New protections

- Bump version
- Added Control Flow
- Improved String Encryption
- Added Stripping DOS Header
- Improved code efficiency (i.e. analyzers)
- Added Anti-De4dot
- Improved Integer Encoding

Author: AnErrupTion

LoGiC.NET.csproj

@@ -31,6 +31,7 @@
     <DefineConstants>TRACE</DefineConstants>
     <ErrorReport>prompt</ErrorReport>
     <WarningLevel>4</WarningLevel>
+    <Prefer32Bit>false</Prefer32Bit>
   </PropertyGroup>
   <PropertyGroup>
     <StartupObject>LoGiC.NET.Program</StartupObject>
@@ -56,12 +57,15 @@
   <ItemGroup>
     <Compile Include="Program.cs" />
     <Compile Include="Properties\AssemblyInfo.cs" />
+    <Compile Include="Protections\AntiDe4dot.cs" />
     <Compile Include="Protections\AntiTamper.cs" />
+    <Compile Include="Protections\ControlFlow.cs" />
     <Compile Include="Protections\IntEncoding.cs" />
     <Compile Include="Protections\JunkMethods.cs" />
     <Compile Include="Protections\ProxyAdder.cs" />
     <Compile Include="Protections\Renamer.cs" />
     <Compile Include="Protections\StringEncryption.cs" />
+    <Compile Include="Protections\StripDOSHeader.cs" />
     <Compile Include="Utils\Analyzer\DefAnalyzer.cs" />
     <Compile Include="Utils\Analyzer\EventDefAnalyzer.cs" />
     <Compile Include="Utils\Analyzer\FieldDefAnalyzer.cs" />

Program.cs

@@ -1,7 +1,6 @@
 using System;
 using System.IO;
 using dnlib.DotNet;
-using dnlib.DotNet.Writer;
 using LoGiC.NET.Protections;
 using SharpConfigParser;
 using LoGiC.NET.Utils;
@@ -20,10 +19,12 @@ class Program
 
         public static string FilePath { get; set; }
 
+        public static MemoryStream Stream = new MemoryStream();
+
         static void Main(string[] args)
         {
             Console.WriteLine("Drag & drop your file : ");
-            string path = Console.ReadLine();
+            string path = Console.ReadLine().Replace("\"", string.Empty);
 
             Console.WriteLine("Preparing obfuscation...");
             if (!File.Exists("config.txt"))
@@ -35,6 +36,8 @@ static void Main(string[] args)
             ForceWinForms = bool.Parse(p.Read("ForceWinFormsCompatibility").ReadResponse().ReplaceSpaces());
             DontRename = bool.Parse(p.Read("DontRename").ReadResponse().ReplaceSpaces());
 
+            Randomizer.Initialize();
+
             obfuscation:
             Module = ModuleDefMD.Load(path);
             FileExtension = Path.GetExtension(path);
@@ -48,25 +51,35 @@ static void Main(string[] args)
             Console.WriteLine("Adding proxy calls...");
             ProxyAdder.Execute();
 
-            Console.WriteLine("Encoding ints...");
-            IntEncoding.Execute();
-
             Console.WriteLine("Encrypting strings...");
             StringEncryption.Execute();
 
             Console.WriteLine("Injecting Anti-Tamper...");
             AntiTamper.Execute();
 
+            Console.WriteLine("Executing Anti-De4dot...");
+            AntiDe4dot.Execute();
+
+            Console.WriteLine("Executing Control Flow...");
+            ControlFlow.Execute();
+
+            Console.WriteLine("Encoding ints...");
+            IntEncoding.Execute();
+
             Console.WriteLine("Watermarking...");
             Watermark.AddAttribute();
 
             Console.WriteLine("Saving file...");
-            FilePath = @"C:\Users\" + Environment.UserName + @"\Desktop\" + Path.GetFileNameWithoutExtension(path) + "_protected" +
-                FileExtension;
-            ModuleWriterOptions opts = new ModuleWriterOptions(Module) { Logger = DummyLogger.NoThrowInstance };
-            Module.Write(FilePath, opts);
+            FilePath = @"C:\Users\" + Environment.UserName + @"\Desktop\" + Path.GetFileNameWithoutExtension(path) + "_protected" + FileExtension;
+            Module.Write(Stream, new dnlib.DotNet.Writer.ModuleWriterOptions(Module) { Logger = DummyLogger.NoThrowInstance });
+
+            StripDOSHeader.Execute();
+
+            // Save stream to file
+            File.WriteAllBytes(FilePath, Stream.ToArray());
 
