Phoenix Protector 1.6 & Strong Name Signing

Due to the high request, I took 20 minutes of my time and updated the Phoenix Protector, bringing it to the version 1.6. The only addition to this version is the possibility to re-sign assemblies obfuscated by the Phoenix Protector.

The reason why this wasn’t possible in past version of the Phoenix Protector is that the space for the signature was removed from the assembly and the “sn.exe” tool provided by Microsoft isn’t able to re-create that space.

Now, it is possible to tell the Phoenix Protector from the options whether to remove or not the Strong Name Signature when obfuscating an assembly:

By default the Strong Name Signature is not removed.

After obfuscating anassembly, just use to re-sign the “sn.exe” tool this way:

sn.exe -R assembly.exe your_sns.pfx

DisasMSIL and CFF Explorer

Today I wrote a free/open disasm engine for Microsoft’s Intermediate Language (MSIL).

http://ntcore.com/Files/disasmsil.htm

You can use it any context you wish. There are no license restrictions. The only thing I ask you to do is to send me your bug fixes (if any).

I also added the MSIL disasm engine to the CFF Explorer which is now able to disassemble the methods’ code directly from the MetaData tables.

Rebel.NET

Today I’m releasing the Rebel.NET software and its official guide.

Rebel.NET is a rebuilding tool for .NET assemblies which is capable of adding and replacing methods and streams. It’s possible to replace only a limited number of methods or every method contained in a .NET assembly. The simplicity of Rebel.NET consists in the replacing process: one can choose what to replace. Rebel.NET is, mainly, a very solid base to overcome every .NET protection and to re-create a fully decompilable .NET assembly. As such, Rebel.NET has to be considered a research project, not an encouragement to violate licensing terms.

As I have written the software and the article in this week when during my sickness (fever), I’m expecting bugs and typos. Please report them.

Of course, I’ve tested the Rebel.NET with more advanced .NET assemblies than those presented in the guide.