NetReactorSlayer
An open source (GPLv3) deobfuscator for Eziriz .NET Reactor
Preview:
Currently Supported .NET Reactor Versions:
Features:
- Clean Control Flow
- Restore Hidden Calls
- Remove Proxy Calls
- Decrypt Strings
- Remove Anti Tamper
- Remove Anti Debugger
- Decrypt Resources
- Dump Embedded Assemblies
- Decrypt Methods (NecroBit)
- Unpack Native
- Decrypt Tokens
Usage:
Just drag and drop target obfuscated assembly on it.
Optional commands:
--no-necrobit Don't decrypt methods (NecroBit).
--no-anti-tamper Don't remove anti tamper.
--no-anti-debug Don't remove anti debugger.
--no-hide-call Don't restore hidden calls.
--no-str Don't decrypt strings.
--no-rsrc Don't decrypt assembly resources.
--no-deob Don't deobfuscate methods.
--no-arithmetic Don't resolve arithmetic equations.
--no-proxy-call Don't clean proxied calls.
--no-dump Don't dump embedded assemblies.
--no-remove Don't remove obfuscator methods, resources, etc...
--no-decrypt-token Don't decrypt tokens.
Known Issues:
-
Strings are still encrypted after deobfuscation:
In some targets string decryptor method is virtualized, that's why NetReactorSlayer can't decrypt strings.
How to know is string decryptor method is virtualized or not:
The normal string decryptor method should looks like this:
And the virtualized string decryptor method should looks like one of below images:
That's why NetReactorSlayer get's failed to clean controlflow because it's don't have a feature yet to devirtualize virtualized methods.
-
Target file not working after deobfuscation:
- Try to save deobfuscated file with Preserve all MD tokens & Keep old MaxStack options:
Note:
Its free, but there is no support for it, I'll keep updating it for latest .NET Reactor version as I can.
Credits:
https://github.com/SychicBoy/NetReactorSlayer/releases | 
[复制链接]
发表于 2022-2-24 10:58
