Obfuscation artifacts remain #6
Comments
|
Are you sure it is vanilla ConfuserEx (no modifications)? If yes, then please send me the file. |
|
I'm sure it is vanilla ConfuserEx v1.0.0. My test program is in
de4dot-dex-issue.zip.
You can download the zip
<https://www.zipshare.com/fileDownload/eyJhcmNoaXZlSWQiOiJhNTAxMDljYi1iY2U0LTRjZjQtYjc0OC1kMTI4MTU1ZjM0NTgiLCJlbWFpbCI6ImJvYkBwcXN5c3RlbXMuY29tIn0=>
from:
https://www.zipshare.com/fileDownload/eyJhcmNoaXZlSWQiOiJhNTAxMDljYi1iY2U0LTRjZjQtYjc0OC1kMTI4MTU1ZjM0NTgiLCJlbWFpbCI6ImJvYkBwcXN5c3RlbXMuY29tIn0=
.
Please see de4dot-cex issue.pdf in the zip.
Thanks for looking into this.
…On Thu, May 2, 2019 at 7:28 AM Victor ***@***.***> wrote:
Are you sure it is vanilla ConfuserEx (no modifications)? If yes, then
please send me the file.
—
You are receiving this because you authored the thread.
Reply to this email directly, view it on GitHub
<#6 (comment)>, or mute
the thread
<https://github.com/notifications/unsubscribe-auth/ABRVK6EB5D37KIWUSAQP2BTPTLF7NANCNFSM4HJ5IERQ>
.
|
|
Thanks for the detailed description! The issue is that methods are not inlined after their proxies are resolved. I will see what I can do about that :) |
|
I implemented de4dot's default |
|
The issue I identified seems to be working properly now. Thanks a lot!
I'm not sure if I need "inlining of instance methods" working or not. Can
you give me an example of what that looks like in the code? I still see
lots of methods with names like method_N or smethod_N. I'm not sure if some
of those might go away if "inlining of instance methods" was working.
I would like to move our conversation to email. Please email me at:
[email protected].
…On Thu, May 2, 2019 at 8:35 PM Victor ***@***.***> wrote:
I implemented de4dot's default MethodCallInliner. Note that inlining of
instance methods has not been enabled, since I couldn't find that
functionality in the test cases you sent me. Please give it a test yourself
and let me know if everything is working properly:
https://ci.appveyor.com/project/ViRb3/de4dot-cex/builds/24273228/artifacts
—
You are receiving this because you authored the thread.
Reply to this email directly, view it on GitHub
<#6 (comment)>, or mute
the thread
<https://github.com/notifications/unsubscribe-auth/ABRVK6DYMNMNMSXRMYMWWFTPTOCFNANCNFSM4HJ5IERQ>
.
|
|
I discovered an issue where "Name" protection is not properly deobfuscated
in one case.
Please refer to the PDF in:
https://www.zipshare.com/fileDownload/eyJhcmNoaXZlSWQiOiIyNzg4OTBjZS0yN2JkLTQ3ZGQtYmZiOC03YWU2MmI1MDZhMDQiLCJlbWFpbCI6ImJvYkBwcXN5c3RlbXMuY29tIn0=
…On Thu, May 2, 2019 at 8:35 PM Victor ***@***.***> wrote:
I implemented de4dot's default MethodCallInliner. Note that inlining of
instance methods has not been enabled, since I couldn't find that
functionality in the test cases you sent me. Please give it a test yourself
and let me know if everything is working properly:
https://ci.appveyor.com/project/ViRb3/de4dot-cex/builds/24273228/artifacts
—
You are receiving this because you authored the thread.
Reply to this email directly, view it on GitHub
<#6 (comment)>, or mute
the thread
<https://github.com/notifications/unsubscribe-auth/ABRVK6DYMNMNMSXRMYMWWFTPTOCFNANCNFSM4HJ5IERQ>
.
|
|
I will check this when I get back to my laptop. It should be a week or so. |
|
Hello, Are you still working on this? I also found that some artifacts remain on dotfuscator. can you please take a look at it ? https://mega.nz/file/E4whWYJZ#1pGSSouGy2ykfTb2iql_An1cYG3deySjo89f1o0h4CI |
|
Sorry, I don't think I'll have time to maintain this project in the foreseeable future. |
|
Hi,
No, I'm not dealing with this any longer.
Bob
…On Fri, Aug 7, 2020 at 2:40 PM danyhm ***@***.***> wrote:
Hello,
Are you still working on this? I also found that some artifacts remain on
dotfuscator.
can you please take a look at it ?
https://mega.nz/file/E4whWYJZ#1pGSSouGy2ykfTb2iql_An1cYG3deySjo89f1o0h4CI
—
You are receiving this because you authored the thread.
Reply to this email directly, view it on GitHub
<#6 (comment)>, or
unsubscribe
<https://github.com/notifications/unsubscribe-auth/ABRVK6BY7ZYEDM2FN35CMETR7RDADANCNFSM4HJ5IERQ>
.
|
de4dot-cex successfully removed most of the ConfuserEx 1.0.0 protection for me, but some artifacts remain in the code. I'm willing to pay if you are willing to improve de4dot-cex to remove these artifacts.
Are you interested?
The text was updated successfully, but these errors were encountered: