EazyDevirt is an open-source tool that automatically restores the original IL code from an assembly virtualized with Eazfuscator.NET.
Installation • Usage • Features • Roadmap • Support
$ EazyDevirt <assembly> [<output>] [options]
Arguments:
<assembly> Path to target assembly
<output> Path to output directory [default: ./eazydevirt-output]
Options:
-v, --verbose <verbosity> Level of verbosity [1: Verbose, 2: Very Verbose, 3: Very Very Verbose] [default: 0]
--preserve-all Preserves all metadata tokens [default: False]
--no-verify Don't verify labels or compute max stack for devirtualized methods [default: False]
-kt, --keep-types Keeps obfuscator types [default: False]
--save-anyway Saves output of devirtualizer even if it fails [default: False]
--only-save-devirted Only saves successfully devirtualized methods (This option only matters if you use the
save anyway option) [default: False]
--version Show version information
-?, -h, --help Show help and usage information$ EazyDevirt.exe test.exe -v 3 --preserve-all --save-anyway trueEazfuscator.NET resolves members using names rather than tokens. This means renaming any member may break the application.
EazyDevirt requires control flow and other protections (such as string encryption or delegate proxies) to be removed first. To remove string encryption, you can use EazFixer.
For control flow obfuscation, you can try using de4dot:
$ de4dot <assembly> --only-cflow-deobTo clone the project use:
$ git clone --recurse-submodules https://github.com/puff/EazyDevirt.gitThen you can use your favourite IDE or build from the command line:
$ dotnet restore
$ dotnet build- Automatically identify and map virtual opcodes to their CIL counterparts
- Automatically identify devirtualize methods virtualized with Eazfuscator.NET
- Emulated binary reader using Echo
See the open issues for a list of proposed features (and known issues).
EazyDevirt is targeted at version 2022.2 of Eazfuscator.NET.
If the version you're trying this tool on is not supported, you will need to add support for it yourself. You can take a look at the differences between the branches to see what you need to change.
The old-2022 branch supports a different version of 2022.2 than the main branch. The old-2021 branch supports an unknown version from 2021.
I won't help you update this program for another version. But, if you find a bug, feel free to submit an issue.
- void-stack for the many contributions.
- saneki for the eazdevirt project.
- TobitoFatitoRE for the HexDevirt project.
- Washi1337 for the AsmResolver and Echo libraries.
And a thank you, to all other contributors.