0:00 intro 0:13 storytime 1:18 important to learn this 1:47 setting up 2:26 decompiling 3:14 breaking down code 5:23 used on me 6:07 how it works 7:35 outro

Most malware is written in C/C++ reverse engineering the assembly back is much harder than a simple .NET MSIL executable… That’s why writing malware in interpreted languages makes them weak So this is not that useful to be honest

I totally have zero experiences about this, but it's cool to know! Thanks for the amazing video!

you never fail to spread our cheeks and fill us with your goodness 😊

Notes: 3:07 for Forms/WPF apps, yes it does start in the Program class, but I rather suggest looking in the MainForm class as most of the code is located in there 5:00 don't recommend obfuscating! There's a much easier way to ensure that people attempting to reverse engineer your code go through a lot of pain: compiling it into native code. Nick Chapsas has an excellent video on that topic

It's really impressive the things you teach. I was wondering, how did you go about learning all of this?

good vid and finally you are back

also if the program is written not in C# but in C for example its much much harder to reverse engineer also there are tools that obfuscate those C# assemblies

this literary need 0 RE skills. Default c# compiled files are too easy to decompiled perfectly. You not have to do anything. RE skills need when the executable is compiled with c/c++ for example, where you cannot see function and variable names, compiler optimaze (eg: convert 2 or more functions to 1) and so many times decompilers fail to analyze specific parts or they decompile them wrong and ofc a big challenge is when excutable is protected/packed/obfuscated or virtualized

One weird thing I've seen with C# is if you make a private async void in visual studio, compile it, then open the source code using DnSpy. The stuff inside the void/function looks odd, it almost looks like it obf itself. If you dont know what I'm talking about try the steps I said above, and if you could please tell me why it does that. Thanks (:

dnSpy can only decompile .NET executables. It's also wrong to say it gets the original source code because it doesn't necessarily. Addtionally, the managed entrypoint method doesn't have to be named Main inside a class named Program. A lot of unmanaged and managed code can execute before reaching the managed entrypoint. 1. Unmanaged entrypoint (for .NET executables you usually have a single call to _CorExeMain here that kicks off the execution of a .NET program) 2. Managed (.NET) module constructor 3. Static constructor of the class containing the managed entrypoint method 4. Managed entrypoint

Thank you for your videos, they are very interesting, keep them like that ❤

thanks, that was a useful one. absolutely need more videos about reverse engineering, maybe different methods and tools

Your content is very informative. Better than all other youtubers I have seen so far

Great as always...keep it u dude...

wow your vids are really interesting are informative keep it up

The skids are gonna love this

THANK YOU, VERY MUCH! edit: i literally inspect malware with notepad by searching for "crypto", "discord", or "token"

There is also a tool called ghidra that was developed by the NSA. Not as clean cut as what home boy has for dnspy but it can decompile almost any source code.

finnaly a "non skid" video

egypt is on fire with your content

how do you make to prevent tokens/sessions browser hijacking?

Seeing the source code makes my portable Firefox sleep better lol

Can you make a video on "how games get hacked"

*Laughs in Applocker 😂😂

It's important to note that this is for .NET only. Pretty cool to start, but not very useful for reverse engineering, most malware and secured applications are written in C++ or C. For these languages you need to learn assembly and work with IDA or x64dbg. :)

IDK but bro is glowing

This content got me screaming

bro looks so majestic

i love you ebola man

Finally, the secret method.

I fucking LOVE EBOLA MAN

egg.

It is possible to put the bytes of a mashine code inside a batch file to redirect the mashine code into a new executable file with pipe operators(>).

I love your video :)

you are looking into my soul

W Ebola!

Keep it up buddy make more reverse engineering videos ❤

Yes, I'd like to learn more about reverse engineering and decompiling. Where do I begin? 🙂

Compiling this using AOT Native will probably make it much harder to reverse it

token first is that base 64 user id next is when it was created by time and next is random

appreciate tecca in background

Man, no matter how well you explain, if you move the cursor on the screen at crazy speed NO ONE will want you to appreciate the work. It is very disturbing chosen chaos of the cursor.

