0:00 intro 0:13 storytime 1:18 important to learn this 1:47 setting up 2:26 decompiling 3:14 breaking down code 5:23 used on me 6:07 how it works 7:35 outro

Most malware is written in C/C++ reverse engineering the assembly back is much harder than a simple .NET MSIL executable… That’s why writing malware in interpreted languages makes them weak So this is not that useful to be honest

I totally have zero experiences about this, but it's cool to know! Thanks for the amazing video!

Notes: 3:07 for Forms/WPF apps, yes it does start in the Program class, but I rather suggest looking in the MainForm class as most of the code is located in there 5:00 don't recommend obfuscating! There's a much easier way to ensure that people attempting to reverse engineer your code go through a lot of pain: compiling it into native code. Nick Chapsas has an excellent video on that topic

you never fail to spread our cheeks and fill us with your goodness 😊

good vid and finally you are back

also if the program is written not in C# but in C for example its much much harder to reverse engineer also there are tools that obfuscate those C# assemblies

this literary need 0 RE skills. Default c# compiled files are too easy to decompiled perfectly. You not have to do anything. RE skills need when the executable is compiled with c/c++ for example, where you cannot see function and variable names, compiler optimaze (eg: convert 2 or more functions to 1) and so many times decompilers fail to analyze specific parts or they decompile them wrong and ofc a big challenge is when excutable is protected/packed/obfuscated or virtualized

It's really impressive the things you teach. I was wondering, how did you go about learning all of this?

Thank you for your videos, they are very interesting, keep them like that ❤

dnSpy can only decompile .NET executables. It's also wrong to say it gets the original source code because it doesn't necessarily. Addtionally, the managed entrypoint method doesn't have to be named Main inside a class named Program. A lot of unmanaged and managed code can execute before reaching the managed entrypoint. 1. Unmanaged entrypoint (for .NET executables you usually have a single call to _CorExeMain here that kicks off the execution of a .NET program) 2. Managed (.NET) module constructor 3. Static constructor of the class containing the managed entrypoint method 4. Managed entrypoint

One weird thing I've seen with C# is if you make a private async void in visual studio, compile it, then open the source code using DnSpy. The stuff inside the void/function looks odd, it almost looks like it obf itself. If you dont know what I'm talking about try the steps I said above, and if you could please tell me why it does that. Thanks (:

Great as always...keep it u dude...

wow your vids are really interesting are informative keep it up

thanks, that was a useful one. absolutely need more videos about reverse engineering, maybe different methods and tools

The skids are gonna love this

There is also a tool called ghidra that was developed by the NSA. Not as clean cut as what home boy has for dnspy but it can decompile almost any source code.

Your content is very informative. Better than all other youtubers I have seen so far

egypt is on fire with your content

Can you make a video on "how games get hacked"

THANK YOU, VERY MUCH! edit: i literally inspect malware with notepad by searching for "crypto", "discord", or "token"

i love you ebola man

This content got me screaming

I fucking LOVE EBOLA MAN

how do you make to prevent tokens/sessions browser hijacking?

W Ebola!

token first is that base 64 user id next is when it was created by time and next is random

It's important to note that this is for .NET only. Pretty cool to start, but not very useful for reverse engineering, most malware and secured applications are written in C++ or C. For these languages you need to learn assembly and work with IDA or x64dbg. :)

Yes, I'd like to learn more about reverse engineering and decompiling. Where do I begin? 🙂

IDK but bro is glowing

Remember guys, this is ONLY for c#. this isnt considered as reverse engineering just deompiling. You cant decompile to easy readable code for C++ .exe/.dll files. To "decompile" c++ applications/libraries you will need to do reverse engineering.

can you make tutorials on reverse engineering C++ game applications?

This is only for programs that are written in the language C# for NET, NET FRAMEWORK

you are looking into my soul

bro looks so majestic

finnaly a "non skid" video

it might also be able to open files made with cython

Question: Are the cookies encrypted once the have been saved into that folder? How does the code bypass this problem?

It is possible to put the bytes of a mashine code inside a batch file to redirect the mashine code into a new executable file with pipe operators(>).

