吾爱破解 - LCG - LSG |安卓破解|病毒分析|www.52pojie.cn

 找回密码
 注册[Register]

QQ登录

只需一步,快速开始

查看: 4867|回复: 16
上一主题 下一主题
收起左侧

[.NET] NetReactorSlayer

  [复制链接]
跳转到指定楼层
楼主
风吹屁屁凉 发表于 2022-2-24 10:58 回帖奖励

NetReactorSlayer

An open source (GPLv3) deobfuscator for Eziriz .NET Reactor

Preview:

Preview

Currently Supported .NET Reactor Versions:

  • From 6.0.0.0 To 6.8.0.0

Features:

  • Clean Control Flow
  • Restore Hidden Calls
  • Remove Proxy Calls
  • Decrypt Strings
  • Remove Anti Tamper
  • Remove Anti Debugger
  • Decrypt Resources
  • Dump Embedded Assemblies
  • Decrypt Methods (NecroBit)
  • Unpack Native
  • Decrypt Tokens

Usage:

Just drag and drop target obfuscated assembly on it.

Optional commands:

--no-necrobit        Don't decrypt methods (NecroBit).
--no-anti-tamper     Don't remove anti tamper.
--no-anti-debug      Don't remove anti debugger.
--no-hide-call       Don't restore hidden calls.
--no-str             Don't decrypt strings.
--no-rsrc            Don't decrypt assembly resources.
--no-deob            Don't deobfuscate methods.
--no-arithmetic      Don't resolve arithmetic equations.
--no-proxy-call      Don't clean proxied calls.
--no-dump            Don't dump embedded assemblies.
--no-remove          Don't remove obfuscator methods, resources, etc...
--no-decrypt-token   Don't decrypt tokens.

Known Issues:

  • Strings are still encrypted after deobfuscation:

    In some targets string decryptor method is virtualized, that's why NetReactorSlayer can't decrypt strings.

    How to know is string decryptor method is virtualized or not:

    The normal string decryptor method should looks like this:
    image
    And the virtualized string decryptor method should looks like one of below images:
    image

image

  • Control Flow Deobfuscator Not Working / Control Flow Deobfuscator Deleted Most OpCodes:

    .NET Reactor 6.7 or above use some arithmetic equations to apply control flow:
    image
    if you click on the class of field, You'll see one of class methods define the fields value on runtime:
    image
    NetReactorSlayer get that fields value to deobfuscate control flow, but in some targets this method is virtualized and the method goanna looks like one of below images:
    image

image
That's why NetReactorSlayer get's failed to clean controlflow because it's don't have a feature yet to devirtualize virtualized methods.

  • Target file not working after deobfuscation:

  • Try to save deobfuscated file with Preserve all MD tokens & Keep old MaxStack options:
    image

Note:

Its free, but there is no support for it, I'll keep updating it for latest .NET Reactor version as I can.

Credits:

https://github.com/SychicBoy/NetReactorSlayer/releases

NetReactorSlayer v2.1.0.0.zip

1.29 MB, 下载次数: 317, 下载积分: 吾爱币 -1 CB

本帖被以下淘专辑推荐:

发帖前要善用论坛搜索功能,那里可能会有你要找的答案或者已经有人发布过相同内容了,请勿重复发帖。

沙发
longerlovey 发表于 2022-2-24 11:25
学习一下
3#
x1290148 发表于 2022-2-24 11:59
学习一下,net工程一般比较简单,但是老外写的强加密确实难解
4#
yasenhacker 发表于 2022-2-24 12:15
5#
chinaxhb 发表于 2022-2-24 13:33
学习一下新技术。
6#
18202856132 发表于 2022-2-24 14:55

学习一下新技术
7#
netle8 发表于 2022-2-24 19:39
学习了,感谢分享!
8#
5201314225 发表于 2022-2-24 23:37
可以呢,,,优秀的脱壳工具。
9#
你猫临死前 发表于 2022-2-25 00:29
https://pan.baidu.com/s/1rs7CXRNAQNuE04sRKFF82g
9rod
10#
lyliucn 发表于 2022-2-25 10:01
net工具,很厉害。
您需要登录后才可以回帖 登录 | 注册[Register]

本版积分规则 警告:本版块禁止灌水或回复与主题无关内容,违者重罚!

快速回复 收藏帖子 返回列表 搜索

RSS订阅|小黑屋|处罚记录|联系我们|吾爱破解 - LCG - LSG ( 京ICP备16042023号 | 京公网安备 11010502030087号 )

GMT+8, 2024-3-29 13:52

Powered by Discuz!

Copyright © 2001-2020, Tencent Cloud.

快速回复 返回顶部 返回列表