0:00 intro 0:13 storytime 1:18 important to learn this 1:47 setting up 2:26 decompiling 3:14 breaking down code 5:23 used on me 6:07 how it works 7:35 outro
Most malware is written in C/C++ reverse engineering the assembly back is much harder than a simple .NET MSIL executable… That’s why writing malware in interpreted languages makes them weak So this is not that useful to be honest
this literary need 0 RE skills. Default c# compiled files are too easy to decompiled perfectly. You not have to do anything. RE skills need when the executable is compiled with c/c++ for example, where you cannot see function and variable names, compiler optimaze (eg: convert 2 or more functions to 1) and so many times decompilers fail to analyze specific parts or they decompile them wrong and ofc a big challenge is when excutable is protected/packed/obfuscated or virtualized
also if the program is written not in C# but in C for example its much much harder to reverse engineer also there are tools that obfuscate those C# assemblies
dnSpy can only decompile .NET executables. It's also wrong to say it gets the original source code because it doesn't necessarily. Addtionally, the managed entrypoint method doesn't have to be named Main inside a class named Program. A lot of unmanaged and managed code can execute before reaching the managed entrypoint. 1. Unmanaged entrypoint (for .NET executables you usually have a single call to _CorExeMain here that kicks off the execution of a .NET program) 2. Managed (.NET) module constructor 3. Static constructor of the class containing the managed entrypoint method 4. Managed entrypoint
Notes: 3:07 for Forms/WPF apps, yes it does start in the Program class, but I rather suggest looking in the MainForm class as most of the code is located in there 5:00 don't recommend obfuscating! There's a much easier way to ensure that people attempting to reverse engineer your code go through a lot of pain: compiling it into native code. Nick Chapsas has an excellent video on that topic
One weird thing I've seen with C# is if you make a private async void in visual studio, compile it, then open the source code using DnSpy. The stuff inside the void/function looks odd, it almost looks like it obf itself. If you dont know what I'm talking about try the steps I said above, and if you could please tell me why it does that. Thanks (:
btw i got from moom an rat he said it was an rat setup ( the discord server is down bc someone did smth ) ( hes one of my friends the one who takethe server down)
Sadly C# has been used less and less for malware, making dnSpy basically unrelevant nowadays. (Still good for game cheating) To reverse engineer Malware nowadays you'll probably have to use IDA or alternative decompilers such as Binja. Another thing is that "good" obfuscators have been cracked (e.g VMP also I know that VMP aint that good but you aint gonna do shit on a VMP protected binary with newbie knowledge) Also im pretty certain that stuff like Oreans Code Virtualizer is free now so thats another pretty good option.
hi ebola man, great vid but i have a suggestion, can you do a video on how hackers crack passwords in kali linux .(Tools like hydra or john the ripper).PLS
its not "C# Assembly". dotNet framework and dotNet core don't actually compile code directly into assembly or any type of actual machine code. its "compiled" into IL which is intermediate language that is a step up from assembly that is still very readable and doesnt share many similarities with asm. .Net core and framework runtime libraries are essentially interpreters for IL and thats why it needs to be on your computer to run it. MSIL is the reason .net can be cross platform because it isnt actually being compiled and is just interpreted during run time kinda like python (massive overstatement but the basis is there).
"C# Assembly" is called IL and it's much more verbose than any assembly instruction set. Which is why it's trivial for programs, like DNSpy, to reconstruct the source, but it's by no means literally 1:1. This can vary depending on compiler settings, and typically in unpacked/unobfuscated binaries, it's pretty close. That is to say the assertion "DNSpy shows you the original source code" is disingenuous. Do more research. If you're to be an educator that has reach, you 'ought to be a good one.
C# and all other languages .NET compile source into something called Intermediate Language (IL) this is meant to be code that is platform independent, and .NET runtimes/interpreters interpret the IL code, except that runtime was only released on windows. . .
The sys32 file on your computer actually trys to stop your computer from revealing source code to keep copyrighted code from being distributed, so if you delete that, then go to settings > advanced > debug mode and turn debug on, you can reveal source code by just right clicking and pressing decompile in the context menu.
