0:00 intro 0:13 storytime 1:18 important to learn this 1:47 setting up 2:26 decompiling 3:14 breaking down code 5:23 used on me 6:07 how it works 7:35 outro
Most malware is written in C/C++ reverse engineering the assembly back is much harder than a simple .NET MSIL executable… That’s why writing malware in interpreted languages makes them weak So this is not that useful to be honest
also if the program is written not in C# but in C for example its much much harder to reverse engineer also there are tools that obfuscate those C# assemblies
One weird thing I've seen with C# is if you make a private async void in visual studio, compile it, then open the source code using DnSpy. The stuff inside the void/function looks odd, it almost looks like it obf itself. If you dont know what I'm talking about try the steps I said above, and if you could please tell me why it does that. Thanks (:
this literary need 0 RE skills. Default c# compiled files are too easy to decompiled perfectly. You not have to do anything. RE skills need when the executable is compiled with c/c++ for example, where you cannot see function and variable names, compiler optimaze (eg: convert 2 or more functions to 1) and so many times decompilers fail to analyze specific parts or they decompile them wrong and ofc a big challenge is when excutable is protected/packed/obfuscated or virtualized
Notes: 3:07 for Forms/WPF apps, yes it does start in the Program class, but I rather suggest looking in the MainForm class as most of the code is located in there 5:00 don't recommend obfuscating! There's a much easier way to ensure that people attempting to reverse engineer your code go through a lot of pain: compiling it into native code. Nick Chapsas has an excellent video on that topic
dnSpy can only decompile .NET executables. It's also wrong to say it gets the original source code because it doesn't necessarily. Addtionally, the managed entrypoint method doesn't have to be named Main inside a class named Program. A lot of unmanaged and managed code can execute before reaching the managed entrypoint. 1. Unmanaged entrypoint (for .NET executables you usually have a single call to _CorExeMain here that kicks off the execution of a .NET program) 2. Managed (.NET) module constructor 3. Static constructor of the class containing the managed entrypoint method 4. Managed entrypoint
There is also a tool called ghidra that was developed by the NSA. Not as clean cut as what home boy has for dnspy but it can decompile almost any source code.
It's important to note that this is for .NET only. Pretty cool to start, but not very useful for reverse engineering, most malware and secured applications are written in C++ or C. For these languages you need to learn assembly and work with IDA or x64dbg. :)
Whats funny that they have their entire webhook open meaning you can just spam the hell out of their webhook with that url, if you run the exe through triage you can get their bot token and login through a bot client and screw with them that way too
nah fr, it only works on .NET executables though. if you have a native executable you're gonna need a disassembler (like IDA or dbg64) or smth and reverse ingeneering the hard way with assembly which is hard and painful, after that you can *understand* (and not decompile) the code. Because native code symbols is often mangled or unexposed (labels are not exported), you can't get them back.
really nice video! personally I'd be interested in reversing/cracking simple software, like just bypassing a simple "password:" input in a python .exe file. Have a great day!
Seeing malware released without a stripped binary always confuses me, why would you release it with compilation info/debug symbols Idk if you can strip that from .NET C# programs though, I've never tried it before
Remember guys, this is ONLY for c#. this isnt considered as reverse engineering just deompiling. You cant decompile to easy readable code for C++ .exe/.dll files. To "decompile" c++ applications/libraries you will need to do reverse engineering.
its not "C# Assembly". dotNet framework and dotNet core don't actually compile code directly into assembly or any type of actual machine code. its "compiled" into IL which is intermediate language that is a step up from assembly that is still very readable and doesnt share many similarities with asm. .Net core and framework runtime libraries are essentially interpreters for IL and thats why it needs to be on your computer to run it. MSIL is the reason .net can be cross platform because it isnt actually being compiled and is just interpreted during run time kinda like python (massive overstatement but the basis is there).
I like to use batch files as an open source container to put the instructions of a routine inside to create a new executable file to run inside the encapsulated DosBox emulation. So all instructions are visible and not hidden and i never made malware or a virus.
0:00 intro
0:13 storytime
1:18 important to learn this
1:47 setting up
2:26 decompiling
3:14 breaking down code
5:23 used on me
6:07 how it works
7:35 outro
paste this in the description thanks
I mistakenly exited the discord channel, please could you share the link?
ebola whats your discord server?
try oding this with a crypted file 💀
@ebolaman_ pls make video on how FUD a exe file
you never fail to spread our cheeks and fill us with your goodness 😊
huh
what
soooo original
Ayo?!
