Hello Friends,
Need some directions or suggestions. Currently tasked at reversing a dot net executable, but it is obfuscated. Tried De4Dot but it does not reverse or provide something meaningful to process.
DnSpy produces the decompiled source code which is filled with functions, variables starting with #=<long names>. Any idea which obfuscator was used in this case? I'm just trying to see if anyone could quickly guide in getting the name of the obfuscator so that I could proceed in that direction to reverse it.
Some sample code to understand the above description :
Code:
private static void #=zGud5JR$F5ZC4Uc23DVuPuwd27lFw(byte[] #=zHs8_4ViFvF5a2_w0qCR6llOqSSXU, int #=zgkLn5h$uSaTrZRI6KiV4dTI5c$kb, byte[] #=zDaQZNdRiqOTXtrgat4kX3ushtupG)
{
int i = 0;
int num = 0;
int num2 = 128;
int num3 = #=zDaQZNdRiqOTXtrgat4kX3ushtupG.Length;
while (i < num3)
{
if ((num2 <<= 1) == 256)
{
num2 = 1;
num = (int)#=zHs8_4ViFvF5a2_w0qCR6llOqSSXU[#=zgkLn5h$uSaTrZRI6KiV4dTI5c$kb++];
}
if ((num & num2) != 0)
{
int num4 = (#=zHs8_4ViFvF5a2_w0qCR6llOqSSXU[#=zgkLn5h$uSaTrZRI6KiV4dTI5c$kb] >> 2) + 3;
int num5 = (((int)#=zHs8_4ViFvF5a2_w0qCR6llOqSSXU[#=zgkLn5h$uSaTrZRI6KiV4dTI5c$kb] << 8) | (int)#=zHs8_4ViFvF5a2_w0qCR6llOqSSXU[#=zgkLn5h$uSaTrZRI6KiV4dTI5c$kb + 1]) & 1023;
#=zgkLn5h$uSaTrZRI6KiV4dTI5c$kb += 2;
int num6 = i - num5;
if (num6 < 0)
{
return;
}
while (--num4 >= 0 && i < num3)
{
#=zDaQZNdRiqOTXtrgat4kX3ushtupG[i++] = #=zDaQZNdRiqOTXtrgat4kX3ushtupG[num6++];
}
}
else
{
#=zDaQZNdRiqOTXtrgat4kX3ushtupG[i++] = #=zHs8_4ViFvF5a2_w0qCR6llOqSSXU[#=zgkLn5h$uSaTrZRI6KiV4dTI5c$kb++];
}
}
}
Thank you so much for reading and helping.