Okay everyone that is reading huge explanations for everything so c# is very easy to decompile so his title is nice but not all executables are easy to just put into DNSpy or the other one. Obfuscation: usually used in programming languages that are high level like c#, python, java, visual base all of these can be decompiled or already are readable but besides that obfuscation is used for making reverse engineers harder because a file could be 100 mg but only 4 lines of code. How does obfuscation look like usually opening one of these files you might see the alphabet or just AAAAAAAA = thrbfbdjgwhaoshdj which is weird but that is the hold point it needs to be messy and unreadable. Decompile: basically taking the compiled application and restoring almost or all the way to readable code IDA, x64dbg, ghidra: great reverse engineering application but IDA and ghidra are for not running applications called statice and x64dbg is a great tool for debugging usually used for a running application to see what is does called dynamic test honestly get good at all of them Have fun with what ever you do
really nice video! personally I'd be interested in reversing/cracking simple software, like just bypassing a simple "password:" input in a python .exe file. Have a great day!
cant you open the EXE with a hex editor convert the hex to binary then convert the binary to letters and then convert the letters (Assembly) to source code?
Remember guys, this is ONLY for c#. this isnt considered as reverse engineering just deompiling. You cant decompile to easy readable code for C++ .exe/.dll files. To "decompile" c++ applications/libraries you will need to do reverse engineering.
The video is great, however not a single assembly editor will success against programs compiled into native code as they only work on programs compiled into managed code. Knowing that most of the people sending viruses through Discord are massively using C# or any other managed language, it's good information for people who are not knowledgeable enough on that topic.
This dude pops up in my feed once every couple of months. Nearly every video he posts has some misleading or even wrong information. The videos are literally made for kids/teens that have little to now knowlege of IT. First of all, this can only be done with .NET executables. And even with those, attackers could use obfuscators.
C# without obfsocation? Bruh All Csharp malware have been obfuscated and those who create malware are not so dumb to build a project without obfuscating it, so this tutorial is really useless
nah fr, it only works on .NET executables though. if you have a native executable you're gonna need a disassembler (like IDA or dbg64) or smth and reverse ingeneering the hard way with assembly which is hard and painful, after that you can *understand* (and not decompile) the code. Because native code symbols is often mangled or unexposed (labels are not exported), you can't get them back.
the title makes no sense because it would just send like 3k requests to the server or webhook (if your a discord skid) summary: its a while loop that sends alot of the same message since it loops forever
yes you can do. just like any app can be mallware. you just install and give all permissions even non of app actually need sms,contact , call info,internet,gallery. you just gived app permission do all what you can do on your own phone. when better way ask permission when open file AND only for that file not all and no need allow it it works automated you opened file so permission is given to that file! its easiest like that. no! apps ask all permission or you cant even install app. that all you need think. installin is allready....end if maker is bad
not going to lie this is easy it would be cool if u made a vid for C++ to get some info about a exe I know its a lot harder to get info for a C++ exe so that would probably get u more views
Man, no matter how well you explain, if you move the cursor on the screen at crazy speed NO ONE will want you to appreciate the work. It is very disturbing chosen chaos of the cursor.
There is also a tool called ghidra that was developed by the NSA. Not as clean cut as what home boy has for dnspy but it can decompile almost any source code.
It's important to note that this is for .NET only. Pretty cool to start, but not very useful for reverse engineering, most malware and secured applications are written in C++ or C. For these languages you need to learn assembly and work with IDA or x64dbg. :)
I managed to grab a payload that confuses the decompilers available on dogbolt. Binary ninja worked the best, but only gave a somewhat correct decompilation after making a change to the payload. I've done assembly for simpler processors, so I have some clue, but x86 and x64 are much more complicated beasts.
i thought you were going to use apps like x64dbg and view the assembly code. u cant do anything with dnspy to app that has been fully converted to machine language
0:00 intro
0:13 storytime
1:18 important to learn this
1:47 setting up
2:26 decompiling
3:14 breaking down code
5:23 used on me
6:07 how it works
7:35 outro
paste this in the description thanks
I mistakenly exited the discord channel, please could you share the link?
ebola whats your discord server?
try oding this with a crypted file 💀
@ebolaman_ pls make video on how FUD a exe file
Most malware is written in C/C++ reverse engineering the assembly back is much harder than a simple .NET MSIL executable…
That’s why writing malware in interpreted languages makes them weak
So this is not that useful to be honest
Yeah especially if its packed and you cant just throw it in ida or ghidra or w/e
and even if they are written in C# hacker can just use C# Assembly obfuscators but i havent tried them
@@GoldbergToastyBredc# obfuscators are pretty much useless
@@hahahaha-hi3wt not much you can do except spend hours reading the assembly figuring out what happens step by step
that's another sitty youtuber trying to get kids attention pretending to know anything, don't worry
you never fail to spread our cheeks and fill us with your goodness 😊
huh
what
soooo original
Ayo?!