-            if (AntiTamper.HasBeenTampered) AntiTamper.InjectMd5(FilePath);
+            if (AntiTamper.Tampered)
+                AntiTamper.Inject(FilePath);
 
             Console.WriteLine("Done! Press any key to exit...");
             Console.ReadKey();

Properties/AssemblyInfo.cs

@@ -7,12 +7,12 @@
 // l'ensemble d'attributs suivant. Changez les valeurs de ces attributs pour modifier les informations
 // associées à un assembly.
 [assembly: AssemblyTitle("LoGiC.NET")]
-[assembly: AssemblyDescription("A free and open-source complex .NET obfuscator using dnlib.")]
+[assembly: AssemblyDescription("A free, open-source and complex .NET obfuscator using dnlib.")]
 [assembly: AssemblyConfiguration("")]
-[assembly: AssemblyCompany("B3RAP Softwares")]
+[assembly: AssemblyCompany("Sartox Free Software")]
 [assembly: AssemblyProduct("LoGiC.NET")]
-[assembly: AssemblyCopyright("© AnErrupTion 2020")]
-[assembly: AssemblyTrademark("B3RAP Softwares")]
+[assembly: AssemblyCopyright("© AnErrupTion 2021")]
+[assembly: AssemblyTrademark("Sartox Free Software")]
 [assembly: AssemblyCulture("")]
 
 // L'affectation de la valeur false à ComVisible rend les types invisibles dans cet assembly
@@ -33,6 +33,6 @@
 // Vous pouvez spécifier toutes les valeurs ou indiquer les numéros de build et de révision par défaut
 // en utilisant '*', comme indiqué ci-dessous :
 // [assembly: AssemblyVersion("1.0.*")]
-[assembly: AssemblyVersion("1.4.0.0")]
-[assembly: AssemblyFileVersion("1.4.0.0")]
+[assembly: AssemblyVersion("1.5.0.0")]
+[assembly: AssemblyFileVersion("1.5.0.0")]
 [assembly: NeutralResourcesLanguage("en-US")]

Protections/AntiDe4dot.cs

@@ -0,0 +1,25 @@
+using dnlib.DotNet;
+
+namespace LoGiC.NET.Protections
+{
+    public class AntiDe4dot
+    {
+        public static void Execute()
+        {
+            foreach (ModuleDef module in Program.Module.Assembly.Modules)
+            {
+                InterfaceImplUser int1 = new InterfaceImplUser(module.GlobalType);
+                for (int i = 0; i < 1; i++)
+                {
+                    TypeDefUser typeDef1 = new TypeDefUser(string.Empty, $"Form{i}", module.CorLibTypes.GetTypeRef("System", "Attribute"));
+                    InterfaceImplUser int2 = new InterfaceImplUser(typeDef1);
+
+                    module.Types.Add(typeDef1);
+
+                    typeDef1.Interfaces.Add(int2);
+                    typeDef1.Interfaces.Add(int1);
+                }
+            }
+        }
+    }
+}

Protections/AntiTamper.cs

@@ -12,22 +12,24 @@ public class AntiTamper : Randomizer
     {
         // Thanks to the EOF Anti-Tamper project by Xenocode on GitHub!
 
