├── f.a.q ├── README.md ├── obfuscated-file │ ├── README.md │ ├── could-not-create-ssl-tls-secure-channel-error.md │ └── protected-file-is-detected-as-a-virus.md ├── personal-data │ ├── README.md │ └── is-my-personal-data-safe.md └── payment │ ├── README.md │ ├── what-payment-method-is-available.md │ ├── i-dont-use-this-service-anymore-refund.md │ ├── obfuscation-failed-refund.md │ ├── netguard.io-token.md │ └── pricing-plans-explained.md ├── protections ├── README.md ├── anti-dump.md ├── native-shield.md ├── anti-debugger-protection.md ├── renaming-protection.md ├── hide-call-protection.md ├── drm-protection.md ├── code-flow-protection.md ├── protections-of-constants.md └── msil-code-encryption.md ├── obfuscation-tips ├── README.md ├── protect-programs-that-uses-json.md ├── protecting-the-same-file-multiple-times.md ├── protect-multi-threading-tasks.md ├── you-also-use-vmprotect.md └── adding-more-security.md ├── .gitbook └── assets │ ├── 1.png │ ├── 001.png │ ├── 002.png │ ├── 003.png │ ├── 004.png │ ├── 005.png │ ├── step2.png │ ├── step3.png │ ├── step4.png │ ├── 001 (1).png │ ├── d2bskq6.gif │ ├── fcxxjl6.png │ ├── frm1yvh.png │ ├── rename.png │ ├── vwva0ya.png │ ├── anti-dump.png │ ├── antidebug.png │ ├── codeflow.png │ ├── hidecall.png │ ├── loginfrm.png │ ├── icons8-visa-64.png │ ├── msilencryption.png │ ├── native-shield.png │ ├── clip-education-2.png │ ├── cloud-development.png │ ├── constantencryption.png │ ├── icons8-recu-refuse-64.png │ ├── icons8-remboursement-2-64.png │ ├── icons8-sac-dargent-yen-64.png │ ├── icons8-recupere-largent-64.png │ ├── icons8-supprimer-shield-64.png │ ├── icons8-developpement-cloud-64.png │ ├── icons8-sac-d-and-39-argent-64.png │ └── icons8-appareil-photo-mural-prive-64.png ├── README.md ├── change.log ├── .github └── ISSUE_TEMPLATE │ ├── feature_request.md │ └── bug_report.md ├── NoLicense.md ├── netguard-desktop-app.md ├── SUMMARY.md └── getting-started.md /f.a.q/README.md: -------------------------------------------------------------------------------- 1 | # F.A.Q 2 | 3 | ## 4 | 5 | -------------------------------------------------------------------------------- /protections/README.md: -------------------------------------------------------------------------------- 1 | # Obfuscation Features 2 | 3 | -------------------------------------------------------------------------------- /f.a.q/obfuscated-file/README.md: -------------------------------------------------------------------------------- 1 | # Obfuscated file 2 | 3 | -------------------------------------------------------------------------------- /f.a.q/personal-data/README.md: -------------------------------------------------------------------------------- 1 | # Personal Data 2 | 3 | -------------------------------------------------------------------------------- /obfuscation-tips/README.md: -------------------------------------------------------------------------------- 1 | # Obfuscation Tips 2 | 3 | -------------------------------------------------------------------------------- /.gitbook/assets/1.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/XenocodeRCE/NETGuardObfuscator/master/.gitbook/assets/1.png -------------------------------------------------------------------------------- /.gitbook/assets/001.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/XenocodeRCE/NETGuardObfuscator/master/.gitbook/assets/001.png -------------------------------------------------------------------------------- /.gitbook/assets/002.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/XenocodeRCE/NETGuardObfuscator/master/.gitbook/assets/002.png -------------------------------------------------------------------------------- /.gitbook/assets/003.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/XenocodeRCE/NETGuardObfuscator/master/.gitbook/assets/003.png -------------------------------------------------------------------------------- /.gitbook/assets/004.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/XenocodeRCE/NETGuardObfuscator/master/.gitbook/assets/004.png -------------------------------------------------------------------------------- /.gitbook/assets/005.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/XenocodeRCE/NETGuardObfuscator/master/.gitbook/assets/005.png -------------------------------------------------------------------------------- /.gitbook/assets/step2.