Log in

View Full Version : Rebel.NET

Daniel Pistelli
April 25th, 2008, 15:10
As promised, I'm hereby releasing the Rebel.NET software.

http://ntcore.com/rebelnet.php
http://ntcore.com/Files/rebelnet.htm

Rebel.NET is a rebuilding tool for .NET assemblies which is capable of adding and replacing methods and streams. It's possible to replace only a limited number of methods or every method contained in a .NET assembly. The simplicity of Rebel.NET consists in the replacing process: one can choose what to replace. Rebel.NET is, mainly, a very solid base to overcome every .NET protection and to re-create a fully decompilable .NET assembly. As such, Rebel.NET has to be considered a research project, not an encouragement to violate licensing terms.

As I have written the software and the article in this week when during my sickness (fever), I'm expecting bugs and typos. Please report them.

Of course, I've tested the Rebel.NET with more advanced .NET assemblies than those presented in the guide.
GEEK
April 25th, 2008, 15:31
Thanks for your efforts Daniel
you just keep coming with amazing stuff
Its 2am here in my part of the world and am reading your Rebel.NET File Format
will post comments after i have a good look at it tomorrow

GEEK
Daniel Pistelli
April 25th, 2008, 15:49
Thanks!

Well, it's 11 pm here. I am so wasted...

I admit that this reading is boring, but it is the premise for the next tutorial about JIT and code injection which is REAL fun. So, go through it! Your effort will be rewarded (at least I believe so) by the next article.
rendari
April 25th, 2008, 16:52
Awesome! Will look into it as I get the time! Superb work!
fr33ke
April 25th, 2008, 18:00
Nice. I think a tool like this is essential for more advanced string decryption, and not having to parse the .NET format yourself will make writing some tools certainly easier.
Daniel Pistelli
April 26th, 2008, 05:13
Thanks rendari.

Well, the string encryption is treated as "obfuscation" in the article, simply because it doesn't make much of a difference in terms of rebuiliding. In the worst case a little MSIL disassembler has to be used to look for ldstr instruction and change them according to the new #US stream. It's maybe annoying, but very simple.
dELTA
April 28th, 2008, 03:53
Extremely high-quality stuff as usual Daniel. Really looking forward to your upcoming writeups on JIT and code injection!

CRCETL:
http://www.woodmann.com/collaborative/tools/Rebel.NET
Daniel Pistelli
April 28th, 2008, 04:00
Thanks delta for adding it to the repository.
dELTA
April 28th, 2008, 04:14
No problem, you are very welcome to help keeping it updated as new versions are released.
evilcry
May 3rd, 2008, 12:11
Another Great Tool!

Thanks for sharing it Daniel!

Have a Nice Day
Daniel Pistelli
May 3rd, 2008, 12:33
Grazie evilcry =)