xenocoderce / noisette-obfuscator Goto Github PK

An Obfuscator for .NET assembly

License: GNU General Public License v3.0

C# 100.00%

noisette-obfuscator's Introduction

Noisette - The nuts-breaker Obfuscator

Noisette (nuts in French) is aimed to be an open-source C# Obfuscator for .NET assembly built with dnlib, WPF and my humble coding skills. Noisette is the first .NET obfuscated meant to be a nuts-breaker for both the decompiler and the hacker.

Download Noisette

You can download compiled version of Noisette for Windows XP and above from https://github.com/XenocodeRCE/Noisette-Obfuscator/releases.

The app is currently in its pre-release stage, so it contains bugs and error. Confirmed to be working on both C# and VB.NET target, as that's what the developers mostly code in.

How do I test it?

Start Noisette.exe, drag and drop a .NET file on it, and magic should happen. It will create a "%yourfile%_protected" output in the same folder.

What features does it have?

For the moment, only a few, if you want a really strong ready-to-use Obfuscator have a look at NETGuard.io

Constant Outlinning
Strings Outlinning
Renaming
Invalid Metadata Injection

Feature Requests

Have an idea for an awesome feature you'd love to see ? Create an issue and tag it as a feature request.

How do I report a problem?

Trick question, I don't care about your problems.

noisette-obfuscator's People

Contributors

Stargazers

Watchers

noisette-obfuscator's Issues

ANTINET Feature! Block disassemblers and decompilers.

I hope you will add it on new project

[request] Commandline usage

It would be nice to have commandline usage added into the program

Found bug and a lot of errors.

System.IO.IOException: Could not open file C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorlib.dll for reading. Error: 00000002
at dnlib.IO.MemoryMappedFileStreamCreator.Windows.Mmap(MemoryMappedFileStreamCreator creator, Boolean mapAsImage) in c:\Users\samjam53\Desktop\dnlib-master\src\IO\MemoryMappedFileStreamCreator.cs:line 64
at dnlib.IO.MemoryMappedFileStreamCreator.CreateWindows(String fileName, Boolean mapAsImage) in c:\Users\samjam53\Desktop\dnlib-master\src\IO\MemoryMappedFileStreamCreator.cs:line 164
at dnlib.IO.ImageStreamCreator.CreateMemoryMappedFileStreamCreator(String fileName, Boolean mapAsImage) in c:\Users\samjam53\Desktop\dnlib-master\src\IO\ImageStreamCreator.cs:line 50
at dnlib.IO.ImageStreamCreator.Create(String fileName, Boolean mapAsImage) in c:\Users\samjam53\Desktop\dnlib-master\src\IO\ImageStreamCreator.cs:line 41
at dnlib.PE.PEImage..ctor(String fileName, Boolean mapAsImage, Boolean verify) in c:\Users\samjam53\Desktop\dnlib-master\src\PE\PEImage.cs:line 165
at dnlib.PE.PEImage..ctor(String fileName, Boolean verify) in c:\Users\samjam53\Desktop\dnlib-master\src\PE\PEImage.cs:line 184
at dnlib.PE.PEImage..ctor(String fileName) in c:\Users\samjam53\Desktop\dnlib-master\src\PE\PEImage.cs:line 192
at dnlib.DotNet.MD.MetaDataCreator.Load(String fileName) in c:\Users\samjam53\Desktop\dnlib-master\src\DotNet\MD\MetaDataCreator.cs:line 33
at dnlib.DotNet.ModuleDefMD.Load(String fileName, ModuleCreationOptions options) in c:\Users\samjam53\Desktop\dnlib-master\src\DotNet\ModuleDefMD.cs:line 185
at dnlib.DotNet.ModuleDefMD.Load(String fileName) in c:\Users\samjam53\Desktop\dnlib-master\src\DotNet\ModuleDefMD.cs:line 165
at NoisetteCore.Protection.Renaming.RenamingProtection..ctor(ModuleDefMD module) in C:\Users\XenocodeRE\Documents\Visual Studio 2015\Projects\Noisette-Obfuscator\Noisette\Protection\Renaming\RenamingProtection.cs:line 20
at NoisetteCore.Obfuscation.ObfuscationProcess.DoObfusction() in C:\Users\XenocodeRE\Documents\Visual Studio 2015\Projects\Noisette-Obfuscator\Noisette\Obfuscation\ObfuscationProcess.cs:line 37
at NoisetteGUI.MainWindow.bgWorker_DoWork(Object sender, DoWorkEventArgs e) in C:\Users\XenocodeRE\Documents\Visual Studio 2015\Projects\Noisette-Obfuscator\NoisetteGUI\NoisetteGUI\MainWindow.xaml.cs:line 115

I'm using Windows 10 Pro 64bit / The exe file I'm trying to obfuscate is written in VB.net 2015 (target dotnet -> 4.5+)

Themes Not Working

Any theme or resource seems to be unsupported.

Either app does not find a reference to an object or app does not start or app starts but theme container does not load correctly and has no texture whatsoever.

Junk Code

Finding relevant code without junk code is very easy.

Solution: Junk Code!! :D

What is Constant Melting?

I don't quite understand what it is doing.

feature request - Anti Debugger

Id personally love to see something against debugging the obfuscated assembly :)

feature request - constants randomization

for security wouldnt a "at least partially" randomized obfuscator break most of generic unpackers ?
is the obfuscator unpackable atm by the way ?

Anti-tampering solution

Here's the start of an idea of how to implement anti-tampering for all individual methods in the app. I have included a sample project below. Use this, or this idea if you want to.

