DeXe – Deobfuscator for Xenocode

INTRODUCTION
Strings in assembly protected by XenoCode was encrypted. This tool will help you to decrypt string into readable form. Flow control is defeated too, but this tool can not recover to 100% original code. After version 1.0.1.3, the code name of this tool will be changed to DeXe because it is a part of a series of Deobfuscator which I make for .net. After decryption, a patched assembly with decrypted string will be saved at the same folder of the application. Use Reflector to see result. This tool will be updated soonly with more functions.

  • Requirements : .NET Framework 2.0
  • Version: 1.0.1.6
  • Supported version of Xenocode Postbuild
  • To XenoCode Postbuild 2007 build 6675
  • Want more functions. Post your comment directly after this post.

NOTE

If this tool doesn’t work with your packed assembly, send it to me. DO NOT blame me if this one doesn’t work. I’m just a newbie. Tongue out

LINK DOWN

When you want to post this tool to somewhere. Please post url to my site, that keeps update for this tool when you do that.

Download: http://hintdesk.com/Web/Tool/XeCoString.zip

HISTORY

  • [1.0.1.4 – 1.0.1.6] : Fix mirror bugs
  • [1.0.1.3] : Anti-obfuscate flow control is now better
  • [1.0.0.10] : Anti-obfuscate flow control
  • [1.0.0.9] : Fix Bug bei convert string to in at ID

SCREENSHOT
DeXe Screenshot

MySql console – Most used commands

1. Login

mysql -u USERNAME -p

At the Enter Password prompt, type your password. When you type the correct password, the mysql> prompt appears.

2. List all databases

show databases;

3. Access a specific database

use DBNAME

4. List all tables

show tables;

5. The path to root config file

/etc/mysql/conf.d/my.cnf

6. Create user

To create a database user, type the following command. Replace username with the user you want to create, and replace password with the user’s password:

grant all privileges on *.* to 'user_name'@'localhost' identified by 'password';

For remote connection use % for domain name

 grant all privileges on *.* to 'user_name'@'%' identified by 'password';

7. Create and restore backup from mysqldump

mysqldump -u user_name -p database_name > /tmp/dump.sql
mysql -u user_name -p database_name < /tmp/dump.sql

8. Allow remote connection

Edit the config file /etc/mysql/conf.d/my.cnf by commenting the bind_address

#bind-address           = 127.0.0.1

Then restart mysql server

/etc/init.d/mysql restart

Then open the port 3306 on the machine

sudo iptables -A INPUT -i eth0 -p tcp -m tcp --dport 3306 -j ACCEPT

And test if from the remote computer

nc -z -v ip_address 3306

How to add subdomain in nginx server?

Follow these following steps to add a subdomain within Nginx server.

1. In the domain panel, add an A-record to point the new subdomain to your server

2. Register the new subdomain with Nginx server

sudo nano /etc/nginx/sites-available/youtube.hintdesk.com

3. Use this simple configuration for the newly created file

server {
        listen 80;

        root /var/www/html/apps/youtube;
        index index.html index.htm index.nginx-debian.html;

        server_name youtube.hintdesk.com www.youtube.hintdesk.com;

        location / {
                try_files $uri $uri/ /index.html?$args;
        }
}

4. To enable the configuration, make a symlink to the enabled sites

ln -s /etc/nginx/sites-available/youtube.hintdesk.com /etc/nginx/sites-enabled/youtube.hintdesk.com

5. The last thing to do is restart Nginx:

service nginx restart

6. If we activate SSL for our domain and receive the error ERR_SPDY_INADEQUATE_TRANSPORT_SECURITY on Chrome. Then edit the ssl.conf with following settings

sudo nano /var/www/tetxua.com/conf/nginx/ssl.conf

And add following lines

ssl_ciphers "ECDHE+AES128:RSA+AES128:ECDHE+AES256:RSA+AES256:ECDHE+3DES:RSA+3DES";

Which is recommended by Cloudflare.

My online notes – Section 0006

Note 1: Sony Ericsson PC Suite for Z610i
http://www.megaupload.com/?d=V7II5C41

Note 2: Set autostart for program

private Boolean SchreibeinAutostart( String dateipfad )
{
    try
    {
        String samAccountName;
        {
            var currentWindowsIdentity = WindowsIdentity.GetCurrent( );
            if ( currentWindowsIdentity == null )
            {
                return false;
            }

            samAccountName = currentWindowsIdentity.Name;
        }

        var registrySecurity = new RegistrySecurity( );
        {
            registrySecurity.AddAccessRule( new RegistryAccessRule( samAccountName,
                    RegistryRights.WriteKey | RegistryRights.ChangePermissions, InheritanceFlags.None, PropagationFlags.None, AccessControlType.Allow ) );
        }

        var targetRegistryKey = Registry.CurrentUser.CreateSubKey( "Software\\Microsoft\\Windows\\CurrentVersion\\Run\\" );

        if ( targetRegistryKey == null )
        {
            return false;
        }

        targetRegistryKey.SetValue( dateipfad.Remove( 0, dateipfad.LastIndexOf( @"\" ) + 1 ), dateipfad );

