PDA

View Full Version : Rebel.NET

Daniel Pistelli
04-25-2008, 03:10 PM
As promised, I'm hereby releasing the Rebel.NET software.

http://ntcore.com/rebelnet.php
http://ntcore.com/Files/rebelnet.htm

Rebel.NET is a rebuilding tool for .NET assemblies which is capable of adding and replacing methods and streams. It's possible to replace only a limited number of methods or every method contained in a .NET assembly. The simplicity of Rebel.NET consists in the replacing process: one can choose what to replace. Rebel.NET is, mainly, a very solid base to overcome every .NET protection and to re-create a fully decompilable .NET assembly. As such, Rebel.NET has to be considered a research project, not an encouragement to violate licensing terms.

As I have written the software and the article in this week when during my sickness (fever), I'm expecting bugs and typos. Please report them.

Of course, I've tested the Rebel.NET with more advanced .NET assemblies than those presented in the guide.
GEEK
04-25-2008, 03:31 PM
Thanks for your efforts Daniel
you just keep coming with amazing stuff
Its 2am here in my part of the world and am reading your Rebel.NET File Format
will post comments after i have a good look at it tomorrow

GEEK
Daniel Pistelli
04-25-2008, 03:49 PM
Thanks!

Well, it's 11 pm here. I am so wasted...

I admit that this reading is boring, but it is the premise for the next tutorial about JIT and code injection which is REAL fun. So, go through it! Your effort will be rewarded (at least I believe so) by the next article.
rendari
04-25-2008, 04:52 PM
Awesome! Will look into it as I get the time! Superb work!
fr33ke
04-25-2008, 06:00 PM
Nice. I think a tool like this is essential for more advanced string decryption, and not having to parse the .NET format yourself will make writing some tools certainly easier.
Daniel Pistelli
04-26-2008, 05:13 AM
Thanks rendari.

Well, the string encryption is treated as "obfuscation" in the article, simply because it doesn't make much of a difference in terms of rebuiliding. In the worst case a little MSIL disassembler has to be used to look for ldstr instruction and change them according to the new #US stream. It's maybe annoying, but very simple.
dELTA
04-28-2008, 03:53 AM
Extremely high-quality stuff as usual Daniel. Really looking forward to your upcoming writeups on JIT and code injection!

CRCETL:
http://www.woodmann.com/collaborative/tools/index.php/Rebel.NET
Daniel Pistelli
04-28-2008, 04:00 AM
Thanks delta for adding it to the repository.
dELTA
04-28-2008, 04:14 AM
No problem, you are very welcome to help keeping it updated as new versions are released.
evilcry
05-03-2008, 12:11 PM
Another Great Tool!

Thanks for sharing it Daniel!

Have a Nice Day
Daniel Pistelli
05-03-2008, 12:33 PM
Grazie evilcry =)