Ayo WTF?!
Most malware is written in C/C++ reverse engineering the assembly back is much harder than a simple .NET MSIL executable…
That’s why writing malware in interpreted languages makes them weak
So this is not that useful to be honest
Yeah especially if its packed and you cant just throw it in ida or ghidra or w/e
and even if they are written in C# hacker can just use C# Assembly obfuscators but i havent tried them
@@justind4615c# obfuscators are pretty much useless
@@hahahaha-hi3wt not much you can do except spend hours reading the assembly figuring out what happens step by step
that's another sitty youtuber trying to get kids attention pretending to know anything, don't worry
I totally have zero experiences about this, but it's cool to know!
Thanks for the amazing video!
good vid and finally you are back
also if the program is written not in C# but in C for example its much much harder to reverse engineer also there are tools that obfuscate those C# assemblies
know any to use?
@@dhheisterYT what do you mean? programs that obfuscate?
@@justind4615 yes
@@dhheisterYT I think i commented the program name but it got removed..
@@justind4615 perhaps you can commented it on one of my youtube videos
Thank you for your videos, they are very interesting, keep them like that ❤
Great as always...keep it u dude...
IDK but bro is glowing
One weird thing I've seen with C# is if you make a private async void in visual studio, compile it, then open the source code using DnSpy. The stuff inside the void/function looks odd, it almost looks like it obf itself. If you dont know what I'm talking about try the steps I said above, and if you could please tell me why it does that. Thanks (:
Reel GorillaTaggingKid???
yes@@Riskeee.
wow your vids are really interesting are informative keep it up
It's really impressive the things you teach. I was wondering, how did you go about learning all of this?
Your content is very informative. Better than all other youtubers I have seen so far
this literary need 0 RE skills. Default c# compiled files are too easy to decompiled perfectly. You not have to do anything. RE skills need when the executable is compiled with c/c++ for example, where you cannot see function and variable names, compiler optimaze (eg: convert 2 or more functions to 1) and so many times decompilers fail to analyze specific parts or they decompile them wrong and ofc a big challenge is when excutable is protected/packed/obfuscated or virtualized
i love you ebola man
I love your video :)
thanks, that was a useful one. absolutely need more videos about reverse engineering, maybe different methods and tools
Notes:
3:07 for Forms/WPF apps, yes it does start in the Program class, but I rather suggest looking in the MainForm class as most of the code is located in there
5:00 don't recommend obfuscating! There's a much easier way to ensure that people attempting to reverse engineer your code go through a lot of pain: compiling it into native code. Nick Chapsas has an excellent video on that topic
egypt is on fire with your content
This content got me screaming
I fucking LOVE EBOLA MAN
THANK YOU, VERY MUCH! edit: i literally inspect malware with notepad by searching for "crypto", "discord", or "token"
how do you do that?
@@hxntw
Drag the file and drop in an empty opened notepad
The skids are gonna love this
As a skid i love this 🤫
egg.
🥚
egg.
egg.
Egg.
egg.
bro you are majestic
W Ebola!
bro looks so majestic
you are looking into my soul
Ayoo New video 🔥🔥🤙
dnSpy can only decompile .NET executables. It's also wrong to say it gets the original source code because it doesn't necessarily. Addtionally, the managed entrypoint method doesn't have to be named Main inside a class named Program.
A lot of unmanaged and managed code can execute before reaching the managed entrypoint.
1. Unmanaged entrypoint (for .NET executables you usually have a single call to _CorExeMain here that kicks off the execution of a .NET program)
2. Managed (.NET) module constructor
3. Static constructor of the class containing the managed entrypoint method
4. Managed entrypoint
Seeing the source code makes my portable Firefox sleep better lol
ur the beeest ytber EVER thanks for the cmd hacks respect
Keep it up buddy make more reverse engineering videos ❤
Thank you this was very helpful
There is also a tool called ghidra that was developed by the NSA. Not as clean cut as what home boy has for dnspy but it can decompile almost any source code.
congrat for new room
Nice content. Thx man
Thanks for info ❤
Finally, the secret method.
finnaly a "non skid" video
thanks man youre the best coder
Ebola my love
i love ur vid
Compiling this using AOT Native will probably make it much harder to reverse it
It's important to note that this is for .NET only. Pretty cool to start, but not very useful for reverse engineering, most malware and secured applications are written in C++ or C. For these languages you need to learn assembly and work with IDA or x64dbg. :)
And visual basic
Can you make a video on "how games get hacked"
Yessir
But how do they get hacked?
