de4dot - Deobfuscator for .NET

0xd4d · #1 09-21-2011, 11:06 PM

This is a .NET deobfuscator.

Source code: https://bitbucket.org/0xd4d/de4dot
Binaries: https://bitbucket.org/0xd4d/de4dot/downloads

It currently supports the following .NET obfuscators:

Babel.NET
CliSecure / Agile.NET
CodeFort
CodeVeil
CodeWall
Crypto Obfuscator
DeepSea
Dotfuscator
Eazfuscator.NET
Goliath.NET
ILProtector
MPRESS
.NET Reactor
MaxtoCode
Rummage
Skater.NET
SmartAssembly
Spices.Net
Xenocode

It has partial support for other obfuscators, but the result might not be runnable.

Depending on obfuscator, it will do one or more of the following:

Rename obfuscated symbols
Deobfuscate control flow
Decrypt strings
Decrypt and dump embedded assemblies
Decrypt resources
Decrypt methods
Fix proxy calls
Inline methods
Remove error reporting code (added exception handlers)
Restore field and method arg types
Get rid of added obfuscator classes and methods

diodolo · #2 09-22-2011, 04:39 AM

Thank you for your great work. I tested on .exe obfuscated with Eazfuscator.NET many other deobfuscator fails your deobfuscator work greatly. The new .exe generated crash when run, but with Reflector I can see the code without problem. Is it normal?

EDIT
Sorry I don't see this feature

Quote:

* Deobfuscated files are runnable

Can I help you to resolve the problem?

diodolo · #3 09-23-2011, 04:58 AM

I see just now. The Class0 load a resource with GetManifestResourceStream and decrypt it with many XOR and GetPublicKeyToken. But I don't understand very well.
After the resource is decrypted load into a Dictionary which resolve the strings.

cimmerian · #4 09-23-2011, 11:43 AM

Tested on .net 1.1. app with dotfuscator and deobfuscated result seems to be very good. Besides runs 100%.

Very good job!

Thank u!

newbieinetrnet · #5 09-30-2011, 11:50 AM

I downloaded it but I don't know how to use it ! Can anybody help me, please ?

diodolo · #6 09-30-2011, 04:53 PM

[Please DO NOT quote whole messages, it is unnecessary]

Thank you for it. I tried on my application and works very great.
Do you continue the development? Have you other obfuscator to improve?

newbieinetrnet · #7 09-30-2011, 10:10 PM

I can't run exe after I deobfuscate program

http://www.mediafire.com/?h5t808fxtmh6gl0

bugmenot2 · #8 10-03-2011, 09:16 AM

Nice Tool dude! Keep it up and up to date.

Greatz

Arix1 · #9 10-05-2011, 12:24 PM

Hi, thanks for your work.

I cannot run a decompiled .NET 1.1 assembly, more precisely, the *.exe file: http://www.mediafire.com/?axqc11m463es9qu.

Good luck onwards.

Marton · #10 11-16-2011, 02:55 AM

I can't save on a DLL with Reflector, it says "Value does not fall within the expected range". When I try to unobfuscate it with your protector, it says: "Ignoring assembly with native code". Here is the file: http://www.mediafire.com/?3iqtjd3q3jsm9rr
Is it an unknown obfuscator? If not, is there a way to remove the native code for getting de4dot to work?
TIA

Thread Tools
Show Printable Version Email this Page
Display Modes
Linear Mode Switch to Hybrid Mode Switch to Threaded Mode