| @frayzer what's the problem? First use some decompiler e.g. dnSpy and load the executable. In dnSpy go to the main() method and explore all the other methods. They're somewhat obfuscated, but if you examine them, it will become very clear what they do. You may want to export the decompiled exe to a project in order to open it in Visual Studio. There you're able to easily rename the methods you examined. Try and give them names that reflect what these methods are doing. Rename all parameters appropriately (I used pretty much "str" everywhere a string was passed as a parameter).
In VS find the method that has the check for a debugger in it, edit it, to return false always [This method contains the following code: return Debugger.IsAttached || Marshal.ReadByte((IntPtr)2147353300) 0;]
After editing this, you can start the debugger and step through every method and pretty quickly discover a method that decodes the obfuscated strings. It's the method containing "stringBuilder.Append((c == 'I') ? '1' : '0');".
Go for it :) |
==> |