0:00 intro 0:13 storytime 1:18 important to learn this 1:47 setting up 2:26 decompiling 3:14 breaking down code 5:23 used on me 6:07 how it works 7:35 outro
@Kecske_Gaming4 ай бұрын
paste this in the description thanks
@techhub6224 ай бұрын
I mistakenly exited the discord channel, please could you share the link?
@vorax04 ай бұрын
ebola whats your discord server?
@remy28854 ай бұрын
try oding this with a crypted file 💀
@shortanimations29224 ай бұрын
@ebolaman_ pls make video on how FUD a exe file
@neos_hackerspace5 ай бұрын
Most malware is written in C/C++ reverse engineering the assembly back is much harder than a simple .NET MSIL executable… That’s why writing malware in interpreted languages makes them weak So this is not that useful to be honest
@zeez77775 ай бұрын
Yeah especially if its packed and you cant just throw it in ida or ghidra or w/e
@justind46155 ай бұрын
and even if they are written in C# hacker can just use C# Assembly obfuscators but i havent tried them
@gauxalot5 ай бұрын
@@justind4615c# obfuscators are pretty much useless
@hecker55565 ай бұрын
@@hahahaha-hi3wt not much you can do except spend hours reading the assembly figuring out what happens step by step
@borsukk5 ай бұрын
that's another sitty youtuber trying to get kids attention pretending to know anything, don't worry
@luuu_na355 ай бұрын
I totally have zero experiences about this, but it's cool to know! Thanks for the amazing video!
@arflopped4 ай бұрын
Notes: 3:07 for Forms/WPF apps, yes it does start in the Program class, but I rather suggest looking in the MainForm class as most of the code is located in there 5:00 don't recommend obfuscating! There's a much easier way to ensure that people attempting to reverse engineer your code go through a lot of pain: compiling it into native code. Nick Chapsas has an excellent video on that topic
@occultsupport5 ай бұрын
you never fail to spread our cheeks and fill us with your goodness 😊
@freezycq5 ай бұрын
huh
@BlazeAaditya-zd1mc5 ай бұрын
what
@Flyingturt1e5 ай бұрын
soooo original
@lollol6735 ай бұрын
Ayo?!
@makemehappy29695 ай бұрын
Ayo WTF?!
@AniStriking5 ай бұрын
good vid and finally you are back
@justind46155 ай бұрын
also if the program is written not in C# but in C for example its much much harder to reverse engineer also there are tools that obfuscate those C# assemblies
@dhheisterYT3 ай бұрын
know any to use?
@justind46153 ай бұрын
@@dhheisterYT what do you mean? programs that obfuscate?
@dhheisterYT3 ай бұрын
@@justind4615 yes
@justind46153 ай бұрын
@@dhheisterYT I think i commented the program name but it got removed..
@dhheisterYT3 ай бұрын
@@justind4615 perhaps you can commented it on one of my youtube videos
@johnd.65434 ай бұрын
this literary need 0 RE skills. Default c# compiled files are too easy to decompiled perfectly. You not have to do anything. RE skills need when the executable is compiled with c/c++ for example, where you cannot see function and variable names, compiler optimaze (eg: convert 2 or more functions to 1) and so many times decompilers fail to analyze specific parts or they decompile them wrong and ofc a big challenge is when excutable is protected/packed/obfuscated or virtualized
@Emorejets5 ай бұрын
It's really impressive the things you teach. I was wondering, how did you go about learning all of this?
@krajeq5 ай бұрын
Thank you for your videos, they are very interesting, keep them like that ❤
@UnrealSecurity4 ай бұрын
dnSpy can only decompile .NET executables. It's also wrong to say it gets the original source code because it doesn't necessarily. Addtionally, the managed entrypoint method doesn't have to be named Main inside a class named Program. A lot of unmanaged and managed code can execute before reaching the managed entrypoint. 1. Unmanaged entrypoint (for .NET executables you usually have a single call to _CorExeMain here that kicks off the execution of a .NET program) 2. Managed (.NET) module constructor 3. Static constructor of the class containing the managed entrypoint method 4. Managed entrypoint
@GorillaTaggingKid_OLD5 ай бұрын
One weird thing I've seen with C# is if you make a private async void in visual studio, compile it, then open the source code using DnSpy. The stuff inside the void/function looks odd, it almost looks like it obf itself. If you dont know what I'm talking about try the steps I said above, and if you could please tell me why it does that. Thanks (:
@Riskeee.4 ай бұрын
Reel GorillaTaggingKid???
