holly-hacker/EazFixer holly-hacker/EazFixer

  • Stars
    star
    374
  • Rank 114,346 (Top 3 %)
  • Language
    C#
  • License
    MIT License
  • Created almost 7 years ago
  • Updated over 1 year ago
Twitter logo Share LinkedIn logo Share Facebook logo Share
holly-hacker/EazFixer
github

holly-hacker

Reviews

There are no reviews yet. Be the first to send feedback to the community and the maintainers!

Repository Details

A deobfuscation tool for Eazfuscator.

EazFixer Build status

A deobfuscation tool for Eazfuscator.

Downloading

You can download the latest master build at AppVeyor. If there was no commit in the last 6 months, you will have to build it yourself. Please do not open issues asking for me to build it for you.

Description

EazFixer is a deobfuscation tool for Eazfuscator, a commercial .NET obfuscator. For a list of features, see the list below.

Implemented fixes:

  • String encryption
  • Resource encryption
  • Assembly embedding

Not implemented, may be added in the future:

  • Entrypoint obfuscation
  • Data virtualization

Out of scope:

  • Code virtualization (consider using EazyDevirt)
  • Symbol renaming (symbol names are either unrecoverable or encrypted. For symbol decryption in case of a known key, see EazDecode)
  • Automatic code optimization (not an anti-feature!)
  • Code control flow obfuscation (I didn't have any problems with my samples in dnSpy)
  • Assemblies merging (doesn't seem probable, especially with symbol renaming)
  • Control flow obfuscation (use de4dot)

Usage

Call from the command line or drag and drop the file on and let it run or use the command line flag --file.

If your assembly is protected with control-flow obfuscation, run it through de4dot with the --only-cflow-deob flag first.

  • --file path
  • --keep-types
  • --virt-fix

The flag --file is used for the input file. The flag --keep-types is similar to the de4dot flag, Keeps obfuscator types and assemblies. The flag --virt-fix keeps certain parts obfuscated to stay working with virtualized assemblies.

example: EazFixer.exe --file test.exe --keep-types

Building

Clone the repository and use the latest version of Visual Studio (2019, at the time of writing).

Support

EazFixer is (and will always be) targeted at the latest version of Eazfuscator. If your version is not supported, try a more universal deobfuscator like de4dot. If your version is newer than what this tool supports, create an issue only after verifying with the latest version of Eazfuscator.

Also, I will not help you use this program. Consider it for advanced users only. If you do run into a problem and are sure it is a bug, feel free to submit an issue but I cannot guarantee I will fix it.

Related projects

  • EazDecode, for decrypting encrypted symbol names in case of a known encryption key.
  • eazdevirt, a tool for devirtualizing older version of EazFuscator.
  • eazdevirt fork, my abandoned fork of eazdevirt, may work slightly better on newer samples.

Credits

This tool uses the following (open source) software:

  • dnlib by 0xd4d, licensed under the MIT license, for reading/writing assemblies.
  • Harmony by Andreas Pardeike, licensed under the MIT license, for patching the stacktrace which allows for reflection invocation to be used.

More Repositories

1

dnSpy.Extension.HoLLy

A dnSpy extension to aid reversing of obfuscated assemblies
C#
336
star
2

ManagedInjector

A DLL injector to inject .NET assemblies into a foreign .NET process.
C#
116
star
3

KeePassHax

A tool to extract a KeePass master password from memory
C#
76
star
4

Confuser.Protections.HoLLy

Extra protection modules for ConfuserEx
C#
66
star
5

HoLLy.MemoryLib

A specialized C# memory-accessing library
C#
42
star
6

EazDecode

A library to decode EazFuscator's encrypted symbol names, if you have the password.
C#
40
star
7

ce-server

A Cheat Engine server for Windows
Rust
40
star
8

git-dumper

A tool to dump exposed .git repositories
Rust
39
star
9

dnSpy.Extension.Wasm

A dnSpy extension to add WebAssembly support
C#
38
star
10

osu-database-reader

Allows for parsing/reading osu!'s database files
C#
37
star
11

osu-decoder

A tool to decrypt symbol names in osu! binaries with a known decryption key
C#
30
star
12

td

A WIP graph-based TUI TODO app.
Rust
28
star
13

SWSniff

A SoulWorker packet sniffer+injector
C#
24
star
14

dnSpy.Extension.DiscordRPC

A dnSpy extension to add Discord Rich Presence integration to dnSpy.
C#
23
star
15