Fr
Fr
Thanks sir
token first is that base 64 user id next is when it was created by time and next is random
*Laughs in Applocker 😂😂
You grew kinda fast
Yes, I'd like to learn more about reverse engineering and decompiling. Where do I begin? 🙂
appreciate tecca in background
how do you make to prevent tokens/sessions browser hijacking?
This guy is the master of clickbait, he didnt even use Ghidra
can you make tutorials on reverse engineering C++ game applications?
bros a malware himself......cuz he be stealing my heart bro😭
😂😂
bro says his "T's" very aggressively
Whats funny that they have their entire webhook open meaning you can just spam the hell out of their webhook with that url, if you run the exe through triage you can get their bot token and login through a bot client and screw with them that way too
What a genius!
This is only for programs that are written in the language C# for NET, NET FRAMEWORK
Looksmaxxing
nah fr, it only works on .NET executables though. if you have a native executable you're gonna need a disassembler (like IDA or dbg64) or smth and reverse ingeneering the hard way with assembly which is hard and painful, after that you can *understand* (and not decompile) the code. Because native code symbols is often mangled or unexposed (labels are not exported), you can't get them back.
Question: Are the cookies encrypted once the have been saved into that folder? How does the code bypass this problem?
really nice video!
personally I'd be interested in reversing/cracking simple software, like just bypassing a simple "password:" input in a python .exe file.
Have a great day!
Nice video
really helpfull no more viruses
Seeing malware released without a stripped binary always confuses me, why would you release it with compilation info/debug symbols
Idk if you can strip that from .NET C# programs though, I've never tried it before
It is possible to put the bytes of a mashine code inside a batch file to redirect the mashine code into a new executable file with pipe operators(>).
Remember guys, this is ONLY for c#. this isnt considered as reverse engineering just deompiling. You cant decompile to easy readable code for C++ .exe/.dll files. To "decompile" c++ applications/libraries you will need to do reverse engineering.
i've used dnspy before to modify games, but holy shit i didn't realize how powerful this tool is.
it might also be able to open files made with cython
good videos i can finally crack the system
Amazing job! Can you teach us how to create pixel trigger bot? (educational purposes only)
Ghildra has entered the chat.
video banner : c++/c
irl : non obfuscated c#
he send you a free grabber you just need to change the weebhook lmao haha
Opinions on hello kitty?
its not "C# Assembly". dotNet framework and dotNet core don't actually compile code directly into assembly or any type of actual machine code. its "compiled" into IL which is intermediate language that is a step up from assembly that is still very readable and doesnt share many similarities with asm. .Net core and framework runtime libraries are essentially interpreters for IL and thats why it needs to be on your computer to run it. MSIL is the reason .net can be cross platform because it isnt actually being compiled and is just interpreted during run time kinda like python (massive overstatement but the basis is there).
im gonna listen to it all first but im at 2min07 and question popped in my head, are you sure i should trust that .exe?
I like to use batch files as an open source container to put the instructions of a routine inside to create a new executable file to run inside the encapsulated DosBox emulation. So all instructions are visible and not hidden and i never made malware or a virus.
Moral of the story: Use a C2 server
C# .exe can be encoded tho, and even so if this is not useful at all if you code in c++
but dnspy is only for .NET, is there a way to know in which language a binary was made?
good luck decompiling rust compiled exe
as someone who codes malware in python, I see this as an absoloute win
pyinstaller files are even easier to decompile 💀
Whens the new server coming
make a known grabber reverser. that would rlly help ppl
good
Hey, love your vids. Is there any way that you could teach us how to deobfuscate stuff?
Dose this work on other programming languages too like for example Python?
no
what are these leds in back
99.99% of malware is obfuscated in one way or another... btw bro looks majestic asf for some reason
he mogged us
yea true but most people just use x64dbg a free program for reverse engineering
bro what would you suggest an app for android just like cheat engine.
w mans
The video: convert. Exe to source code
What my brain heard: heres how to skid and steal any app you want.
If i drag in an exe it only shows PE
Is that if its a shortcut?
No, its most likely because the exe is not a .NET exe. Shortcuts are not PE. PE files are exe, dll, etc.
Is there a way to have it like converted to like a python code?
does it works for cubase pro tools mairlist thank you so much
This is only for .NET compiled executables. Not for C/c++ compiled malware..
IIRC It also wont work with languages such as rust.
help, i know this is irrelevant but my phone got stolen is there a way i can trace it (tried google maps and it didnt work)