DrakiaXYZ/AssemblyTool
0
0
Fork 0
Code Pull Requests Activity

Add De-obfuscator

Browse Source
This commit is contained in:
Cj 2024-06-22 12:39:10 -04:00
parent 141fb6807a
commit 88c94d8391
8 changed files with 111 additions and 17 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
ReCodeItCLI/Commands/BuildCommand.cs → ReCodeItCLI/Commands/Build.cs
View File

@ -8,7 +8,7 @@ using ReCodeItLib.Utils;
namespace ReCodeIt.Commands;
[Command("Build", Description = "(Compile Time Reflection) Build your project and get a dll output for the original assembly.")]
public class BuildCommand : ICommand
public class Build : ICommand
{
private ReCodeItCrossCompiler CrossCompiler { get; set; }

28
ReCodeItCLI/Commands/DeObfuscate.cs Normal file
View File

@ -0,0 +1,28 @@
using CliFx;
using CliFx.Attributes;
using CliFx.Infrastructure;
using ReCodeIt.Utils;
using ReCodeItLib.Remapper;
namespace ReCodeIt.Commands;
[Command("DeObfuscate", Description = "Generates a de-obfuscated -cleaned dll in the folder your assembly is in")]
public class DeObfuscate : ICommand
{
[CommandParameter(0, IsRequired = true, Description = "The absolute path to your obfuscated assembly file, folder must contain all references to be resolved.")]
public string AssemblyPath { get; init; }
public ValueTask ExecuteAsync(IConsole console)
{
DataProvider.LoadAppSettings();
DataProvider.IsCli = true;
Logger.Log("Deobfuscating assembly...");
Deobfuscator.Deobfuscate(AssemblyPath);
Logger.Log("Complete", ConsoleColor.Green);
return default;
}
}

2
ReCodeItCLI/Commands/ReMapCommand.cs → ReCodeItCLI/Commands/ReMap.cs
View File

@ -7,7 +7,7 @@ using ReCodeIt.Utils;
namespace ReCodeIt.Commands;
[Command("ReMap", Description = "Generates a re-mapped dll provided a mapping file and de-obfuscated dll")]
public class ReMapCommand : ICommand
public class ReMap : ICommand
{
private ReCodeItRemapper _remapper { get; set; } = new();

2
RecodeItGUI/GUI/Main.Designer.cs generated
View File

@ -1742,7 +1742,7 @@ partial class ReCodeItForm
Controls.Add(TabControlMain);
FormBorderStyle = FormBorderStyle.FixedSingle;
Name = "ReCodeItForm";
Text = "ReCodeIt V0.1.0 - RC1";
Text = "ReCodeIt V0.1.0";
RemapperTabPage.ResumeLayout(false);
groupBox1.ResumeLayout(false);
groupBox1.PerformLayout();

9
RecodeItGUI/GUI/Main.resx
View File

@ -120,13 +120,4 @@
<metadata name="toolTip1.TrayLocation" type="System.Drawing.Point, System.Drawing, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a">
<value>17, 17</value>
</metadata>
<metadata name="toolTip1.TrayLocation" type="System.Drawing.Point, System.Drawing, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a">
<value>17, 17</value>
</metadata>
<metadata name="toolTip1.TrayLocation" type="System.Drawing.Point, System.Drawing, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a">
<value>17, 17</value>
</metadata>
<metadata name="toolTip1.TrayLocation" type="System.Drawing.Point, System.Drawing, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a">
<value>17, 17</value>
</metadata>
</root>

5
RecodeItLib/DeMangler/ReCodeItDeMangler.cs
View File

@ -1,5 +0,0 @@
namespace ReCodeIt.DeMangler;
internal class ReCodeItDeMangler
{
}

4
RecodeItLib/ReCodeItLib.csproj
View File

@ -19,4 +19,8 @@
<PackageReference Include="morelinq" Version="4.2.0" />
<PackageReference Include="Newtonsoft.Json" Version="13.0.3" />
</ItemGroup>
<ItemGroup>
<Folder Include="DeMangler\" />
</ItemGroup>
</Project>

76
RecodeItLib/Remapper/DeObfuscator.cs Normal file
View File

@ -0,0 +1,76 @@
using Mono.Cecil;
using Mono.Cecil.Cil;
using ReCodeIt.Utils;
using System.Diagnostics;
namespace ReCodeItLib.Remapper;
public static class Deobfuscator
{
public static void Deobfuscate(string assemblyPath)
{
var executablePath = Path.Combine(DataProvider.DataPath, "De4dot", "de4dot.exe");
string token;
using (var assemblyDefinition = AssemblyDefinition.ReadAssembly(assemblyPath))
{
var potentialStringDelegates = new List<MethodDefinition>();
foreach (var type in assemblyDefinition.MainModule.Types)
{
foreach (var method in type.Methods)
{
if (method.ReturnType.FullName != "System.String"
|| method.Parameters.Count != 1
|| method.Parameters[0].ParameterType.FullName != "System.Int32"
|| method.Body == null
|| !method.IsStatic)
{
continue;
}
if (!method.Body.Instructions.Any(x =>
x.OpCode.Code == Code.Callvirt &&
((MethodReference)x.Operand).FullName == "System.Object System.AppDomain::GetData(System.String)"))
{
continue;
}
potentialStringDelegates.Add(method);
}
}
if (potentialStringDelegates.Count != 1)
{
Logger.Log($"Expected to find 1 potential string delegate method; found {potentialStringDelegates.Count}. Candidates: {string.Join("\r\n", potentialStringDelegates.Select(x => x.FullName))}");
}
var deobfRid = potentialStringDelegates[0].MetadataToken;
token = $"0x{((uint)deobfRid.TokenType | deobfRid.RID):x4}";
Console.WriteLine($"Deobfuscation token: {token}");
}
var process = Process.Start(executablePath,
$"--un-name \"!^<>[a-z0-9]$&!^<>[a-z0-9]__.*$&![A-Z][A-Z]\\$<>.*$&^[a-zA-Z_<{{$][a-zA-Z_0-9<>{{}}$.`-]*$\" \"{assemblyPath}\" --strtyp delegate --strtok \"{token}\"");
process.WaitForExit();
// Fixes "ResolutionScope is null" by rewriting the assembly
var cleanedDllPath = Path.Combine(Path.GetDirectoryName(assemblyPath), Path.GetFileNameWithoutExtension(assemblyPath) + "-cleaned.dll");
var resolver = new DefaultAssemblyResolver();
resolver.AddSearchDirectory(Path.GetDirectoryName(assemblyPath));
using (var memoryStream = new MemoryStream(File.ReadAllBytes(cleanedDllPath)))
using (var assemblyDefinition = AssemblyDefinition.ReadAssembly(memoryStream, new ReaderParameters()
{
AssemblyResolver = resolver
}))
{
assemblyDefinition.Write(cleanedDllPath);
}
}
}