I've written down all the possible ways to get around this protection that I could think of. The list is in the comments of Program.cs.

Program.cs

using System;

namespace sample
{
	public class Program
	{
		public static void Main()
		{
			/*
			 * Possible ways to bypass checksums
			 * 
			 * 1. Remove protection method in IntegrityValidator
			 * 2. Remove whole content of .ctor of IntegrityValidator
			 * 3. Remove [Checksum] attribute on methods before altering
			 * 4. Actually calculating the new checksums and replacing them (which I doubt anyone will bother doing)
			 * 5. Remove call to IntegrityValidator in Program
			 * 6. Change the call of IntegrityValidator in program to typeof(SomethingElse)
			 * 
			 * And fixes:
			 * 
			 * 3. Enforce all methods to have a Checksum attribute, that way if they're missing
			 *    the program will fail
			 */

			/*
			 * Possible ways to make the checksums fail
			 * 
			 * 1. Tamper with a methods body (if it has checksum)
			 * 2. Tamper with the class signature containing a method with a checksum
			 */
			new IntegrityValidator(typeof(Program)).ValidateIntegrity();
			Console.WriteLine("Untampered program! yay! Don't obfuscate or crack me, or I will be crashing");
			Console.WriteLine(DateTime.Now);
			Console.ReadLine();
		}

		[Checksum("8163cb50e7332f915355e94cfe324fb5")] //hash of method body bytes
		public void DontTamper()
		{
			Console.WriteLine("hi");
		}

		[Checksum("8163cb50e7332f915355e94cfe324fb5")]//hash of method body bytes
		public void DontTamper2()
		{
			Console.WriteLine("hi");
		}
	}
}

IntegrityValidator.cs

using System;
using System.Linq;
using System.Reflection;
using System.Security.Cryptography;
using System.Text;

namespace sample
{
	public class IntegrityValidator
	{
		public IntegrityValidator(Type type)// do validation checks on all methods with our attribute
		{
			int j = 0;
			foreach (var method in type.GetMethods().Where(item => item.GetCustomAttribute(typeof(ChecksumAttribute)) != null))
			{
				j++;
				if (!Validate(method)) { //if one method is tampered
					Environment.FailFast(null);
				}
			}
			if (j == 0) {
				Environment.FailFast(null);
			}
		}

		public string CalculateChecksum(MethodInfo o)
		{
			StringBuilder sb = new StringBuilder();
			var data = o.GetMethodBody().GetILAsByteArray();
			using (var md5 = MD5.Create())
			{
				var hash = md5.ComputeHash(data);
				for (int i = 0; i < hash.Length; i++)
				{
					sb.Append(hash[i].ToString("x2"));
				}
			}
			return sb.ToString();
		}

		public bool Validate(MethodInfo o)
		{
			foreach (var attr in o.GetCustomAttributes(typeof(ChecksumAttribute), false))
			{
				if (attr.GetType() == typeof(ChecksumAttribute)) { 
					var attrib = attr as ChecksumAttribute;
					//Console.WriteLine(attrib.Hash);
					//Console.WriteLine(CalculateChecksum(o));
					return attrib.Hash == CalculateChecksum(o);
				}
			}
			return false; //doesn't have checksum
		}

		public bool ValidateIntegrity() => true;
	}
}

ChecksumAttribute.cs

using System;
namespace sample
{
	[AttributeUsage(AttributeTargets.Method)]
	public class ChecksumAttribute : Attribute
	{
		public string Hash { get; set; }
		public ChecksumAttribute(string hash)
		{
			this.Hash = hash;
		}
	}
}

Missing dnlib

dnlib should be added to the repo as a submodule so when the repo is cloned dnlib is downloaded as well

[request] Make cross platform by removing use of Gdi32.dll

Using Gdi32.dll means that the program cannot be run under mono on *nix systems (Linux, OSX ect) as you are directly invoking a Windows DLL.

Switch from GDI to WPF for the GUI

with XAML Export from Adobe Illsutrator

How to exclude renaming

Don't rename event accessors

@XenocodeRCE Hello! I'd like to provide you information about the particular issue that I found in the renaming behaviour.

It's currently renaming event accessor methods (add & remove) that's should be untouched to prevent arising "missing implementation" exceptions.

Add additional checks in the AnalyzeMember(MethodDef method) method of RenameAnalyzer type like this one:

if (method.IsSpecialName && (method.IsAddOn || method.IsRemoveOn)) return false;

Output not working

the title explains everything... here is a link of the file im obfuscating.

http://www67.zippyshare.com/v/eWFAF11j/file.html

Really really close to creating control flow graph/integrity

Hey, I've come really really close to creating CFG/Integrity, where an integer in the app will increase or decrease to prevent anti tamper.

Here's what I've got so far, and the only problem I have is after it runs the protection for Main() the number wont be right for the next method.

https://pastebin.com/AL38M37t

feature request - string encoding

When you obfuscate a file with Noisette , you can see a list of all the strings in a seperate file .
The strings are just raw, please add some string encoding to it .

Fix component resources renaming according to the type name

Self-Describing screenshot.

Suggestion is to add additional checks to the RenameAnalyzer and to rename the type resource as well.

ResourceKeysRenamer.cs useful code fragment from de4dot

Control Flow Graph/Integrity

are you going to attempt control flow graph or integrity?

is this project still active?

I just discovered this project while trying to look for solutions to properly protect an application that i'm using to package another application. My tests with this program went very good, so much as to say that this program has become part of my deployment process.
However, I can't help but notice that some features are lacking, and looking at the timestamps on the repo, nothing has happened for years. I just want to know if this brilliant program is still active or not.