation, plus some branches and switches added.
 

thanks, is there any suggestion for unpacking this file?
I tried with de4dot (add option as well), but doesn't work :(


  • 0

#4 Tianjiao

Tianjiao

    Member

  • Special Members
  • PipPip
  • 47 posts
  • Gender:Male
  • Location:Quanzhou, Fujian, China
  • Interests:To discover.
  • Team:Black

Posted 04 May 2019 - 07:01 AM

If you specify "-p dr4" in the option of de4dot commandline, the result can be much better off.

At least you can see the method name and some code logic now.

However, if you dig it deeper, you would find there is still something unresolved.

Maybe you have to specify the delegate option, to see the protected string.


  • 2

#5 reoto

reoto

    Junior

  • Members
  • Pip
  • 16 posts
  • Gender:Male
  • Team:None-Stop

Posted 04 May 2019 - 11:57 AM

If you specify "-p dr4" in the option of de4dot commandline, the result can be much better off.

At least you can see the method name and some code logic now.

However, if you dig it deeper, you would find there is still something unresolved.

Maybe you have to specify the delegate option, to see the protected string.

It just "-p" before "dr4", but I tried with "--dr4-xxx"
haha, thankyou so much :D


  • 0




1 user(s) are reading this topic

0 members, 1 guests, 0 anonymous users