Remember guys, this is ONLY for c#. this isnt considered as reverse engineering just deompiling. You cant decompile to easy readable code for C++ .exe/.dll files. To "decompile" c++ applications/libraries you will need to do reverse engineering.

its not "C# Assembly". dotNet framework and dotNet core don't actually compile code directly into assembly or any type of actual machine code. its "compiled" into IL which is intermediate language that is a step up from assembly that is still very readable and doesnt share many similarities with asm. .Net core and framework runtime libraries are essentially interpreters for IL and thats why it needs to be on your computer to run it. MSIL is the reason .net can be cross platform because it isnt actually being compiled and is just interpreted during run time kinda like python (massive overstatement but the basis is there).

This is only for programs that are written in the language C# for NET, NET FRAMEWORK

Ayoo New video 🔥🔥🤙

bro says his "T's" very aggressively

nah fr, it only works on .NET executables though. if you have a native executable you're gonna need a disassembler (like IDA or dbg64) or smth and reverse ingeneering the hard way with assembly which is hard and painful, after that you can *understand* (and not decompile) the code. Because native code symbols is often mangled or unexposed (labels are not exported), you can't get them back.

can you make tutorials on reverse engineering C++ game applications?

he send you a free grabber you just need to change the weebhook lmao haha

I like to use batch files as an open source container to put the instructions of a routine inside to create a new executable file to run inside the encapsulated DosBox emulation. So all instructions are visible and not hidden and i never made malware or a virus.

congrat for new room

you just earn a new subscriber

This guy is the master of clickbait, he didnt even use Ghidra

it might also be able to open files made with cython

Question: Are the cookies encrypted once the have been saved into that folder? How does the code bypass this problem?

Whats funny that they have their entire webhook open meaning you can just spam the hell out of their webhook with that url, if you run the exe through triage you can get their bot token and login through a bot client and screw with them that way too

bro you are majestic

but dnspy is only for .NET, is there a way to know in which language a binary was made?

Opinions on hello kitty?

ur the beeest ytber EVER thanks for the cmd hacks respect

Hey, love your vids. Is there any way that you could teach us how to deobfuscate stuff?

im gonna listen to it all first but im at 2min07 and question popped in my head, are you sure i should trust that .exe?

You grew kinda fast

what are these leds in back

does it works for cubase pro tools mairlist thank you so much

Seeing malware released without a stripped binary always confuses me, why would you release it with compilation info/debug symbols Idk if you can strip that from .NET C# programs though, I've never tried it before

bro what would you suggest an app for android just like cheat engine.

Is there a way to have it like converted to like a python code?

If i drag in an exe it only shows PE Is that if its a shortcut?

Ghildra has entered the chat.

Whens the new server coming

really nice video! personally I'd be interested in reversing/cracking simple software, like just bypassing a simple "password:" input in a python .exe file. Have a great day!

the nature of .net c# makes it really easy to do this, writing malware in c# is very counterintuitive because of this most of the time malware is written in languages like c or c++ which is many times harder to actually decompile after it is disassembled, full decompilation projects for software written in these common languages have historically had many contributers and can take years to complete

bros a malware himself......cuz he be stealing my heart bro😭

i thought you were going to use apps like x64dbg and view the assembly code. u cant do anything with dnspy to app that has been fully converted to machine language

Amazing job! Can you teach us how to create pixel trigger bot? (educational purposes only)

And if there is just PE?

Dose this work on other programming languages too like for example Python?

help, i know this is irrelevant but my phone got stolen is there a way i can trace it (tried google maps and it didnt work)

Thanks for info ❤

Nice content. Thx man

Moral of the story: Use a C2 server

Could u share the original bat and vbs file? Would realy like to see what happens before u get the exe

i love ur vid

Does it work for dlls ?

good luck decompiling rust compiled exe

C# .exe can be encoded tho, and even so if this is not useful at all if you code in c++

good videos i can finally crack the system

what if there is no real code visible? i just have the folder PE

video banner : c++/c irl : non obfuscated c#

99.99% of malware is obfuscated in one way or another... btw bro looks majestic asf for some reason

Ebola my love

why there's no firefox in that list? it wont work on firefox?

Can you create an invite link for your discord server?

i've used dnspy before to modify games, but holy shit i didn't realize how powerful this tool is.

bro looking magestic

mine doesnt open code. only // location and // timestamp with only PE tab

Damn bro litterly just wanted the locally stored db for form auto fill and send it to own website, dident kmow it was that easy