.NETReactorSlayer is an open source (GPLv3) deobfuscator for Eziriz .NET Reactor
GUI | CLI |
---|---|
Description | Command | Default Value |
---|---|---|
Decrypt Methods (NecroBit) | --decrypt-method <BOOL> |
True |
Deobfuscate Control Flow | --deobfuscate-cflow <BOOL> |
True |
Decrypt Hidden Calls | --decrypt-hidden-calls <BOOL> |
True |
Remove Reference Proxies | --remove-ref-proxies <BOOL> |
True |
Decrypt Strings | --decrypt-strings <BOOL> |
True |
Remove Anti Tamper & Anti Debug | --anti-tamper <BOOL> |
True |
Decrypt Assembly Resources | --decrypt-resources <BOOL> |
True |
Dump Embedded Assemblies | --dump-assemblies <BOOL> |
True |
Dump Assemblies That Embedded By Costura.Fody | --dump-costura-assemblies <BOOL> |
True |
Decrypt Tokens | --decrypt-tokens <BOOL> |
True |
Unpack Original Assembly From Native Image | ||
Close CLI immediately after finish deobfuscation | --no-pause <BOOL> |
False |
Preserve All MD Tokens | --preserve-all <BOOL> |
False |
Keep Old Max Stack Value | --keep-stack <BOOL> |
False |
Cleanup obfuscator leftovers | -cleanup <BOOL> |
True |
Just drag and drop target obfuscated assembly on it.
-
If target assembly not working after deobfuscation try using
--preserve-all
and/or--keep-stack
command(s). -
Since .NETReactorSlayer does not yet have the ability to de-virtualize virtualized functions, if the target protected assembly contains virtualized functions, .NETReactorSlayer may fail to de-obfuscate some protections such as string encryption and control flow.
➡️Click to see few example of comparing virtualized functions with normal functions
Normal | Virtualized |
---|---|
Or |
Normal | Virtualized |
---|---|
Or |
Want to contribute to this project? Feel free to open a pull request.
.NETReactorSlayer is licensed under GPLv3.