I love your video :)

Compiling this using AOT Native will probably make it much harder to reverse it

Ayoo New video 🔥🔥🤙

Seeing the source code makes my portable Firefox sleep better lol

its not "C# Assembly". dotNet framework and dotNet core don't actually compile code directly into assembly or any type of actual machine code. its "compiled" into IL which is intermediate language that is a step up from assembly that is still very readable and doesnt share many similarities with asm. .Net core and framework runtime libraries are essentially interpreters for IL and thats why it needs to be on your computer to run it. MSIL is the reason .net can be cross platform because it isnt actually being compiled and is just interpreted during run time kinda like python (massive overstatement but the basis is there).

nah fr, it only works on .NET executables though. if you have a native executable you're gonna need a disassembler (like IDA or dbg64) or smth and reverse ingeneering the hard way with assembly which is hard and painful, after that you can *understand* (and not decompile) the code. Because native code symbols is often mangled or unexposed (labels are not exported), you can't get them back.

Seeing malware released without a stripped binary always confuses me, why would you release it with compilation info/debug symbols Idk if you can strip that from .NET C# programs though, I've never tried it before

egg.

*Laughs in Applocker 😂😂

Keep it up buddy make more reverse engineering videos ❤

bro you are majestic

the nature of .net c# makes it really easy to do this, writing malware in c# is very counterintuitive because of this most of the time malware is written in languages like c or c++ which is many times harder to actually decompile after it is disassembled, full decompilation projects for software written in these common languages have historically had many contributers and can take years to complete

Whats funny that they have their entire webhook open meaning you can just spam the hell out of their webhook with that url, if you run the exe through triage you can get their bot token and login through a bot client and screw with them that way too

Finally, the secret method.

but dnspy is only for .NET, is there a way to know in which language a binary was made?

I like to use batch files as an open source container to put the instructions of a routine inside to create a new executable file to run inside the encapsulated DosBox emulation. So all instructions are visible and not hidden and i never made malware or a virus.

If i drag in an exe it only shows PE Is that if its a shortcut?

im gonna listen to it all first but im at 2min07 and question popped in my head, are you sure i should trust that .exe?

appreciate tecca in background

does it works for cubase pro tools mairlist thank you so much

he send you a free grabber you just need to change the weebhook lmao haha

Opinions on hello kitty?

mine doesnt open code. only // location and // timestamp with only PE tab

This is only for .NET compiled executables. Not for C/c++ compiled malware..

Whens the new server coming

ur the beeest ytber EVER thanks for the cmd hacks respect

congrat for new room

you just earn a new subscriber

Is there a way to have it like converted to like a python code?

i thought you were going to use apps like x64dbg and view the assembly code. u cant do anything with dnspy to app that has been fully converted to machine language

what are these leds in back

Dose this work on other programming languages too like for example Python?

bro what would you suggest an app for android just like cheat engine.

btw i got from moom an rat he said it was an rat setup ( the discord server is down bc someone did smth ) ( hes one of my friends the one who takethe server down)

Amazing job! Can you teach us how to create pixel trigger bot? (educational purposes only)

what if there is no real code visible? i just have the folder PE

Hey, love your vids. Is there any way that you could teach us how to deobfuscate stuff?

help, i know this is irrelevant but my phone got stolen is there a way i can trace it (tried google maps and it didnt work)

why there's no firefox in that list? it wont work on firefox?

bro says his "T's" very aggressively

Could u share the original bat and vbs file? Would realy like to see what happens before u get the exe

Ebola my love

And if there is just PE?

really nice video! personally I'd be interested in reversing/cracking simple software, like just bypassing a simple "password:" input in a python .exe file. Have a great day!

Can you create an invite link for your discord server?

thanks man youre the best coder

Nice content. Thx man

This guy is the master of clickbait, he didnt even use Ghidra

Thanks for info ❤

C# .exe can be encoded tho, and even so if this is not useful at all if you code in c++

really helpfull no more viruses

i've used dnspy before to modify games, but holy shit i didn't realize how powerful this tool is.

hi ebola man, great vid but i have a suggestion, can you do a video on how hackers crack passwords in kali linux .(Tools like hydra or john the ripper).PLS

video banner : c++/c irl : non obfuscated c#

Bro some guy on discord sent me a .exe and I ran it and my discord account got hacked and he kept sending my address and ip to everyone and now I’m sad this happened yesterday

Moral of the story: Use a C2 server

Thanks sir

I clicked thinking there’s a new tool that converts asm instructions from an exe to somewhat readable and formatted c.

Genuine question whhy do people use token grabbers?

what if its encrypted

what do i do when the EXE only has a PE header?