Ayo WTF?!
I totally have zero experiences about this, but it's cool to know!
Thanks for the amazing video!
Hey man, I've been watching u for a while now and ur very handsome, don't get me wrong ok, im straight and all its just ur very handsome 😍
Can you make a video on "how games get hacked"
Yessir
But how do they get hacked?
Fr
Fr
this literary need 0 RE skills. Default c# compiled files are too easy to decompiled perfectly. You not have to do anything. RE skills need when the executable is compiled with c/c++ for example, where you cannot see function and variable names, compiler optimaze (eg: convert 2 or more functions to 1) and so many times decompilers fail to analyze specific parts or they decompile them wrong and ofc a big challenge is when excutable is protected/packed/obfuscated or virtualized
also if the program is written not in C# but in C for example its much much harder to reverse engineer also there are tools that obfuscate those C# assemblies
know any to use?
@@dhheisterYT what do you mean? programs that obfuscate?
@@GoldbergToastyBred yes
@@dhheisterYT I think i commented the program name but it got removed..
@@GoldbergToastyBred perhaps you can commented it on one of my youtube videos
dnSpy can only decompile .NET executables. It's also wrong to say it gets the original source code because it doesn't necessarily. Addtionally, the managed entrypoint method doesn't have to be named Main inside a class named Program.
A lot of unmanaged and managed code can execute before reaching the managed entrypoint.
1. Unmanaged entrypoint (for .NET executables you usually have a single call to _CorExeMain here that kicks off the execution of a .NET program)
2. Managed (.NET) module constructor
3. Static constructor of the class containing the managed entrypoint method
4. Managed entrypoint
May I enter your discord server?
Have a very effective Windows exploit (not download).
Found it before a month ago, still haven't been patched.
When I see cl*sed-source software as an Linux user on Windows, I will do this (for my own private use). Thanks lol.
Notes:
3:07 for Forms/WPF apps, yes it does start in the Program class, but I rather suggest looking in the MainForm class as most of the code is located in there
5:00 don't recommend obfuscating! There's a much easier way to ensure that people attempting to reverse engineer your code go through a lot of pain: compiling it into native code. Nick Chapsas has an excellent video on that topic
bro is the master at hacker clickbait 😭, this method only works for c# programs
i dont get all what you say cuz i know nothing abt hacking lol but hopefully i will in the future. continue
hi
hey
maybe i could reverse engineer windows apps and recompile them for linux so it works on my machine
bros a malware himself......cuz he be stealing my heart bro😭
😂😂
One weird thing I've seen with C# is if you make a private async void in visual studio, compile it, then open the source code using DnSpy. The stuff inside the void/function looks odd, it almost looks like it obf itself. If you dont know what I'm talking about try the steps I said above, and if you could please tell me why it does that. Thanks (:
Reel GorillaTaggingKid???
yes@@Riskeee.
@@Riskeee. yep. HEY MOM, I'M FAMOUS.
@@GorillaTaggingKid_YT I’m in ur dc lol
@@Riskeee. bruh
egg.
🥚
egg.
egg.
Egg.
egg.
nice tutorial, now i made a cheat
THANK YOU, VERY MUCH! edit: i literally inspect malware with notepad by searching for "crypto", "discord", or "token"
how do you do that?
@@kamoliddintrade
Drag the file and drop in an empty opened notepad
btw i got from moom an rat he said it was an rat setup ( the discord server is down bc someone did smth ) ( hes one of my friends the one who takethe server down)
99.99% of malware is obfuscated in one way or another... btw bro looks majestic asf for some reason
he mogged us
yea true but most people just use x64dbg a free program for reverse engineering
Sadly C# has been used less and less for malware, making dnSpy basically unrelevant nowadays. (Still good for game cheating)
To reverse engineer Malware nowadays you'll probably have to use IDA or alternative decompilers such as Binja.
Another thing is that "good" obfuscators have been cracked (e.g VMP also I know that VMP aint that good but you aint gonna do shit on a VMP protected binary with newbie knowledge)
Also im pretty certain that stuff like Oreans Code Virtualizer is free now so thats another pretty good option.
native aot
obfs
This is only for .NET compiled executables. Not for C/c++ compiled malware..
IIRC It also wont work with languages such as rust.
It's really impressive the things you teach. I was wondering, how did you go about learning all of this?
Yo this is void, what happened to the discord serv, my account was disabled.
u got banned so did i, msg me on insta ebolamayne
hi ebola man, great vid
but i have a suggestion,
can you do a video on how hackers crack passwords
in kali linux .(Tools like hydra or john the ripper).PLS
Bro ho you still not have a girlfriend tour face is beautiful ngl
bruh chill on the mouse movements.