    }
    catch ( Exception )
    {
        return false;
    }

    return true;
}

Continue reading My online notes – Section 0006

My online notes – Section 0005

Note 1: Impersonation for accessing network path

private void ApplyUserCredentials(string Share, string Domain, string Username, string Password)
{
	USE_INFO_2 useInfo = new USE_INFO_2();
	useInfo.ui2_local = string.Empty;
	useInfo.ui2_remote = Share;
	useInfo.ui2_password = Password;
	useInfo.ui2_asg_type = 0;    //disk drive
	useInfo.ui2_usecount = 1;
	useInfo.ui2_username = Username;
	useInfo.ui2_domainname = Domain;
	uint paramErrorIndex;

	uint returnCode = NetUseAdd(null, 2, ref useInfo, out paramErrorIndex);
	if (returnCode != 0)
	{
		throw new Win32Exception((int)returnCode);
	}
}

[DllImport("NetApi32.dll", SetLastError = true, CharSet = CharSet.Unicode)]
private static extern UInt32 NetUseAdd(string UncServerName,UInt32 Level, ref USE_INFO_2 Buf,  out UInt32 ParmError);

[StructLayout(LayoutKind.Sequential, CharSet = CharSet.Unicode)]
private struct USE_INFO_2
{
	internal string ui2_local;
	internal string ui2_remote;
	internal string ui2_password;
	internal UInt32 ui2_status;
	internal UInt32 ui2_asg_type;
	internal UInt32 ui2_refcount;
	internal UInt32 ui2_usecount;
	internal string ui2_username;
	internal string ui2_domainname;
}

Continue reading My online notes – Section 0005

My online notes – Section 0004

Note 1: Proxy of HttpWebRequest for uploading

HttpWebRequest HttpRequest = (HttpWebRequest)WebRequest.Create(this.fullUrl);

<system.net>
    <defaultProxy enabled ="false">
		<proxy autoDetect ="True"/>
    </defaultProxy>
</system.net>

Note 2: Walkthrough: Implementing Virtual Mode in the Windows Forms DataGridView Control for page loading
http://msdn.microsoft.com/en-us/library/15a31akc.aspx

Continue reading My online notes – Section 0004

My online notes – Section 0003

Note 1: Check if current user is administrator

WindowsPrincipal principal = new WindowsPrincipal(WindowsIdentity.GetCurrent());
Console.WriteLine("Programm wird unter dem Usercontext ausgeführt: {0}", principal.Identity.Name);
Console.WriteLine("Adminrechte vorhanden: {0}", principal.IsInRole(WindowsBuiltInRole.Administrator) ? "Ja" : "Nein");

Note 2: ContextMenuStrip at selected row open and Index in DataTable localize.

private void dgv_MouseUp(object sender, MouseEventArgs e)
{
  DataGridView.HitTestInfo hitTest = ((DataGridView)sender).HitTest(e.X, e.Y);

  if (hitTest .Type == DataGridViewHitTestType.Cell)
  {
     dgv.CurrentCell = dgv.Rows[hTest.RowIndex].Cells[hTest.ColumnIndex];
  }
}

Continue reading My online notes – Section 0003

My online notes – Section 0001

Note 1:

MongoDB Applied Design Patterns
https://www.dropbox.com/s/5nksr6e8z09mu83/Oreilly.MongoDB.Applied.Design.Patterns.Mar.2013.epub?dl=0

Peopleware
https://www.dropbox.com/s/4v3j51mkt13yusc/Peopleware.epub?dl=0

Note 2:

1. List all properties and their values

static void Main(string[] args)
{
	string fileName = Path.Combine(Directory.GetCurrentDirectory(), "All Polished.mp4");
	ShellObject shellObject= ShellObject.FromParsingName(fileName);
	PropertyInfo[] propertyInfos = shellObject.Properties.System.GetType().GetProperties();
	foreach (var propertyInfo in propertyInfos)
	{
		object value = propertyInfo.GetValue(shellObject.Properties.System, null);

		if (value is ShellProperty<int?>)
		{
			var nullableIntValue = (value as ShellProperty<int?>).Value;
			Console.WriteLine($"{propertyInfo.Name} - {nullableIntValue}");
		}
		else if (value is ShellProperty<ulong?>)
		{
			var nullableLongValue =
				(value as ShellProperty<ulong?>).Value;
			Console.WriteLine($"{propertyInfo.Name} - {nullableLongValue}");
		}
		else if (value is ShellProperty<string>)
		{
			var stringValue =
				(value as ShellProperty<string>).Value;
			Console.WriteLine($"{propertyInfo.Name} - {stringValue}");
		}
		else if (value is ShellProperty<object>)
		{
			var objectValue =
				(value as ShellProperty<object>).Value;
			Console.WriteLine($"{propertyInfo.Name} - {objectValue}");
		}
		else
		{
			Console.WriteLine($"{propertyInfo.Name} - Dummy value");
		}
	}
	Console.ReadLine();
}

FluentValidation

https://github.com/JeremySkinner/FluentValidation

NodaTime

http://nodatime.org/

Quartz.net

http://www.quartz-scheduler.net/

Continue reading My online notes – Section 0001

Schlangengrube – Hố rắn

v1.0 Untertitel: WDR mediagroup GmbH im Auftrag des WDR
Tatort-Titelmusik
Frank Thiel Prof. Karl-Friedrich Boerne Nadeshda Krusenstern
Nachdem Sie Zeuge werden durften, wie es mir gelang, jegliche Fremdeinwirkung auszuschließen, und feststeht, dass die junge Frau ihren viel zu frühen Tod durch Ertrinken selbst herbeigeführt hat, möchte ich zum kulinarischen Teil der heutigen Sendung übergehen.
*jeglich: bất kỳ, tiếng Anh: any
*ausschließen: loại trừ
*feststehen: chắc chắn
*herbeiführen: gây ra
*kulinarisch: ẩm thực
*übergehen: đi đến
Continue reading Schlangengrube – Hố rắn