From 9939f5ad3528ada447b891a4933af077dcf89332 Mon Sep 17 00:00:00 2001
From: Cj <161484149+CJ-SPT@users.noreply.github.com>
Date: Mon, 30 Dec 2024 12:52:19 -0500
Subject: [PATCH] Use de4dot directly, remove now unused de4dot component
---
ReCodeItCLI/ReCodeItCLI.csproj | 1 -
RecodeIt.sln | 22 -------------------
RecodeItLib/ReCodeItLib.csproj | 1 +
RecodeItLib/Remapper/DeObfuscator.cs | 32 ++++++++++++++++++++--------
4 files changed, 24 insertions(+), 32 deletions(-)
diff --git a/ReCodeItCLI/ReCodeItCLI.csproj b/ReCodeItCLI/ReCodeItCLI.csproj
index ae4ce9c..b35426c 100644
--- a/ReCodeItCLI/ReCodeItCLI.csproj
+++ b/ReCodeItCLI/ReCodeItCLI.csproj
@@ -10,7 +10,6 @@
-
diff --git a/RecodeIt.sln b/RecodeIt.sln
index ce69ace..69c54ed 100644
--- a/RecodeIt.sln
+++ b/RecodeIt.sln
@@ -11,8 +11,6 @@ Project("{9A19103F-16F7-4668-BE54-9A1E7A4F7556}") = "ReCodeItCLI", "ReCodeItCLI\
EndProject
Project("{FAE04EC0-301F-11D3-BF4B-00C04F79EFBC}") = "DumpLib", "DumpLib\DumpLib.csproj", "{D0837899-F129-46DB-8BDB-7C9AFB72BD30}"
EndProject
-Project("{FAE04EC0-301F-11D3-BF4B-00C04F79EFBC}") = "de4dot-x64", "de4dot\de4dot-x64\de4dot-x64.csproj", "{143623B9-F5AE-4DF6-95BB-12DAE42DC669}"
-EndProject
Project("{FAE04EC0-301F-11D3-BF4B-00C04F79EFBC}") = "de4dot.mdecrypt", "de4dot\de4dot.mdecrypt\de4dot.mdecrypt.csproj", "{7C68B124-809B-4D4A-960B-467B2DAF2A0A}"
EndProject
Project("{FAE04EC0-301F-11D3-BF4B-00C04F79EFBC}") = "de4dot.cui", "de4dot\de4dot.cui\de4dot.cui.csproj", "{2BCD50E1-77D5-47E3-B317-04568BF051AB}"
@@ -119,26 +117,6 @@ Global
{D0837899-F129-46DB-8BDB-7C9AFB72BD30}.Release|x64.Build.0 = Release|Any CPU
{D0837899-F129-46DB-8BDB-7C9AFB72BD30}.Release|x86.ActiveCfg = Release|Any CPU
{D0837899-F129-46DB-8BDB-7C9AFB72BD30}.Release|x86.Build.0 = Release|Any CPU
- {143623B9-F5AE-4DF6-95BB-12DAE42DC669}.Debug|Any CPU.ActiveCfg = Debug|Any CPU
- {143623B9-F5AE-4DF6-95BB-12DAE42DC669}.Debug|Any CPU.Build.0 = Debug|Any CPU
- {143623B9-F5AE-4DF6-95BB-12DAE42DC669}.Debug|ARM.ActiveCfg = Debug|Any CPU
- {143623B9-F5AE-4DF6-95BB-12DAE42DC669}.Debug|ARM.Build.0 = Debug|Any CPU
- {143623B9-F5AE-4DF6-95BB-12DAE42DC669}.Debug|ARM64.ActiveCfg = Debug|Any CPU
- {143623B9-F5AE-4DF6-95BB-12DAE42DC669}.Debug|ARM64.Build.0 = Debug|Any CPU
- {143623B9-F5AE-4DF6-95BB-12DAE42DC669}.Debug|x64.ActiveCfg = Debug|Any CPU
- {143623B9-F5AE-4DF6-95BB-12DAE42DC669}.Debug|x64.Build.0 = Debug|Any CPU
- {143623B9-F5AE-4DF6-95BB-12DAE42DC669}.Debug|x86.ActiveCfg = Debug|Any CPU
- {143623B9-F5AE-4DF6-95BB-12DAE42DC669}.Debug|x86.Build.0 = Debug|Any CPU
- {143623B9-F5AE-4DF6-95BB-12DAE42DC669}.Release|Any CPU.ActiveCfg = Release|Any CPU
- {143623B9-F5AE-4DF6-95BB-12DAE42DC669}.Release|Any CPU.Build.0 = Release|Any CPU
- {143623B9-F5AE-4DF6-95BB-12DAE42DC669}.Release|ARM.ActiveCfg = Release|Any CPU
- {143623B9-F5AE-4DF6-95BB-12DAE42DC669}.Release|ARM.Build.0 = Release|Any CPU
- {143623B9-F5AE-4DF6-95BB-12DAE42DC669}.Release|ARM64.ActiveCfg = Release|Any CPU
- {143623B9-F5AE-4DF6-95BB-12DAE42DC669}.Release|ARM64.Build.0 = Release|Any CPU