-        public static bool HasBeenTampered { get; set; }
+        public static bool Tampered { get; set; }
 
-        public static void InjectMd5(string filePath)
+        public static void Inject(string filePath)
         {
-            byte[] md5bytes = MD5.Create().ComputeHash(File.ReadAllBytes(filePath));
-            FileStream fs = new FileStream(filePath, FileMode.Append);
-            fs.Write(md5bytes, 0, md5bytes.Length);
-            fs.Close();
+            byte[] bytes;
+
+            using (MD5 hash = MD5.Create())
+                bytes = hash.ComputeHash(File.ReadAllBytes(filePath));
+
+            using (FileStream fs = new FileStream(filePath, FileMode.Append))
+                fs.Write(bytes, 0, bytes.Length);
         }
 
         public static void Execute()
         {
             ModuleDefMD typeModule = ModuleDefMD.Load(typeof(TamperClass).Module);
             TypeDef typeDef = typeModule.ResolveTypeDef(MDToken.ToRID(typeof(TamperClass).MetadataToken));
-            IEnumerable<IDnlibDef> members = InjectHelper.Inject(typeDef, Program.Module.GlobalType,
-                Program.Module);
+            IEnumerable<IDnlibDef> members = InjectHelper.Inject(typeDef, Program.Module.GlobalType, Program.Module);
             MethodDef init = (MethodDef)members.Single(method => method.Name == "NoTampering");
             init.GetRenamed();
 
@@ -41,7 +43,7 @@ public static void Execute()
                     break;
                 }
 
-            HasBeenTampered = true;
+            Tampered = true;
         }
     }
 }

Protections/ControlFlow.cs

@@ -0,0 +1,68 @@
+using dnlib.DotNet;
+using dnlib.DotNet.Emit;
+using LoGiC.NET.Utils;
+using System;
+
+namespace LoGiC.NET.Protections
+{
+    public class ControlFlow
+    {
+        public static void Execute()
+        {
+            int amount = 0;
+
+            for (int x = 0; x < Program.Module.Types.Count; x++)
+            {
+                TypeDef tDef = Program.Module.Types[x];
+
+                for (int i = 0; i < tDef.Methods.Count; i++)
+                {
+                    MethodDef mDef = tDef.Methods[i];
+
+                    if (!mDef.Name.StartsWith("get_") && !mDef.Name.StartsWith("set_"))
+                    {
+                        if (!mDef.HasBody || mDef.IsConstructor) continue;
+
+                        mDef.Body.SimplifyBranches();
+                        ExecuteMethod(mDef);
+
+                        amount++;
+                    }
+                }
+            }
+        }
+
+        private static void ExecuteMethod(MethodDef method)
+        {
+            for (int i = 0; i < method.Body.Instructions.Count; i++)
+                if (method.Body.Instructions[i].IsLdcI4())
+                {
+                    int numorig = Randomizer.Next();
+                    int div = Randomizer.Next();
+
+                    int num = numorig ^ div;
+
+                    Instruction nop = OpCodes.Nop.ToInstruction();
+                    Local local = new Local(method.Module.ImportAsTypeSig(typeof(InsufficientMemoryException)));
+                    Instruction localCode = OpCodes.Stloc.ToInstruction(local);
+
+                    method.Body.Variables.Add(local);
+
+                    method.Body.Instructions.Insert(i + 1, localCode);
+                    method.Body.Instructions.Insert(i + 2, Instruction.Create(OpCodes.Ldc_I4, method.Body.Instructions[i].GetLdcI4Value() - sizeof(uint)));
+                    method.Body.Instructions.Insert(i + 3, Instruction.Create(OpCodes.Ldc_I4, num));
+                    method.Body.Instructions.Insert(i + 4, Instruction.Create(OpCodes.Ldc_I4, div));
+                    method.Body.Instructions.Insert(i + 5, Instruction.Create(OpCodes.Xor));
+                    method.Body.Instructions.Insert(i + 6, Instruction.Create(OpCodes.Ldc_I4, numorig));
+                    method.Body.Instructions.Insert(i + 7, Instruction.Create(OpCodes.Bne_Un, nop));
+                    method.Body.Instructions.Insert(i + 8, Instruction.Create(OpCodes.Ldc_I4, 2));
+                    method.Body.Instructions.Insert(i + 9, localCode);
+                    method.Body.Instructions.Insert(i + 10, Instruction.Create(OpCodes.Sizeof, method.Module.Import(typeof(InsufficientMemoryException))));
+                    method.Body.Instructions.Insert(i + 11, Instruction.Create(OpCodes.Add));
+                    method.Body.Instructions.Insert(i + 12, nop);
+
+                    i += method.Body.Instructions.Count - i;
+                }
+        }
+    }
+}