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/XenocodeRCE/NETGuardObfuscator/master/.gitbook/assets/step2.png -------------------------------------------------------------------------------- /.gitbook/assets/step3.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/XenocodeRCE/NETGuardObfuscator/master/.gitbook/assets/step3.png -------------------------------------------------------------------------------- /.gitbook/assets/step4.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/XenocodeRCE/NETGuardObfuscator/master/.gitbook/assets/step4.png -------------------------------------------------------------------------------- /.gitbook/assets/001 (1).png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/XenocodeRCE/NETGuardObfuscator/master/.gitbook/assets/001 (1).png -------------------------------------------------------------------------------- /.gitbook/assets/d2bskq6.gif: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/XenocodeRCE/NETGuardObfuscator/master/.gitbook/assets/d2bskq6.gif -------------------------------------------------------------------------------- /.gitbook/assets/fcxxjl6.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/XenocodeRCE/NETGuardObfuscator/master/.gitbook/assets/fcxxjl6.png -------------------------------------------------------------------------------- /.gitbook/assets/frm1yvh.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/XenocodeRCE/NETGuardObfuscator/master/.gitbook/assets/frm1yvh.png -------------------------------------------------------------------------------- /.gitbook/assets/rename.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/XenocodeRCE/NETGuardObfuscator/master/.gitbook/assets/rename.png -------------------------------------------------------------------------------- /.gitbook/assets/vwva0ya.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/XenocodeRCE/NETGuardObfuscator/master/.gitbook/assets/vwva0ya.png -------------------------------------------------------------------------------- /.gitbook/assets/anti-dump.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/XenocodeRCE/NETGuardObfuscator/master/.gitbook/assets/anti-dump.png -------------------------------------------------------------------------------- /.gitbook/assets/antidebug.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/XenocodeRCE/NETGuardObfuscator/master/.gitbook/assets/antidebug.png -------------------------------------------------------------------------------- /.gitbook/assets/codeflow.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/XenocodeRCE/NETGuardObfuscator/master/.gitbook/assets/codeflow.png -------------------------------------------------------------------------------- /.gitbook/assets/hidecall.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/XenocodeRCE/NETGuardObfuscator/master/.gitbook/assets/hidecall.png -------------------------------------------------------------------------------- /.gitbook/assets/loginfrm.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/XenocodeRCE/NETGuardObfuscator/master/.gitbook/assets/loginfrm.png -------------------------------------------------------------------------------- /.gitbook/assets/icons8-visa-64.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/XenocodeRCE/NETGuardObfuscator/master/.gitbook/assets/icons8-visa-64.png -------------------------------------------------------------------------------- /.gitbook/assets/msilencryption.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/XenocodeRCE/NETGuardObfuscator/master/.gitbook/assets/msilencryption.png -------------------------------------------------------------------------------- /.gitbook/assets/native-shield.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/XenocodeRCE/NETGuardObfuscator/master/.gitbook/assets/native-shield.png -------------------------------------------------------------------------------- /.gitbook/assets/clip-education-2.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/XenocodeRCE/NETGuardObfuscator/master/.gitbook/assets/clip-education-2.png -------------------------------------------------------------------------------- /.gitbook/assets/cloud-development.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/XenocodeRCE/NETGuardObfuscator/master/.gitbook/assets/cloud-development.png -------------------------------------------------------------------------------- /.gitbook/assets/constantencryption.