Here is a file that I'm trying to find out what they used to pack it.

There is the normal SmartAssembly folders that show up in reflector, but the resources are encrypted in a different format that SmartKill/SmartAssassin does not recognize. Perhaps it was encrypted with SmartAssembly with some option that the SmartKill doesnt support?

Link removed as I think I solved the problem.

Any help is still appreciated dealing with SA and fixing up the code so that reflector will recognize it.

Well, mainly it was a SmartAssembly protected app that did not use encrypted strings. Seems the only apps out for SmartAssembly are just to decode the strings.

I have written a farily decent flow fixer program which at least makes it so that I can see the original app in Reflector.

What a pain in the butt. Basically SA (i'm going to assume it is SA since it has all of the SA exception stuff in it) takes at random 3-4 jumps at the beginning of the code and jumps to the bottom of the code and then right back. Not bad for my first attempt at writing a flow fixer or whatever you want to call it app.

:)

It would be nice if you show us your work..

Yea sure, I'll make it atleast semi user workable.. but it will prob only work for those few obfuscators that use that simple flow mangling routines.

Basically the app fixes this:

0 br.s (6) Step 1
1 - call messagebox
2 - pop
3 - bla bla bla
4 - leave
5 - return
6 - br.s (8) Step 2
7 - br.s (1) Step 5
8 - ldstr "hi" Step 3
9 - br.s (7) Step 4


So that it becomes this:
0 - ldstr "hi"
1 - call messagebox
2 - pop
3 - bla bla bla
4 - leave
5 - return

Which Reflector can then parse.

With the Smart Assembly app I'm reading, this is the brunt of the obfuscation. It basically takes out the jumps (br and br.s) and cleans up the code. Then like magic reflector can read it again.

I kept running into little bugs, like when you take out a br instruction, you have to keep in mind that that instruction might have been used in things like a try/catch routine, so I had to go through those as well and fix those up too. What a mess.

Anyway, I'll polish it up and post it.