@GorillaTaggingKid_OLD4 ай бұрын
yes@@Riskeee.
@GorillaTaggingKid_OLDАй бұрын
@@Riskeee. yep. HEY MOM, I'M FAMOUS.
@Riskeee.Ай бұрын
@@GorillaTaggingKid_OLD I’m in ur dc lol
@GorillaTaggingKid_OLDАй бұрын
@@Riskeee. bruh
@nandanray1005 ай бұрын
Great as always...keep it u dude...
@isaacsong-so5um5 ай бұрын
wow your vids are really interesting are informative keep it up
@ZlobnyjKaban5 ай бұрын
thanks, that was a useful one. absolutely need more videos about reverse engineering, maybe different methods and tools
@AzurePages4 ай бұрын
The skids are gonna love this
@brahbah9349Ай бұрын
As a skid i love this 🤫
@mr.atomictitan99384 ай бұрын
There is also a tool called ghidra that was developed by the NSA. Not as clean cut as what home boy has for dnspy but it can decompile almost any source code.
@kamoliddintrade4 ай бұрын
Your content is very informative. Better than all other youtubers I have seen so far
@Ahmedblog4games2 ай бұрын
egypt is on fire with your content
@boogaplays1234 ай бұрын
Can you make a video on "how games get hacked"
@IbrahimLubaniShorts4 ай бұрын
Yessir
@Rip6224 ай бұрын
But how do they get hacked?
@zoozer97234 ай бұрын
Fr
@pec35944 ай бұрын
Fr
@camerongamer5 ай бұрын
THANK YOU, VERY MUCH! edit: i literally inspect malware with notepad by searching for "crypto", "discord", or "token"
@kamoliddintrade4 ай бұрын
how do you do that?
@jeffjoejnr4 ай бұрын
@@kamoliddintrade Drag the file and drop in an empty opened notepad
@tryingtonot33695 ай бұрын
i love you ebola man
@TheGravyGuzzler4 ай бұрын
This content got me screaming
@noahrichardson34725 ай бұрын
I fucking LOVE EBOLA MAN
@TheGabrielMoon5 ай бұрын
how do you make to prevent tokens/sessions browser hijacking?
@x4dam5 ай бұрын
W Ebola!
@oxygen-hostingservertuto8705 ай бұрын
token first is that base 64 user id next is when it was created by time and next is random
@grnm13374 ай бұрын
It's important to note that this is for .NET only. Pretty cool to start, but not very useful for reverse engineering, most malware and secured applications are written in C++ or C. For these languages you need to learn assembly and work with IDA or x64dbg. :)
@KhanTest-hh4mn4 ай бұрын
And visual basic
@danbromberg2 ай бұрын
Yes, I'd like to learn more about reverse engineering and decompiling. Where do I begin? 🙂
@stolenthings31895 ай бұрын
IDK but bro is glowing
@trexioasx33913 ай бұрын
Remember guys, this is ONLY for c#. this isnt considered as reverse engineering just deompiling. You cant decompile to easy readable code for C++ .exe/.dll files. To "decompile" c++ applications/libraries you will need to do reverse engineering.
@Al-Musalmiin5 ай бұрын
can you make tutorials on reverse engineering C++ game applications?
@mrroblick5 ай бұрын
This is only for programs that are written in the language C# for NET, NET FRAMEWORK
@fayking4 ай бұрын
you are looking into my soul
@customgunz004 ай бұрын
bro looks so majestic
@official.DonaldTrump5 ай бұрын
finnaly a "non skid" video
@hinahammad10473 ай бұрын
it might also be able to open files made with cython
@MarcoGrassi-uj5osАй бұрын
Question: Are the cookies encrypted once the have been saved into that folder? How does the code bypass this problem?
