C
C#2y ago
alextusinean

❔ Identifying obfuscator by <Module>.cctor()

Hello, I'm having issues identifying an obfuscator. Is anyone familiar with similar Module initializers? 
static <Module>()
{
    <Module>.\u200F\u206D\u202D\u202D\u206F\u202A\u202A\u206F\u200C\u202B\u200B\u200F\u200C\u202D\u200C\u202C\u200E\u200C\u206E\u202E\u200F\u202C\u206A\u202B\u200F\u206E\u200F\u202B\u206B\u206C\u202A\u202C\u202D\u202B\u202B\u206F\u202C\u206F\u202A\u202D\u202E();
    <Module>.\u206B\u202C\u202D\u202E\u206F\u202C\u206C\u200C\u206E\u200F\u202D\u200C\u206D\u206D\u202B\u206B\u202E\u200D\u202A\u206D\u206F\u206E\u200C\u202D\u200B\u206D\u200C\u206F\u200B\u206E\u206C\u202D\u206E\u200F\u200F\u206E\u202B\u206C\u206D\u200E\u202E();
    <Module>.\u200D\u206C\u200C\u202E\u200C\u206F\u206F\u202B\u200F\u202A\u202C\u202E\u206F\u200E\u200D\u200C\u202B\u206D\u206B\u202B\u200E\u206F\u200C\u200B\u200F\u200F\u206B\u202D\u202D\u206B\u202E\u206E\u202B\u206B\u206C\u200D\u206B\u202B\u200E\u202B\u202E();
    <Module>.\u206D\u206A\u200D\u206C\u206D\u206C\u202C\u206A\u206C\u200B\u206A\u206F\u206E\u202C\u202A\u202E\u202A\u202B\u206D\u202D\u206B\u206E\u202B\u200C\u206B\u206B\u200D\u206F\u206B\u206C\u202B\u200D\u200B\u200F\u202C\u202B\u206B\u202A\u202E\u200C\u202E();
    for (;;)
    {
        IL_14:
        uint num = 5446423U;
        for (;;)
        {
            uint num2;
            switch ((num2 = (num ^ 2130645400U)) % 3U)
            {
            case 1U:
                <Module>.\u200B\u202B\u206A\u200E\u200C\u202C\u202E\u202B\u202C\u200C\u200B\u206F\u206E\u200E\u200B\u200E\u202C\u200D\u206B\u202E\u206B\u206C\u206E\u206D\u202E\u200E\u206A\u202C\u200D\u200C\u200C\u202C\u200F\u200F\u200F\u206D\u202C\u206A\u202B\u200C\u202E();
                num = (num2 * 762430909U ^ 3965298172U);
                continue;
            case 2U:
                goto IL_14;
            }
            return;
        }
    }
}
static <Module>()
{
    <Module>.\u200F\u206D\u202D\u202D\u206F\u202A\u202A\u206F\u200C\u202B\u200B\u200F\u200C\u202D\u200C\u202C\u200E\u200C\u206E\u202E\u200F\u202C\u206A\u202B\u200F\u206E\u200F\u202B\u206B\u206C\u202A\u202C\u202D\u202B\u202B\u206F\u202C\u206F\u202A\u202D\u202E();
    <Module>.\u206B\u202C\u202D\u202E\u206F\u202C\u206C\u200C\u206E\u200F\u202D\u200C\u206D\u206D\u202B\u206B\u202E\u200D\u202A\u206D\u206F\u206E\u200C\u202D\u200B\u206D\u200C\u206F\u200B\u206E\u206C\u202D\u206E\u200F\u200F\u206E\u202B\u206C\u206D\u200E\u202E();
    <Module>.\u200D\u206C\u200C\u202E\u200C\u206F\u206F\u202B\u200F\u202A\u202C\u202E\u206F\u200E\u200D\u200C\u202B\u206D\u206B\u202B\u200E\u206F\u200C\u200B\u200F\u200F\u206B\u202D\u202D\u206B\u202E\u206E\u202B\u206B\u206C\u200D\u206B\u202B\u200E\u202B\u202E();
    <Module>.\u206D\u206A\u200D\u206C\u206D\u206C\u202C\u206A\u206C\u200B\u206A\u206F\u206E\u202C\u202A\u202E\u202A\u202B\u206D\u202D\u206B\u206E\u202B\u200C\u206B\u206B\u200D\u206F\u206B\u206C\u202B\u200D\u200B\u200F\u202C\u202B\u206B\u202A\u202E\u200C\u202E();
    for (;;)
    {
        IL_14:
        uint num = 5446423U;
        for (;;)
        {
            uint num2;
            switch ((num2 = (num ^ 2130645400U)) % 3U)
            {
            case 1U:
                <Module>.\u200B\u202B\u206A\u200E\u200C\u202C\u202E\u202B\u202C\u200C\u200B\u206F\u206E\u200E\u200B\u200E\u202C\u200D\u206B\u202E\u206B\u206C\u206E\u206D\u202E\u200E\u206A\u202C\u200D\u200C\u200C\u202C\u200F\u200F\u200F\u206D\u202C\u206A\u202B\u200C\u202E();
                num = (num2 * 762430909U ^ 3965298172U);
                continue;
            case 2U:
                goto IL_14;
            }
            return;
        }
    }
}
15 Replies
Pobiega
Pobiega2y ago
Why are you trying to identify the obfuscator?
alextusinean
alextusineanOP2y ago
I'm trying to deobfuscate it and check for any malicious stuff. It has some anti-debugger thing too.
Pobiega
Pobiega2y ago
¯\_(ツ)_/¯ Don't run obfuscated code.
alextusinean
alextusineanOP2y ago
Yeah, that's why I'm trying to see what it does first. I don't know much about c# obfuscators and I thought someone maybe recognizes this type of initializer
Pobiega
Pobiega2y ago
Generally, we don't approve of either obfuscating or deobfuscating.
alextusinean
alextusineanOP2y ago
oh should I delete this?
Pobiega
Pobiega2y ago
You're not breaking any rules, so no worries.
alextusinean
alextusineanOP2y ago
Oh, okay I found another thread about obfuscation and I supposed it's accepted
Pobiega
Pobiega2y ago
people obfuscating their code usually are up to nefarious stuff, or they think their code is amazing when its usually not :p
alextusinean
alextusineanOP2y ago
can be both
Pobiega
Pobiega2y ago
sure :p I'd just assume a or a and b and move on
alextusinean
alextusineanOP2y ago
I would do that but I'd really need to use this
Pobiega
Pobiega2y ago
what library is it?
alextusinean
alextusineanOP2y ago
it's not a library actually, but an implementation of a messy undocumented networking protocol that I don't want to implement myself
Accord
Accord2y ago
Was this issue resolved? If so, run /close - otherwise I will mark this as stale and this post will be archived until there is new activity.
Want results from more Discord servers?
Add your server