No
thanks, that was a useful one. absolutely need more videos about reverse engineering, maybe different methods and tools
good
its not "C# Assembly". dotNet framework and dotNet core don't actually compile code directly into assembly or any type of actual machine code. its "compiled" into IL which is intermediate language that is a step up from assembly that is still very readable and doesnt share many similarities with asm. .Net core and framework runtime libraries are essentially interpreters for IL and thats why it needs to be on your computer to run it. MSIL is the reason .net can be cross platform because it isnt actually being compiled and is just interpreted during run time kinda like python (massive overstatement but the basis is there).
"C# Assembly" is called IL and it's much more verbose than any assembly instruction set.
Which is why it's trivial for programs, like DNSpy, to reconstruct the source, but it's by no means literally 1:1. This can vary depending on compiler settings, and typically in unpacked/unobfuscated binaries, it's pretty close.
That is to say the assertion "DNSpy shows you the original source code" is disingenuous.
Do more research. If you're to be an educator that has reach, you 'ought to be a good one.
C# and all other languages .NET compile source into something called Intermediate Language (IL) this is meant to be code that is platform independent, and .NET runtimes/interpreters interpret the IL code, except that runtime was only released on windows. . .
bro shit can be obfuscated yk
what if its encrypted
The sys32 file on your computer actually trys to stop your computer from revealing source code to keep copyrighted code from being distributed, so if you delete that, then go to settings > advanced > debug mode and turn debug on, you can reveal source code by just right clicking and pressing decompile in the context menu.
@@ImOmerAhmed you got discord?????
If the file is encrypted you do nothing
@@mrbeltrattore uhh ok
@@ImOmerAhmed nice one so original
4:01 theres no mozilla in here 💀
Okay everyone that is reading huge explanations for everything so c# is very easy to decompile so his title is nice but not all executables are easy to just put into DNSpy or the other one.
Obfuscation: usually used in programming languages that are high level like c#, python, java, visual base all of these can be decompiled or already are readable but besides that obfuscation is used for making reverse engineers harder because a file could be 100 mg but only 4 lines of code. How does obfuscation look like usually opening one of these files you might see the alphabet or just AAAAAAAA = thrbfbdjgwhaoshdj which is weird but that is the hold point it needs to be messy and unreadable.
Decompile: basically taking the compiled application and restoring almost or all the way to readable code
IDA, x64dbg, ghidra: great reverse engineering application but IDA and ghidra are for not running applications called statice and x64dbg is a great tool for debugging usually used for a running application to see what is does called dynamic test honestly get good at all of them
Have fun with what ever you do
really nice video!
personally I'd be interested in reversing/cracking simple software, like just bypassing a simple "password:" input in a python .exe file.
Have a great day!
can you make tutorials on reverse engineering C++ game applications?
Hm open dnSpy, find " .NET debugger and assembly editor" ... not sure, but IntelliJ with Java has such stuff integrated
cant you open the EXE with a hex editor convert the hex to binary then convert the binary to letters and then convert the letters (Assembly) to source code?
Amazing job! Can you teach us how to create pixel trigger bot? (educational purposes only)
Remember guys, this is ONLY for c#. this isnt considered as reverse engineering just deompiling. You cant decompile to easy readable code for C++ .exe/.dll files. To "decompile" c++ applications/libraries you will need to do reverse engineering.
The video is great, however not a single assembly editor will success against programs compiled into native code as they only work on programs compiled into managed code. Knowing that most of the people sending viruses through Discord are massively using C# or any other managed language, it's good information for people who are not knowledgeable enough on that topic.
i am the first to comment.
This is only for programs that are written in the language C# for NET, NET FRAMEWORK
im gonna listen to it all first but im at 2min07 and question popped in my head, are you sure i should trust that .exe?
W Ebola!
This dude pops up in my feed once every couple of months. Nearly every video he posts has some misleading or even wrong information. The videos are literally made for kids/teens that have little to now knowlege of IT.
First of all, this can only be done with .NET executables. And even with those, attackers could use obfuscators.
