Exetools

Exetools (https://forum.exetools.com/index.php)
-   General Discussion (https://forum.exetools.com/forumdisplay.php?f=2)
-   -   Obfuscation for ninjascript (https://forum.exetools.com/showthread.php?t=21117)

rkc3214 10-20-2024 17:52
Obfuscation for ninjascript
 
Hi everyone

I am a professional in finance, and I specialise in automated trading strategies and I've been doing work outside of my job for clients who want code obfuscation. Mostly for ninjatrader.

I have a background in c# but I have little to no experience with obfuscating code. My questions relate to, how best can I obfuscate my code and what tools can be used to bypass said obfuscation?

I'm aware of Agile.NET and i've come across virtualization but I do not understand if it can be applied to a compiled dll via ninjatrader. Any help would be appreciated.

my understanding is that the code can be deobfuscated, I just don't quite know how to piece it together.

Apologies if this post violates the rules. I can take it down if needed

sendersu 10-20-2024 18:01
There is a tool to remove agile - https://github.com/SychicBoy/AgileDotNetSlayer
(not sure if it takes care if the code is vt-zed)

regarding obf - I"d recommend VMP latest ver, its very strong and aggressive stuff and it suports .net + VT

rkc3214 10-21-2024 18:57
Quote:
Originally Posted by sendersu (Post 131985)
There is a tool to remove agile - https://github.com/SychicBoy/AgileDotNetSlayer
(not sure if it takes care if the code is vt-zed)

regarding obf - I"d recommend VMP latest ver, its very strong and aggressive stuff and it suports .net + VT
So i've tried the dotnetslayer but it could not handle the obfuscation

I've tried SMD for agile and it says it managed to decrypt x number of methods but going into dnspy showed nothing changed, file size was 1kb larger

Am I correct in saying that if an agile deobfuscator works, de4dot would then be used to de-virtualise?

sendersu 10-21-2024 19:45
No, de4dot is deprecated/archived
https://github.com/de4dot/de4dot
and not updated for 5 years already...
it was never able to devirt agile.net prot

rkc3214 10-21-2024 20:05
I am mistaken then, I was reading that regardless of the depreciation it would work. Silly to think that in hindsight

How would someone go about devitalisation then?

sendersu 10-22-2024 00:07
the only guy I know that is do it (on commercial basis) is the author of slayer apps - SychicBoy

rkc3214 10-22-2024 08:47
Quote:
Originally Posted by sendersu (Post 132003)
the only guy I know that is do it (on commercial basis) is the author of slayer apps - SychicBoy
So its not a common thing.

I am trying to deobfuscate a current dll and I wanted to ask how everything fits in

1. is SMD for agile a decrpyter or a deobfuscator, i assume decrypter explicitly.

2. if my dll was decrypted, I would then need to deobfuscate first or devirutalize? how does demutilating come into it or is it even a thing in my case?

I appreciate your patience

sendersu 10-22-2024 14:22
Agile Slayer tool will tell you about options applied:
1) for code encryption:
"CODE ENCRYPTION HAS BEEN DETECTED, INCOMPLETE DEOBFUSCATION OF THE ASSEMBLY MAY RESULT."

2) for code virtualization:
"CODE VIRTUALIZATION HAS BEEN DETECTED, INCOMPLETE DEOBFUSCATION OF THE ASSEMBLY MAY RESULT."


All times are GMT +8. The time now is 16:17.

Powered by vBulletin® Version 3.8.8
Copyright ©2000 - 2026, vBulletin Solutions, Inc.
Always Your Best Friend: Aaron, JMI, ahmadmansoor, ZeNiX