@maxmuster70034 ай бұрын
It is possible to put the bytes of a mashine code inside a batch file to redirect the mashine code into a new executable file with pipe operators(>).
@MalwareLab1505 ай бұрын
I love your video :)
@OWLySАй бұрын
Compiling this using AOT Native will probably make it much harder to reverse it
@SiFunk5 ай бұрын
Ayoo New video 🔥🔥🤙
@Psychopatz4 ай бұрын
Seeing the source code makes my portable Firefox sleep better lol
@shadowmonster6684 ай бұрын
its not "C# Assembly". dotNet framework and dotNet core don't actually compile code directly into assembly or any type of actual machine code. its "compiled" into IL which is intermediate language that is a step up from assembly that is still very readable and doesnt share many similarities with asm. .Net core and framework runtime libraries are essentially interpreters for IL and thats why it needs to be on your computer to run it. MSIL is the reason .net can be cross platform because it isnt actually being compiled and is just interpreted during run time kinda like python (massive overstatement but the basis is there).
@darkfllame5 ай бұрын
nah fr, it only works on .NET executables though. if you have a native executable you're gonna need a disassembler (like IDA or dbg64) or smth and reverse ingeneering the hard way with assembly which is hard and painful, after that you can *understand* (and not decompile) the code. Because native code symbols is often mangled or unexposed (labels are not exported), you can't get them back.
@Joefry.5 ай бұрын
Seeing malware released without a stripped binary always confuses me, why would you release it with compilation info/debug symbols Idk if you can strip that from .NET C# programs though, I've never tried it before
@egg.egg.egg.egg.5 ай бұрын
egg.
@ezaldey6115 ай бұрын
🥚
@TooMuchPing5 ай бұрын
egg.
@alexaccount15 ай бұрын
egg.
@chigga5years1735 ай бұрын
Egg.
@EpicNoobx5 ай бұрын
egg.
@seansingh4421Ай бұрын
*Laughs in Applocker 😂😂
@user-yz9ld1cg4d5 ай бұрын
Keep it up buddy make more reverse engineering videos ❤
@finn77984 ай бұрын
bro you are majestic
@FeTetraАй бұрын
the nature of .net c# makes it really easy to do this, writing malware in c# is very counterintuitive because of this most of the time malware is written in languages like c or c++ which is many times harder to actually decompile after it is disassembled, full decompilation projects for software written in these common languages have historically had many contributers and can take years to complete
@Fevirre5 ай бұрын
Whats funny that they have their entire webhook open meaning you can just spam the hell out of their webhook with that url, if you run the exe through triage you can get their bot token and login through a bot client and screw with them that way too
@omarsplaytimechannel5 ай бұрын
Finally, the secret method.
@terrasystemlabs4 ай бұрын
but dnspy is only for .NET, is there a way to know in which language a binary was made?
@maxmuster70034 ай бұрын
I like to use batch files as an open source container to put the instructions of a routine inside to create a new executable file to run inside the encapsulated DosBox emulation. So all instructions are visible and not hidden and i never made malware or a virus.
@lcm_20804 ай бұрын
If i drag in an exe it only shows PE Is that if its a shortcut?
@honestsniping14 ай бұрын
No, its most likely because the exe is not a .NET exe. Shortcuts are not PE. PE files are exe, dll, etc.
@joelav33Ай бұрын
im gonna listen to it all first but im at 2min07 and question popped in my head, are you sure i should trust that .exe?
@carpye27745 ай бұрын
appreciate tecca in background
@user-gq5bc6zy5p5 ай бұрын
does it works for cubase pro tools mairlist thank you so much
@skillerghg57962 ай бұрын
he send you a free grabber you just need to change the weebhook lmao haha
@orren69995 ай бұрын
Opinions on hello kitty?
@mirozo5 ай бұрын
mine doesnt open code. only // location and // timestamp with only PE tab
@johnd.65434 ай бұрын
as he said only works with .net c# compiled executables
@PogoDigitalism5 ай бұрын
This is only for .NET compiled executables. Not for C/c++ compiled malware..
@user-zh4bl5xz7r5 ай бұрын
IIRC It also wont work with languages such as rust.