BetterDiscord-Themes-and-Plugins

Collection of my BetterDiscord themes and plugins
JavaScript
23
star
16

osu-HOPE

osu!HOPE: HoLLy's osu! Packet Editor
C#
22
star
17

WasmLib

A WIP WebAssembly decompiler, targeted at Il2CPP games
C#
19
star
18

OppaiSharp

A C# port of oppai-ng
C#
17
star
19

DiscordCSS

A collection of my Discord CSS styles
CSS
15
star
20

dnSpy.Extension.ThemeHotReload

A dnSpy extension to hot-reload themes
C#
12
star
21

dnSpyThemeGenerator

Generates dnSpy themes based on IntelliJ themes
C#
12
star
22

custom-bancho

PHP
11
star
23

HOPEless

Library for handling osu!Bancho packets.
C#
10
star
24

osu.Game.Rulesets.HoLLy

Rulesets for osu!lazer
C#
9
star
25

DiscordBotV5

Probably my fifth Discord bot
C#
8
star
26

BulletForceHaxV2

Bullet Force launcher and MITM-based hax
Rust
8
star
27

bulletforcehax

An in-browser cheating/sniffing tool for Bullet Force, written in Rust
Rust
8
star
28

osu-BackgroundChanger

Allows you to change your osu! background without supporter status!
C#
7
star
29

Startpage

My personal homepage
TypeScript
7
star
30

osu-ui-skinner

osu!ui skinner, skinning the unskinnable since 2017
C#
7
star
31

osu-ingame-background-changer

Temporarily change every song background in osu!
C#
7
star
32

osu-FailedRankScreen

Sends osu! to the ranking screen, even when failed.
C#
7
star
33

s3-dumper

A tool to dump exposed S3 buckets by URL
Rust
6
star
34

osu-pp-tools

A tool providing a live PP display for both players and mappers.
C#
5
star
35

osu-custom-server

server files for a osu.ppy.sh clone (only for game files)
PHP
5
star
36

PokeOneToolkit

Allows for sniffing and editing PokeOne traffic.
C#
5
star
37

mini-jc

A jc clone with reasonable performance
Rust
5
star
38

EnigmaCipher

A C# implementation of the Enigma cipher.
C#
3
star
39

osu.Shared

Shared code used across multiple of my projects.
C#
3
star
40

ClickerCheats

Cheats for HTML5 incremental games
JavaScript
3
star
41

Portfolio

An incomplete list of my projects. This is mainly for school.
3
star
42

mastodon-block-enum

A small tool to analyze blocked domains on mastodon instances
Rust
3
star
43

UnovaRPGlib

A library for UnovaRPG farming/botting
C#
2
star
44

atelier-tools

Tools for Gust's Atelier games
Rust
2
star
45

AdventOfCode2023

Solutions for Advent of Code 2023
Rust
2
star
46

1brc-rust

An implementation of the 1 billion row challenge
Rust
2
star
47

AdventOfCode2022

Rust
1
star
48

nixpkgs

A nix channel with packages I may need
Nix
1
star
49

game-recipe-calc

A browser-based tool to calculate crafting requirements given some recipes
Rust
1
star
50

AdventOfCode2020

Rust
1
star
51

osu-api-wrapper

A small osu!api wrapper in C#
C#
1
star
52

atelier-data

Extracted data for Gust's Atelier games
1
star
53

BiertijdDownloaderReloaded

A recreation of one of my first projects
C#
1
star
54

darknet-diaries-scraper

A small scraper for Darknet Diaries transcripts
Rust
1
star
55

AdventOfCode2021

Rust
1
star
56

HoLLy-HaCKeR

1
star