• March 26, 2013

      De4Dot DotNet Deobfuscator [Updated]

      De4Dot DotNet Deobfuscator [Updated]


      de4dot is an open source (GPLv3) .NET deobfuscator and unpacker written in C#. It will try its best to restore a packed and obfuscated assembly to almost the original assembly. Most of the obfuscation can be completely restored (eg. string encryption), but symbol renaming is impossible to restore since the original names aren't (usually) part of the obfuscated assembly.


      Here's a pseudo random list of the things it will do depending on what obfuscator was used to obfuscate an assembly:
      • Inline methods. Some obfuscators move small parts of a method to another static method and calls it.
      • Decrypt strings statically or dynamically
      • Decrypt other constants. Some obfuscators can also encrypt other constants, such as all integers, all doubles, etc.
      • Decrypt methods statically or dynamically
      • Remove proxy methods. Many obfuscators replace most/all call instructions with a call to a delegate. This delegate in turn calls the real method.
      • Rename symbols. Even though most symbols can't be restored, it will rename them to human readable strings. Sometimes, some of the original names can be restored, though.
      • Devirtualize virtualized code
      • Decrypt resources. Many obfuscators have an option to encrypt .NET resources.
      • Decrypt embedded files. Many obfuscators have an option to embed and possibly encrypt/compress other assemblies.
      • Remove tamper detection code
      • Remove anti-debug code
      • Control flow deobfuscation. Many obfuscators modify the IL code so it looks like spaghetti code making it very difficult to understand the code.
      • Restore class fields. Some obfuscators can move fields from one class to some other obfuscator created class.
      • Convert a PE exe to a .NET exe. Some obfuscators wrap a .NET assembly inside a Win32 PE so a .NET decompiler can't read the file.
      • Removes most/all junk classes added by the obfuscator.
      • Fixes some peverify errors. Many of the obfuscators are buggy and create unverifiable code by mistake.
      • Restore the types of method parameters and fields

      Supported obfuscators/packers

      • Agile.NET (aka CliSecure)
      • Babel.NET
      • CodeFort
      • CodeVeil
      • CodeWall
      • CryptoObfuscator
      • DeepSea Obfuscator
      • Dotfuscator
      • .NET Reactor
      • Eazfuscator.NET
      • Goliath.NET
      • ILProtector
      • MaxtoCode
      • MPRESS
      • Rummage
      • Skater.NET
      • SmartAssembly
      • Spices.Net
      • Xenocode
      Some of the above obfuscators are rarely used (eg. Goliath.NET), so they have had much less testing. Help me out by reporting bugs or problems you find.

      How to use de4dot

      N00b users

      Drag and drop the file(s) onto de4dot.exe and wait a few seconds.

      Deobfuscate more than one file at a time

      When more than one assembly has been obfuscated, it's very likely that you must deobfuscate them all at the same time unless you disable symbol renaming. The reason is that if assembly A has a reference to class C in assembly B, and you rename symbols only in assembly B, then class C could be renamed to eg. Class0 but the reference in assembly A still references a class called C in assembly B. If you deobfuscate both assemblies at the same time, all references will also be updated.

      MirrorCreator:  DOWNLOAD
      Extabit:  DOWNLOAD
      RGhost:  DOWNLOAD
      ZippyShare:  DOWNLOAD
      Uppit:  DOWNLOAD

      Incoming Search Terms:


      All the tools available on this site are freeware and shareware. Site does not contain any kind of cracked tools or copyrighted material. The tutorials available on this site are only for educational purpose and all the targets used while making tutorials are not commercial applications. They are just custom made files for the tutorials only. Please do scan every file before use . If you have any questions or concerns regarding any tool or any target used while making tutorial, please do contact the author.

      Subscribe To RSS

      Sign up to receive latest news