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/XenocodeRCE/NETGuardObfuscator/master/.gitbook/assets/constantencryption.png -------------------------------------------------------------------------------- /.gitbook/assets/icons8-recu-refuse-64.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/XenocodeRCE/NETGuardObfuscator/master/.gitbook/assets/icons8-recu-refuse-64.png -------------------------------------------------------------------------------- /.gitbook/assets/icons8-remboursement-2-64.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/XenocodeRCE/NETGuardObfuscator/master/.gitbook/assets/icons8-remboursement-2-64.png -------------------------------------------------------------------------------- /.gitbook/assets/icons8-sac-dargent-yen-64.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/XenocodeRCE/NETGuardObfuscator/master/.gitbook/assets/icons8-sac-dargent-yen-64.png -------------------------------------------------------------------------------- /f.a.q/payment/README.md: -------------------------------------------------------------------------------- 1 | --- 2 | description: Our services use Norton-DIGICERT protection security to process payments. 3 | --- 4 | 5 | # Payment 6 | 7 | -------------------------------------------------------------------------------- /.gitbook/assets/icons8-recupere-largent-64.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/XenocodeRCE/NETGuardObfuscator/master/.gitbook/assets/icons8-recupere-largent-64.png -------------------------------------------------------------------------------- /.gitbook/assets/icons8-supprimer-shield-64.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/XenocodeRCE/NETGuardObfuscator/master/.gitbook/assets/icons8-supprimer-shield-64.png -------------------------------------------------------------------------------- /.gitbook/assets/icons8-developpement-cloud-64.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/XenocodeRCE/NETGuardObfuscator/master/.gitbook/assets/icons8-developpement-cloud-64.png -------------------------------------------------------------------------------- /.gitbook/assets/icons8-sac-d-and-39-argent-64.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/XenocodeRCE/NETGuardObfuscator/master/.gitbook/assets/icons8-sac-d-and-39-argent-64.png -------------------------------------------------------------------------------- /.gitbook/assets/icons8-appareil-photo-mural-prive-64.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/XenocodeRCE/NETGuardObfuscator/master/.gitbook/assets/icons8-appareil-photo-mural-prive-64.png -------------------------------------------------------------------------------- /README.md: -------------------------------------------------------------------------------- 1 | # NETGuard.IO - Help Desk 2 | 3 | ![](.gitbook/assets/clip-education-2.png) 4 | 5 | {% page-ref page="getting-started.md" %} 6 | 7 | {% page-ref page="protections/" %} 8 | 9 | {% page-ref page="obfuscation-tips/" %} 10 | 11 | -------------------------------------------------------------------------------- /change.log: -------------------------------------------------------------------------------- 1 | 02-06-2019 : Code Flow Protection protection has been updated to use a satellite assembly, improving the obscurity of the output. Anti Debug protection has been updated to do pattern-based scanning 2 | 10-05-2019 : fix problem with libraries and native shield protection 3 | -------------------------------------------------------------------------------- /f.a.q/payment/what-payment-method-is-available.md: -------------------------------------------------------------------------------- 1 | # What are the payment methods ? 2 | 3 | ![](../../.gitbook/assets/icons8-visa-64.png) 4 | 5 | We do accept **Credit Card**, **PayPal** and **Bitcoin**. 6 | 7 | {% hint style="info" %} 8 | **Bitcoin payment needs 3 blockchain verifications.** This can take up to 30 minutes. 9 | {% endhint %} 10 | 11 | {% hint style="danger" %} 12 | Our payment platform uses anti-fraud system for PayPal payment, any attempt of fraud will result to an instant ban of your account on any of our services. 13 | {% endhint %} 14 | 15 | -------------------------------------------------------------------------------- /f.a.q/payment/i-dont-use-this-service-anymore-refund.md: -------------------------------------------------------------------------------- 1 | # I don't use this service anymore, refund ? 