Reverse Engineering RET Homepage RET Members Reverse Engineering Projects Reverse Engineering Papers Reversing Challenges Reverser Tools RET Re-Search Engine Reverse Engineering Forum Reverse Engineering Links

Go Back   Reverse Engineering Team Board > Reverse Engineering Board > .NET Reverse Engineering
FAQ Members List Calendar Search Today's Posts Mark Forums Read

Reply
 
Thread Tools Display Modes
  #1  
Old 04-16-2010, 06:00 AM
henk henk is offline
Junior Member
 
Join Date: Apr 2010
Posts: 2
Default Determine obfuscate .net app

Hello all,

I need some help to determine the obfuscation on this file: http://rapidshare.com/files/37650204...Scan2.exe.html

It is a .net application and i can open it with reflector, but all strings are represented as blocks and in the code it uses "&h..." format for strings.

If anyone can point me in the right direction how to make the strings visible?

Thanks!
Reply With Quote
  #2  
Old 04-18-2010, 03:28 PM
bball0002 bball0002 is offline
Senior Member
 
Join Date: Mar 2009
Posts: 72
Default

Doesn't matter what it is, SimpleAssemblyExplorer decrypts the strings fine .

Here is your file with all strings decrypted (although both error out on Windows 7): http://www.sendspace.com/file/qmol6s

How to:

1. Download SAE: http://simple-assembly-explorer.goog...SAE.v1.10.1.7z

2. Open it and navigate to the target file

3. Right-click and click "Deobfuscator"

4. Uncheck everything except for the "String Options" and leave it as "Automatic".

Hope it helped.
Reply With Quote
  #3  
Old 04-18-2010, 05:32 PM
henk henk is offline
Junior Member
 
Join Date: Apr 2010
Posts: 2
Default

Great!

That worked like a charm! thanks for the info.
Reply With Quote
Reply


Thread Tools
Display Modes

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

vB code is On
Smilies are On
[IMG] code is On
HTML code is Off
Forum Jump





Powered by vBulletin® Version 3.6.4
Copyright ©2000 - 2022, Jelsoft Enterprises Ltd.