0:00 intro 0:13 storytime 1:18 important to learn this 1:47 setting up 2:26 decompiling 3:14 breaking down code 5:23 used on me 6:07 how it works 7:35 outro

Most malware is written in C/C++ reverse engineering the assembly back is much harder than a simple .NET MSIL executable… That’s why writing malware in interpreted languages makes them weak So this is not that useful to be honest

I totally have zero experiences about this, but it's cool to know! Thanks for the amazing video!

Notes: 3:07 for Forms/WPF apps, yes it does start in the Program class, but I rather suggest looking in the MainForm class as most of the code is located in there 5:00 don't recommend obfuscating! There's a much easier way to ensure that people attempting to reverse engineer your code go through a lot of pain: compiling it into native code. Nick Chapsas has an excellent video on that topic

you never fail to spread our cheeks and fill us with your goodness 😊

this literary need 0 RE skills. Default c# compiled files are too easy to decompiled perfectly. You not have to do anything. RE skills need when the executable is compiled with c/c++ for example, where you cannot see function and variable names, compiler optimaze (eg: convert 2 or more functions to 1) and so many times decompilers fail to analyze specific parts or they decompile them wrong and ofc a big challenge is when excutable is protected/packed/obfuscated or virtualized

Can you make a video on "how games get hacked"

also if the program is written not in C# but in C for example its much much harder to reverse engineer also there are tools that obfuscate those C# assemblies

good vid and finally you are back

The skids are gonna love this

THANK YOU, VERY MUCH! edit: i literally inspect malware with notepad by searching for "crypto", "discord", or "token"

One weird thing I've seen with C# is if you make a private async void in visual studio, compile it, then open the source code using DnSpy. The stuff inside the void/function looks odd, it almost looks like it obf itself. If you dont know what I'm talking about try the steps I said above, and if you could please tell me why it does that. Thanks (:

dnSpy can only decompile .NET executables. It's also wrong to say it gets the original source code because it doesn't necessarily. Addtionally, the managed entrypoint method doesn't have to be named Main inside a class named Program. A lot of unmanaged and managed code can execute before reaching the managed entrypoint. 1. Unmanaged entrypoint (for .NET executables you usually have a single call to _CorExeMain here that kicks off the execution of a .NET program) 2. Managed (.NET) module constructor 3. Static constructor of the class containing the managed entrypoint method 4. Managed entrypoint

thanks, that was a useful one. absolutely need more videos about reverse engineering, maybe different methods and tools

Ayoo New video 🔥🔥🤙

Thank you for your videos, they are very interesting, keep them like that ❤

W Ebola!

i love you ebola man

Your content is very informative. Better than all other youtubers I have seen so far

Seeing the source code makes my portable Firefox sleep better lol

egg.

Great as always...keep it u dude...

wow your vids are really interesting are informative keep it up

It's really impressive the things you teach. I was wondering, how did you go about learning all of this?

mine doesn't show any reference only the PE

All of your videos are so interesting thanks for showing me how to do this, it's so cool

bros a malware himself......cuz he be stealing my heart bro😭

finnaly a "non skid" video

Remember guys, this is ONLY for c#. this isnt considered as reverse engineering just deompiling. You cant decompile to easy readable code for C++ .exe/.dll files. To "decompile" c++ applications/libraries you will need to do reverse engineering.

IDK but bro is glowing

99.99% of malware is obfuscated in one way or another... btw bro looks majestic asf for some reason

I love your video :)

This guy is the master of clickbait, he didnt even use Ghidra

This content got me screaming

what if its encrypted

Opinions on hello kitty?

ur the beeest ytber EVER thanks for the cmd hacks respect

There is also a tool called ghidra that was developed by the NSA. Not as clean cut as what home boy has for dnspy but it can decompile almost any source code.

Finally, the secret method.

Compiling this using AOT Native will probably make it much harder to reverse it

egypt is on fire with your content

the nature of .net c# makes it really easy to do this, writing malware in c# is very counterintuitive because of this most of the time malware is written in languages like c or c++ which is many times harder to actually decompile after it is disassembled, full decompilation projects for software written in these common languages have historically had many contributers and can take years to complete

its not "C# Assembly". dotNet framework and dotNet core don't actually compile code directly into assembly or any type of actual machine code. its "compiled" into IL which is intermediate language that is a step up from assembly that is still very readable and doesnt share many similarities with asm. .Net core and framework runtime libraries are essentially interpreters for IL and thats why it needs to be on your computer to run it. MSIL is the reason .net can be cross platform because it isnt actually being compiled and is just interpreted during run time kinda like python (massive overstatement but the basis is there).

This is only for programs that are written in the language C# for NET, NET FRAMEWORK

I fucking LOVE EBOLA MAN

can you make tutorials on reverse engineering C++ game applications?

sometimes the code is in program_Data\Assembly-CSharp.dll if its a unity app or program.dll

Yes, I'd like to learn more about reverse engineering and decompiling. Where do I begin? 🙂

i love ur vid

If i drag in an exe it only shows PE Is that if its a shortcut?