- {143623B9-F5AE-4DF6-95BB-12DAE42DC669}.Release|x64.ActiveCfg = Release|Any CPU
- {143623B9-F5AE-4DF6-95BB-12DAE42DC669}.Release|x64.Build.0 = Release|Any CPU
- {143623B9-F5AE-4DF6-95BB-12DAE42DC669}.Release|x86.ActiveCfg = Release|Any CPU
- {143623B9-F5AE-4DF6-95BB-12DAE42DC669}.Release|x86.Build.0 = Release|Any CPU
{7C68B124-809B-4D4A-960B-467B2DAF2A0A}.Debug|Any CPU.ActiveCfg = Debug|Any CPU
{7C68B124-809B-4D4A-960B-467B2DAF2A0A}.Debug|Any CPU.Build.0 = Debug|Any CPU
{7C68B124-809B-4D4A-960B-467B2DAF2A0A}.Debug|ARM.ActiveCfg = Debug|Any CPU
diff --git a/RecodeItLib/ReCodeItLib.csproj b/RecodeItLib/ReCodeItLib.csproj
index bd741bc..5e0d7e3 100644
--- a/RecodeItLib/ReCodeItLib.csproj
+++ b/RecodeItLib/ReCodeItLib.csproj
@@ -176,6 +176,7 @@
+
diff --git a/RecodeItLib/Remapper/DeObfuscator.cs b/RecodeItLib/Remapper/DeObfuscator.cs
index 9ea5931..825a04d 100644
--- a/RecodeItLib/Remapper/DeObfuscator.cs
+++ b/RecodeItLib/Remapper/DeObfuscator.cs
@@ -34,7 +34,8 @@ public static class Deobfuscator
if (!method.Body.Instructions.Any(x =>
x.OpCode.Code == Code.Callvirt &&
- ((IMethodDefOrRef)x.Operand).FullName == "System.Object System.AppDomain::GetData(System.String)"))
+ ((IMethodDefOrRef)x.Operand).FullName ==
+ "System.Object System.AppDomain::GetData(System.String)"))
{
continue;
}
@@ -45,7 +46,8 @@ public static class Deobfuscator
if (potentialStringDelegates.Count != 1)
{
- Logger.Log($"Expected to find 1 potential string delegate method; found {potentialStringDelegates.Count}. Candidates: {string.Join("\r\n", potentialStringDelegates.Select(x => x.FullName))}");
+ Logger.Log(
+ $"Expected to find 1 potential string delegate method; found {potentialStringDelegates.Count}. Candidates: {string.Join("\r\n", potentialStringDelegates.Select(x => x.FullName))}");
}
var methodDef = potentialStringDelegates[0];
@@ -55,14 +57,26 @@ public static class Deobfuscator
token = $"0x{(deobfRid.Raw | deobfRid.Rid):x4}";
Console.WriteLine($"Deobfuscation token: {token}");
- var cmd = isLauncher
- ? $"--un-name \"!^<>[a-z0-9]$&!^<>[a-z0-9]__.*$&![A-Z][A-Z]\\$<>.*$&^[a-zA-Z_<{{$][a-zA-Z_0-9<>{{}}$.`-]*$\" \"{assemblyPath}\" --strtok \"{token}\""
- : $"--un-name \"!^<>[a-z0-9]$&!^<>[a-z0-9]__.*$&![A-Z][A-Z]\\$<>.*$&^[a-zA-Z_<{{$][a-zA-Z_0-9<>{{}}$.`-]*$\" \"{assemblyPath}\" --strtyp delegate --strtok \"{token}\"";
+ string[] dllArgs = [
+ "--un-name",
+ "!^<>[a-z0-9]$&!^<>[a-z0-9]__.*$&![A-Z][A-Z]\\$<>.*$&^[a-zA-Z_<{{$][a-zA-Z_0-9<>{{}}$.`-]*",
+ assemblyPath,
+ "--strtyp",
+ "delegate",
+ "--strtok",
+ $"\"{token}\""
+ ];
+
+ string[] launcherArgs = [
+ "--un-name",
+ "!^<>[a-z0-9]$&!^<>[a-z0-9]__.*$&![A-Z][A-Z]\\$<>.*$&^[a-zA-Z_<{{$][a-zA-Z_0-9<>{{}}$.`-]*",
+ assemblyPath,
+ "--strtok",
+ $"\"{token}\""
+ ];
+
+ de4dot.cui.Program.Main(isLauncher ? launcherArgs : dllArgs);
- var process = Process.Start(executablePath, cmd);
-
- process.WaitForExit();
-
var extName = isLauncher ? "-cleaned.exe" : "-cleaned.dll";
// Fixes "ResolutionScope is null" by rewriting the assembly