Protections/IntEncoding.cs

@@ -1,8 +1,4 @@
 using System;
-using System.Collections.Generic;
-using System.Linq;
-using System.Text;
-using System.Threading.Tasks;
 using dnlib.DotNet;
 using dnlib.DotNet.Emit;
 using LoGiC.NET.Utils;
@@ -26,13 +22,17 @@ public static void Execute()
             foreach (TypeDef type in Program.Module.Types)
                 foreach (MethodDef method in type.Methods)
                 {
-                    if (!method.HasBody) continue;
+                    if (!method.HasBody)
+                        continue;
+
                     for (int i = 0; i < method.Body.Instructions.Count; i++)
                         if (method.Body.Instructions[i].IsLdcI4())
                         {
-                            // The Absolute method.
                             int operand = method.Body.Instructions[i].GetLdcI4Value();
-                            if (operand <= 0) continue; // Prevents errors.
+                            if (operand <= 0) // Prevents errors.
+                                continue;
+
+                            // The Absolute method.
                             method.Body.Instructions.Insert(i + 1, OpCodes.Call.ToInstruction(
                                 Program.Module.Import(typeof(Math).GetMethod("Abs", new Type[] { typeof(int) }))));
 
@@ -43,6 +43,24 @@ public static void Execute()
                             method.Body.Instructions.Insert(i + 1, OpCodes.Call.ToInstruction(
                                 Program.Module.Import(typeof(string).GetMethod("get_Length"))));*/
 
+                            // The Negative method.
+                            for (var j = 0; j < 8; j++)
+                                method.Body.Instructions.Insert(i + j + 1, Instruction.Create(OpCodes.Neg));
+
+                            // The Max method.
+                            /*if (operand > 1)
+                            {
+                                method.Body.Instructions.Insert(i + 1, OpCodes.Ldc_I4.ToInstruction(1));
+                                method.Body.Instructions.Insert(i + 2, OpCodes.Call.ToInstruction(Program.Module.Import(typeof(Math).GetMethod("Max", new Type[] { typeof(int), typeof(int) }))));
+                            }*/
+
+                            // The Min method.
+                            if (operand < int.MaxValue)
+                            {
+                                method.Body.Instructions.Insert(i + 1, OpCodes.Ldc_I4.ToInstruction(int.MaxValue));
+                                method.Body.Instructions.Insert(i + 2, OpCodes.Call.ToInstruction(Program.Module.Import(typeof(Math).GetMethod("Min", new Type[] { typeof(int), typeof(int) }))));
+                            }
+
                             ++Amount;
                         }
                 }

Protections/JunkMethods.cs

@@ -1,8 +1,5 @@
 using System;
-using System.Collections.Generic;
 using System.Linq;
-using System.Text;
-using System.Threading.Tasks;
 using LoGiC.NET.Utils;
 using dnlib.DotNet;
 using dnlib.DotNet.Emit;
@@ -26,8 +23,7 @@ public static void Execute()
                 if (type.IsGlobalModuleType) continue;
                 foreach (MethodDef _ in type.Methods.ToArray())
                 {
-                    MethodDef strings = CreateReturnMethodDef(GenerateRandomString(MemberRenamer
-                        .StringLength()), Program.Module);
+                    MethodDef strings = CreateReturnMethodDef(Generated, Program.Module);
                     MethodDef ints = CreateReturnMethodDef(MemberRenamer.StringLength(), Program.Module);
                     type.Methods.Add(strings);
                     ++Amount;
@@ -47,8 +43,7 @@ private static MethodDef CreateReturnMethodDef(object value, ModuleDefMD module)
             if (value is int) corlib = module.CorLibTypes.Int32;
             else if (value is string) corlib = module.CorLibTypes.String;
 
-            MethodDef newMethod = new MethodDefUser(GenerateRandomString(MemberRenamer.StringLength()),
-                    MethodSig.CreateStatic(corlib, corlib),
+            MethodDef newMethod = new MethodDefUser(Generated, MethodSig.CreateStatic(corlib, corlib),
                     MethodImplAttributes.IL | MethodImplAttributes.Managed,
                     MethodAttributes.Public | MethodAttributes.Static | MethodAttributes.HideBySig)
             {