Skip to content

Transforms a .NET binary into a chain of meaningless-looking await expressions.

License

Notifications You must be signed in to change notification settings

Washi1337/AwaitFuscator

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

7 Commits
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 

Repository files navigation

AwaitFuscator

This is the AwaitFuscator; a .NET binary-to-binary obfuscator that translates your code into long chains of await expressions:

For more details on how it works, check the FAQ or read the accompanied blog post.

How To Build

This project depends on a few other projects. Make sure you have all submodules cloned:

$ git clone --recursive https://github.com/Washi1337/AwaitFuscator.git

If you accidentally didn't clone the submodules, you can go to your repository directory and run the following instead:

$ git submodule update --init

Then, just compile using your favourite IDE like Visual Studio or JetBrains Rider, or run the following:

$ dotnet build

The binaries will then appear in src/AwaitFuscator/bin.

How To Use

To awaitfuscate a program, simply run Awaitfuscator with the path of the binary to obfuscate:

$ AwaitFuscator [path]

If everything goes well (which is a big "if"), this will create a folder called Obfuscated in the parent directory of the input file containing the output.

For example:

$ AwaitFuscator /path/to/file.exe

will produce a file at /path/to/Obfuscated/file.exe.

FAQ

How does it work?

C# allows for custom awaiters to be defined on any type using custom GetAwaiter extension methods and custom awaiter types. These awaiter types define a method called GetResult can contain any code you want.

Awaitfuscator locates all "awaitifiable" methods in the input binary, and creates for each statement a new awaiter with the original statement's code moved into its GetResult method. Then, by defining custom GetAwaiter extension methods, it is possible to await the custom awaiters, and thus chain a bunch of awaiters together. This effectively rewrites the entire method body as one long chain of awaits.

For more details, read the accompanied blog post.

Is the code in the output binary really hidden?

No. The original code is still more or less there, just slightly rewritten and scattered around the assembly in different places. Awaitfuscator just plays a bunch of tricks that confuses decompilers a lot.

For more details, read the accompanied blog post.

Can I use it in my next product?

You could. Not sure if it is a good idea though.

Is it production-ready?

Probably not.

Heeelp it...

  • ... crashes,
  • ... produces errors I don't understand,
  • ... corrupts my files,

These are very likely to happen as this is more of a proof of concept rather than a finalized product. Nonetheless, bug reports are appreciated :).

About

Transforms a .NET binary into a chain of meaningless-looking await expressions.

Topics

Resources

License

Stars

Watchers

Forks

Languages