String obfuscation techniques in. NET program protection and how to decrypt the obfuscated string

Source: Internet
Author: User

Text: string obfuscation technique in. NET program protection and how to decrypt the obfuscated string

Visual Studio provides a dotfuscator protector that can encrypt strings contained in user code. For example, in order to find the registration algorithm for this program, after loading the assembly with. NET Reflector, the string in the code is found in this form:

New ArrayList (); string str = class64.smethod_0 ("?????????"); string New Version (); BOOL false; int index = Fullname.tolower (). IndexOf (Class64.smethod_0 ("????????"));

Notice that the parameters of the method call in these lines of code are completely not familiar to us, I put it in Google Translate to find its language, the result is a national language in Eastern Europe, in order to get its corresponding English, I have to find this translation information. How to translate this language, translated into English, the result is only specialized translation companies can do, and the price is not cheap, according to the number of words to charge. This road seems to be out of line ...

After realizing that you are in the wrong direction, immediately translate your ideas into English and search with Google. The quality of Google translation is really good.

Soon I get this article decrypting strings in obfuscated assemblies, which tells me that this Assembly has applied a string obfuscation algorithm, the same example is

int num = 19; if (args. Length < 1) {        Console.WriteLine (A ("notices 圢") 弬 Gushan Kaesa??? 稸 吺 like???? Rod???? Immediately?? Honouring Lu?? 奤??? Implanted 佮?? T??????? Uda86 ", num), a (" East 瘞? 匢 "?? City Nightingale to 尲 Wu 匶 corpse? ", num));        Console.readkey ();}

Foreigners see these blocks of text, the first thought is Chinese, hehe, Chinese language in the world is really a bit famous. No wonder Windows Installer specifically has a Aisan language is specifically used to install the Oriental text character set.

The solution is also relatively simple, calling the encrypted method to get its runtime value:

string "East 瘞?" 匢?? City Nightingale? To 尲 Wu 匶 corpse? "; int key = 19; Assembly Assembly = Assembly.loadfile (assemblypath); //Okay, It's sample code: What does you expect!:) MethodInfo Secretmethod = assembly. GetModules () [0]                  . GetMethods (bindingflags.nonpublic| bindingflags.public| BindingFlags.Static) [0]; string decryptedstring = Secretmethod.invoke (nullnewobject as String;

This resolves the anti-aliasing of strings. If you need to call each string in your program, you need to write a GUI that resolves the anti-aliasing in batches.

To do here, basically can understand the meaning of the string in the confusing assembly, however, an article on the Web introduced the tool Dotnetstringsearch, caught my attention, I really was looking for such a tool, also always wanted to do a job once and for all, is that I need a tool program, Open a program that applies string obfuscation, click a button and it will immediately show me the source string and the obfuscated string.

The author of the fine Dotnetstringsearch did not disclose the details of the software, the source code is not open, the only mention of the rainst.net this site of an article, now can not open, there is no way to know its application technology. This road also seems to not go down ...

An accidental reason to see codeproject above an article explaining how to apply mono.cecil to implement. NET code injection, which caught my attention all of a sudden. Unlike our usual reflection, it implements the code to directly modify the assembly, which is much more advanced than the 16 binary tool to modify the Exe/dll binary file, after all it is original. NET code, you can directly debug, observe the implementation process. Take care, find systeminternal a utility above, Strings, this program can extract the contents of the string in the PE file.

Thought on the open, originally not reflected, is directly to the PE file format to read, run strings program, sure enough it read the PE format string resources, and the source code is open, the example program is like this

Static void Main (string[] args) {            try            {                string exepath = args[0];                list<string> alluserstrings = readalluserstrings (exepath);                ". txt", alluserstrings.select (str = csstringconverter.convert (str)));                Console.WriteLine ("Hotovo ... ");            }            Catch (Exception ex)            {                Console.WriteLine ("Exception:" + ex.) ToString ());                Console.WriteLine ("Press a key ...");                Console.readkey ();            } }

Through the above code, you can easily find its source code files, so you can solve my goal: to do a generic string anti-aliasing program, you can encrypt the current popular cryptographic tool string to be anti-aliasing.

String obfuscation techniques in. NET program protection and how to decrypt the obfuscated string

Contact Us

The content source of this page is from Internet, which doesn't represent Alibaba Cloud's opinion; products and services mentioned on that page don't have any relationship with Alibaba Cloud. If the content of the page makes you feel confusing, please write us an email, we will handle the problem within 5 days after receiving your email.

If you find any instances of plagiarism from the community, please send an email to: info-contact@alibabacloud.com and provide relevant evidence. A staff member will contact you within 5 working days.

A Free Trial That Lets You Build Big!

Start building with 50+ products and up to 12 months usage for Elastic Compute Service

  • Sales Support

    1 on 1 presale consultation

  • After-Sales Support

    24/7 Technical Support 6 Free Tickets per Quarter Faster Response

  • Alibaba Cloud offers highly flexible support services tailored to meet your exact needs.