C# without obfsocation? Bruh
All Csharp malware have been obfuscated and those who create malware are not so dumb to build a project without obfuscating it, so this tutorial is really useless
it might also be able to open files made with cython
I clicked thinking there’s a new tool that converts asm instructions from an exe to somewhat readable and formatted c.
nah fr, it only works on .NET executables though. if you have a native executable you're gonna need a disassembler (like IDA or dbg64) or smth and reverse ingeneering the hard way with assembly which is hard and painful, after that you can *understand* (and not decompile) the code. Because native code symbols is often mangled or unexposed (labels are not exported), you can't get them back.
how do you make to prevent tokens/sessions browser hijacking?
do people still host malware from their own host ip??? 😬yikes. At least use a vps as a c&c, that's just terrible practice for spreading
the title makes no sense because it would just send like 3k requests to the server or webhook (if your a discord skid)
summary: its a while loop that sends alot of the same message since it loops forever
yes you can do. just like any app can be mallware. you just install and give all permissions even non of app actually need sms,contact , call info,internet,gallery. you just gived app permission do all what you can do on your own phone. when better way ask permission when open file AND only for that file not all and no need allow it it works automated you opened file so permission is given to that file! its easiest like that.
no! apps ask all permission or you cant even install app. that all you need think. installin is allready....end if maker is bad
This dumb. Most Malware is written in c/c++/asm/rust Malware is never written in C sharp or vbasic lol
This is C# not C,C++. and compiler optimizing source code while compile time so you cannot never get the original code
its not the "original" source code, OMG does anyone on YT know what the fk they are talking about.
Good for .NET Applications. But to be hones, most maleware is written in C/C++.
not going to lie this is easy it would be cool if u made a vid for C++ to get some info about a exe I know its a lot harder to get info for a C++ exe so that would probably get u more views
Yes, I'd like to learn more about reverse engineering and decompiling. Where do I begin? 🙂
Man, no matter how well you explain, if you move the cursor on the screen at crazy speed NO ONE will want you to appreciate the work. It is very disturbing chosen chaos of the cursor.
😭😭
Hey , can I extract the files such as .algo
this should only decompile c# programs lol, should have done with ghidra at least or mention it idk
6:09 bro this music is distracting it doesn't work in BG,
otherwise great video.
does it works for cubase pro tools mairlist thank you so much
wow your vids are really interesting are informative keep it up
The discord servere xd
Can you do one on how to crack python files? I compiled one of my scripts and then lost the code and all I have is the compiled version.
by the tone of the video, I sus that the dnspy is malware. hey CIA, your ghidra tools is awesome for allies. tho.
Damn bro litterly just wanted the locally stored db for form auto fill and send it to own website, dident kmow it was that easy
The skids are gonna love this
As a skid i love this 🤫
thank you bro i can finally avoid the virus i can easy convert exe to source code
yes i got hacked for the first time
you are handosme
There is also a tool called ghidra that was developed by the NSA. Not as clean cut as what home boy has for dnspy but it can decompile almost any source code.
Hello if u can to give me the link of ur discord server i wanna join that server i like what are u doing
bro what would you suggest an app for android just like cheat engine.
reversing C# is possible till the advent of .Net AOT XD ( mostly impossible to reverse )
Bro can you make a video to get password of any WiFi even if I have not connected to it ever😢😢
only unpacked source can work right bro ?
Stop swinging the mouse around! Feels like the person is panicking and not feeling well.
Compiling this using AOT Native will probably make it much harder to reverse it
If i drag in an exe it only shows PE
Is that if its a shortcut?
No, its most likely because the exe is not a .NET exe. Shortcuts are not PE. PE files are exe, dll, etc.
i get this with alot of exe's unmanaged assembly, limited support
can you reverse code my rat ? i would know if you can come to my real ip but i guess you cant
good vid and finally you are back
It's important to note that this is for .NET only. Pretty cool to start, but not very useful for reverse engineering, most malware and secured applications are written in C++ or C. For these languages you need to learn assembly and work with IDA or x64dbg. :)
And visual basic
I managed to grab a payload that confuses the decompilers available on dogbolt. Binary ninja worked the best, but only gave a somewhat correct decompilation after making a change to the payload. I've done assembly for simpler processors, so I have some clue, but x86 and x64 are much more complicated beasts.
he send you a free grabber you just need to change the weebhook lmao haha
Bu çok güzel bayildim iyi vidiyolar
Opinions on hello kitty?
token first is that base 64 user id next is when it was created by time and next is random
finnaly a "non skid" video
Can you create an invite link for your discord server?
Ayoo New video 🔥🔥🤙
i thought you were going to use apps like x64dbg and view the assembly code. u cant do anything with dnspy to app that has been fully converted to machine language
x64dbg is a debugger for native. ida pro would prob be the best for static analysis
yall skids its only gonna work if its not obsufcated