Wednesday, 29 August 2012

Created Obfuscator

It's been a while, I know, but I was going abroad for a week and that's why I couldn't work on it. But here I am again, and I've been working on an obfuscator created with a combination of Mono.Cecil and AsmResolver.

Current Features:
  • Name Obfuscation
  • Strings Encryption
  • Resource Encryption & Compression
  • Invalid MetaData Obfuscation (Works with AsmResolver)
  • Invalid PE Header Obfuscation (Works with AsmResolver)
  • Tamper Protection (Works with AsmResolver)
  • Anti Debug Obfuscation
  • Anti ILDasm Signature
I'll show you some screenshots of the invalid metadata obfuscation which i think it's the most interesting one.

Left with Invalid MetaData on Level Normal , Right without.


Invalid MetaData  on Level Maximum.

Monday, 20 August 2012

Editing Raw MetaData Values

Hey guys, another update. It is possible to edit the raw values of a metadata row. Have a look:


Friday, 17 August 2012

Another update =D

This time, I've managed to convert all indexes that refers to a single member, to the corresponding member from any metadata table. Pretty funny how these bitwise indexes are used. Unfortunately not multiple members such as properties that refers to a list of methods, like the one of TypeDefinition (second screenshot).

Converted a number to a single member.
I have to find out how to convert numbers to lists of members.

Tuesday, 14 August 2012

All metadata tables added.

Yep, another update. All the tables that are being used are readable. I've also added some optimization such as converting the uints to actual members. But some properties still have the uint value because they are more complicated than others. I also fixed some bugs at variable index sizes, which should be right by now.


A PInvoke implementation with resolved properties.

Friday, 10 August 2012

Support of Managed MetaData

So here is a big update! I've made a big start with the metadata parser for .net applications. With this you can access all kind of members that are available in the application. I have to make all kinds of tables readable and as you can see at the first screenshot you see properties like FieldList and MethodList which are unsigned integers and should be lists. But that will be added soon.


An example of the metadata reader
Members that can be already read from the MetaData

Picked up AsmResolver

Yesterday I've picked up my old project AsmResolver, which is a library for reading .NET and Native applications. I've decided to rewrite most parts of it because the code was written very badly. Here are some screenshots of what it can do at the moment. There are more features, but it would take the entire page  if I made from everything a screenshot.

Disassembling native applications.

Get PE information, including .NET headers and metadata














Blog Started

This is the moment I started this blog to share information about the progress of projects I'm working at. I hope you all will follow it and I hope you like it.