Click here to Skip to main content
15,921,716 members
Please Sign up or sign in to vote.
1.00/5 (2 votes)
See more:
Hello everyone,

I need your help again because I’m looking to deobfuscate a string.

First I have a few questions for you experts regarding my code that you will find below:
- Is it possible to make it simpler?
- Do you see mistakes or illogical things?
- Is it possible to extract the desired parts in BYTES in order to avoid unnecessary conversion and weighing down the code?

So for my problem... I have a file that is encoded in 2 steps.
The first step of encoding (BYTES multiplied by 2) seems raised to me: I manage to open with my program the file and deobfuscate by dividing by 2 the BYTES.
But! For there is always a but! After executing this code on a file I notice that there is a second level of encoding that reacts in 2 different ways depending on the start and end delimiter! Let me explain.
For the code contained in the delimiters 5E54/545E (5E54"CODE EN HEX"545E) or 5E5E/1A14: in this example C2 (in HEX) = a (in ASCII) but this applies to all the HEX that define a characteristic and that follow each other!
- a = C2
- aa = 3C643AC23E
- aaa = 3C643AC23E
- aaaa = 3C663AC23E
- aaaaa = 3C683AC23E
- aaaaaa = 3C6A3AC23E
- aaaaaaa = 3C6C3AC23E
- aaaaaaaa = 3C6E3AC23E
- aaaaaaaaa = 3C703AC23E
- aaaaaaaaaa = 3C723AC23E
- aaaaaaaaaaa (10) = 3C62603AC23E
- aaaaaaaaaaaa = 3C62623AC23E
- aaaaaaaaaaaaaaaaaaaaaa (20) = 3C64603AC23E
- aaa... (100) = 3C6260603AC23E (guess)
And for codes not contained in this delimiter:
- a = C2
- aa = C2C2
- aaa = 3C643AC23E
- ...

I specify that this example is valid before having divided by 2 the BYTES, after division the set of HEX is divided by 2 (C2 = 61 ; 3C = 1E ; ...)

So, since I start in C# this part becomes extremely complicated for me! So let me ask you a few questions before I start without knowing where I’m going: how? Do you have any leads on what I should use to do this? and the simplest method in your opinion?
My goal is to find, analyze, and replace the parts of the STRING encoded with this second level. For example 3C643AC23E by C2C2.

Thank you in advance for your contribution!

What I have tried:

Nothing at all for now! I prefer to have leads by experts because I have no idea how to do that!
Posted
Updated 28-Jan-23 22:12pm
v2

1 solution

While we are more than willing to help those that are stuck, that doesn't mean that we are here to do it all for you! We can't do all the work, you are either getting paid for this, or it's part of your grades and it wouldn't be at all fair for us to do it all for you.

So we need you to do the work, and we will help you when you get stuck. That doesn't mean we will give you a step by step solution you can hand in!
Start by explaining where you are at the moment, and what the next step in the process is. Then tell us what you have tried to get that next step working, and what happened when you did.
We are not a "code to order" site.

If you are having problems getting started at all, then this may help: How to Write Code to Solve a Problem, A Beginner's Guide[^]
 
Share this answer
 
Comments
Joan FUHRMANN 28-Jan-23 14:38pm    
Hello OriginalGriff, so first of all thank you for your answer but it seems to me that you have not even looked at my question but only what I had undertaken so far. if you had looked at my question you would have seen that a large part of my code is already done and that I share it with everyone in order to help people who are just starting out like me. In addition, you would also have noticed that I ask the experts explaining where I am currently:
- If my code seems correct and what improvements could be made
- on the rest of my code I explain my goal, I analyzed my file in order to formalize the encoding of the file and above all I ask for leads on the best way to desobfuscate the code. in no case am I asking for a ready-to-use code.
pkfox 31-Jan-23 3:17am    
if a large part of your code is already done put it on here
Joan FUHRMANN 1-Feb-23 12:43pm    
Hello pkfox,

Indeed a large part of my code is made and I edited my question to remove it because I understood that I will not have any help.

I have never come to this forum to ask for a code ready to use. Instead of considering myself a thief I would have preferred a pseudo code for example to be able to understand my programming at best. I’m just starting out and looking for advice.

To prove myself you can see some of my code here: https://www.codeproject.com/Questions/5353088/Divide-each-HEX-into-a-string

Since I divide my BYTES directly at the opening thanks to the kind help provided on this post (thanks to them again!) which gives in modification:
filePath = openFileDialog.FileName;
var fileStream = openFileDialog.OpenFile();
byte[] readBytes = File.ReadAllBytes(filePath);
for (var i = 0; i < readBytes.Length; i++)
{
readBytes[i] /= 2;
}
foreach (byte s in readBytes)
{
Console.WriteLine(s);
}
byte[] data = readBytes;

I have since found help elsewhere and some tips have been given to extract the desired code and thus avoid converting my code to HEX and then again to BYTES to save the new file. This part is being finalized and I will have one step left to complete my program, which is to transform the encoded part.

Learning in progress...!

Have a great day.

This content, along with any associated source code and files, is licensed under The Code Project Open License (CPOL)



CodeProject, 20 Bay Street, 11th Floor Toronto, Ontario, Canada M5J 2N8 +1 (416) 849-8900