This is only for .NET compiled executables. Not for C/c++ compiled malware..

Sadly C# has been used less and less for malware, making dnSpy basically unrelevant nowadays. (Still good for game cheating) To reverse engineer Malware nowadays you'll probably have to use IDA or alternative decompilers such as Binja. Another thing is that "good" obfuscators have been cracked (e.g VMP also I know that VMP aint that good but you aint gonna do shit on a VMP protected binary with newbie knowledge) Also im pretty certain that stuff like Oreans Code Virtualizer is free now so thats another pretty good option.

how do you make to prevent tokens/sessions browser hijacking?

really nice video! personally I'd be interested in reversing/cracking simple software, like just bypassing a simple "password:" input in a python .exe file. Have a great day!

bro says his "T's" very aggressively

it might also be able to open files made with cython

bro looks so majestic

And if there is just PE?

he send you a free grabber you just need to change the weebhook lmao haha

Question: Are the cookies encrypted once the have been saved into that folder? How does the code bypass this problem?

appreciate tecca in background

what do i do when the EXE only has a PE header?

The video: convert. Exe to source code What my brain heard: heres how to skid and steal any app you want.

btw i got from moom an rat he said it was an rat setup ( the discord server is down bc someone did smth ) ( hes one of my friends the one who takethe server down)

nah fr, it only works on .NET executables though. if you have a native executable you're gonna need a disassembler (like IDA or dbg64) or smth and reverse ingeneering the hard way with assembly which is hard and painful, after that you can *understand* (and not decompile) the code. Because native code symbols is often mangled or unexposed (labels are not exported), you can't get them back.

but dnspy is only for .NET, is there a way to know in which language a binary was made?

bruh c# code is ez to crack even if it's packed or obfuscated , it will be a whole different story if it was written with native code like c or c++

Whats funny that they have their entire webhook open meaning you can just spam the hell out of their webhook with that url, if you run the exe through triage you can get their bot token and login through a bot client and screw with them that way too

you just earn a new subscriber

im gonna listen to it all first but im at 2min07 and question popped in my head, are you sure i should trust that .exe?

Moral of the story: Use a C2 server

bro you are majestic

bro what would you suggest an app for android just like cheat engine.

It's important to note that this is for .NET only. Pretty cool to start, but not very useful for reverse engineering, most malware and secured applications are written in C++ or C. For these languages you need to learn assembly and work with IDA or x64dbg. :)

4:01 theres no mozilla in here 💀

Okay everyone that is reading huge explanations for everything so c# is very easy to decompile so his title is nice but not all executables are easy to just put into DNSpy or the other one. Obfuscation: usually used in programming languages that are high level like c#, python, java, visual base all of these can be decompiled or already are readable but besides that obfuscation is used for making reverse engineers harder because a file could be 100 mg but only 4 lines of code. How does obfuscation look like usually opening one of these files you might see the alphabet or just AAAAAAAA = thrbfbdjgwhaoshdj which is weird but that is the hold point it needs to be messy and unreadable. Decompile: basically taking the compiled application and restoring almost or all the way to readable code IDA, x64dbg, ghidra: great reverse engineering application but IDA and ghidra are for not running applications called statice and x64dbg is a great tool for debugging usually used for a running application to see what is does called dynamic test honestly get good at all of them Have fun with what ever you do

You grew kinda fast

Man, no matter how well you explain, if you move the cursor on the screen at crazy speed NO ONE will want you to appreciate the work. It is very disturbing chosen chaos of the cursor.

does it works for cubase pro tools mairlist thank you so much

Whens the new server coming

token first is that base 64 user id next is when it was created by time and next is random

Does it work for dlls ?

i've used dnspy before to modify games, but holy shit i didn't realize how powerful this tool is.

mine doesnt open code. only // location and // timestamp with only PE tab

Thanks for info ❤

thanks man youre the best coder

good luck decompiling rust compiled exe

what are these leds in back

It is possible to put the bytes of a mashine code inside a batch file to redirect the mashine code into a new executable file with pipe operators(>).

as someone who codes malware in python, I see this as an absoloute win

cant you open the EXE with a hex editor convert the hex to binary then convert the binary to letters and then convert the letters (Assembly) to source code?

Can you create an invite link for your discord server?

C# and all other languages .NET compile source into something called Intermediate Language (IL) this is meant to be code that is platform independent, and .NET runtimes/interpreters interpret the IL code, except that runtime was only released on windows. . .

Amazing job! Can you teach us how to create pixel trigger bot? (educational purposes only)

I clicked thinking there’s a new tool that converts asm instructions from an exe to somewhat readable and formatted c.

Genuine question whhy do people use token grabbers?

video banner : c++/c irl : non obfuscated c#

Seeing malware released without a stripped binary always confuses me, why would you release it with compilation info/debug symbols Idk if you can strip that from .NET C# programs though, I've never tried it before

why there's no firefox in that list? it wont work on firefox?

Is there a way to have it like converted to like a python code?