@MB-hg3lh5 ай бұрын
Whens the new server coming
@OfficialAfterLifeEdits2 ай бұрын
ur the beeest ytber EVER thanks for the cmd hacks respect
@Shoxa_4ever4 ай бұрын
congrat for new room
@BnodChaudharyBunnyАй бұрын
you just earn a new subscriber
@softwhere074 ай бұрын
Is there a way to have it like converted to like a python code?
@heisenberg52975 ай бұрын
i thought you were going to use apps like x64dbg and view the assembly code. u cant do anything with dnspy to app that has been fully converted to machine language
@reidafesta91314 ай бұрын
x64dbg is a debugger for native. ida pro would prob be the best for static analysis
@adhero13375 ай бұрын
what are these leds in back
@soonapt5 ай бұрын
Dose this work on other programming languages too like for example Python?
@AnonymousApexio4 ай бұрын
no
@thegrimreaper69644 ай бұрын
bro what would you suggest an app for android just like cheat engine.
@thepurplekingdavis72844 ай бұрын
btw i got from moom an rat he said it was an rat setup ( the discord server is down bc someone did smth ) ( hes one of my friends the one who takethe server down)
@nesadlevent3 ай бұрын
Amazing job! Can you teach us how to create pixel trigger bot? (educational purposes only)
@DEFHerobrine5 ай бұрын
what if there is no real code visible? i just have the folder PE
@UNSP0KENMC5 ай бұрын
Hey, love your vids. Is there any way that you could teach us how to deobfuscate stuff?
@asy426995 ай бұрын
help, i know this is irrelevant but my phone got stolen is there a way i can trace it (tried google maps and it didnt work)
@boreneoman77284 ай бұрын
why there's no firefox in that list? it wont work on firefox?
@dead_protagonist5 ай бұрын
bro says his "T's" very aggressively
@Veso2664 ай бұрын
Could u share the original bat and vbs file? Would realy like to see what happens before u get the exe
@asapcoder4 ай бұрын
Ebola my love
@jkghj28ff4 ай бұрын
And if there is just PE?
@gTL_13373 ай бұрын
really nice video! personally I'd be interested in reversing/cracking simple software, like just bypassing a simple "password:" input in a python .exe file. Have a great day!
@Zephyl28374 ай бұрын
Can you create an invite link for your discord server?
@zgrz6tuuu4 ай бұрын
thanks man youre the best coder
@llaarnes5 ай бұрын
Nice content. Thx man
@BarkSaw4 ай бұрын
This guy is the master of clickbait, he didnt even use Ghidra
@Ar4an4 ай бұрын
Thanks for info ❤
@VNR_clips5 ай бұрын
C# .exe can be encoded tho, and even so if this is not useful at all if you code in c++
@yashu_28035 ай бұрын
really helpfull no more viruses
@elemento2814 ай бұрын
i've used dnspy before to modify games, but holy shit i didn't realize how powerful this tool is.
@user-yt1dh5zh7y5 ай бұрын
hi ebola man, great vid but i have a suggestion, can you do a video on how hackers crack passwords in kali linux .(Tools like hydra or john the ripper).PLS
@KaptanUfuk3 ай бұрын
video banner : c++/c irl : non obfuscated c#
@door_vr46515 ай бұрын
Bro some guy on discord sent me a .exe and I ran it and my discord account got hacked and he kept sending my address and ip to everyone and now I’m sad this happened yesterday
@keyon_renner4 ай бұрын
Moral of the story: Use a C2 server
@Exploit-9995 ай бұрын
Thanks sir
@DiamondSaberYTАй бұрын
I clicked thinking there’s a new tool that converts asm instructions from an exe to somewhat readable and formatted c.
@augiaii51305 ай бұрын
Genuine question whhy do people use token grabbers?
@yura696992 ай бұрын
what if its encrypted
@omerahmed40662 ай бұрын
The sys32 file on your computer actually trys to stop your computer from revealing source code to keep copyrighted code from being distributed, so if you delete that, then go to settings > advanced > debug mode and turn debug on, you can reveal source code by just right clicking and pressing decompile in the context menu.