2 | 3 | ![](../../.gitbook/assets/icons8-recupere-largent-64.png) 4 | 5 | If you do not want to use our services anymore, please send us a message and we will be able to refund you the money you used on the last payment. 6 | 7 | However, if you do so, we will keep some of your informations in our database, ban your account and all of its content \(protected files and dependencies\) and prevent you from using our services in the future. 8 | 9 | {% hint style="danger" %} 10 | This action is not reversible. Once banned, you can no longer access any of our services ! 11 | {% endhint %} 12 | 13 | -------------------------------------------------------------------------------- /obfuscation-tips/protect-programs-that-uses-json.md: -------------------------------------------------------------------------------- 1 | --- 2 | description: How to correctly handle obfuscation on programs that uses JSON data 3 | --- 4 | 5 | # Program that uses JSON data 6 | 7 | JSON Data uses name of the property as **string**. That means when we rename the Methods and Classes in your assembly, NETGuard.IO will also rename the JSON Data and make it invalid. To prevent that, you must use the standard **\[Serializable\]** Attribute on the Class\(es\) that your program uses where the JSON data structure is implemented. 8 | 9 | ```csharp 10 | [Serializable] 11 | class jsonDATA 12 | { 13 | public string username { get; set; } 14 | public string password { get; set; } 15 | } 16 | ``` 17 | 18 | -------------------------------------------------------------------------------- /f.a.q/obfuscated-file/could-not-create-ssl-tls-secure-channel-error.md: -------------------------------------------------------------------------------- 1 | # "Could not create SSL/TLS secure channel" error 2 | 3 | ![](../../.gitbook/assets/icons8-recu-refuse-64.png) 4 | 5 | {% hint style="warning" %} 6 | This error can happen if you use a webClient to access an SSL/TLS secured endpoint. 7 | {% endhint %} 8 | 9 | Simply add this code to your method to remove the issue : 10 | 11 | {% tabs %} 12 | {% tab title="\[C\#\]" %} 13 | ```csharp 14 | ServicePointManager.SecurityProtocol = SecurityProtocolType.Tls12; 15 | ``` 16 | {% endtab %} 17 | 18 | {% tab title="\[VB.NET\]" %} 19 | ```fsharp 20 | ServicePointManager.SecurityProtocol = SecurityProtocolType.Tls12 21 | ``` 22 | {% endtab %} 23 | {% endtabs %} 24 | 25 | -------------------------------------------------------------------------------- /protections/anti-dump.md: -------------------------------------------------------------------------------- 1 | --- 2 | description: Prevents your file from being extracted in memory. 3 | --- 4 | 5 | # Anti Dump Protection 6 | 7 | ![](../.gitbook/assets/anti-dump.png) 8 | 9 | ## Description 10 | 11 | NETGuard.IO prevent sensitive data from being dumped in memory by using unsafe x86 byte techniques to fool with PE Header and seal parts of your code into encrypted memory. 12 | 13 | ## Obfuscation Impacts 14 | 15 | {% hint style="success" %} 16 | **Targets : Assembly** 17 | {% endhint %} 18 | 19 | {% hint style="success" %} 20 | **Strenght :** ⭐⭐⭐⭐ 21 | {% endhint %} 22 | 23 | {% hint style="warning" %} 24 | **Startup time is a little bit longer due to the computer's file being scanned** 25 | {% endhint %} 26 | 27 | -------------------------------------------------------------------------------- /obfuscation-tips/protecting-the-same-file-multiple-times.md: -------------------------------------------------------------------------------- 1 | # Updating my protected file ? 2 | 3 | NETGuard will make you pay one token for each time the file is different from the last sent file. 4 | 5 | That means, if you want to obfuscate `YourProgram.exe v1.0` it will costs you one token. If you want to obfuscate it again right after, since last sent file is equal to `YourProgram.exe v1.0` then it will not costs you a token. 6 | 7 | However, if 2 hours ago you protected `YourProgram.exe v1.0` and now you want to protect `YourProgram.exe v2.0` then it will costs you a token because the file is a new file. 8 | 9 | {% hint style="info" %} 10 | We use **MD5** comparison to determine if files are equal or not. 11 | {% endhint %} 12 | 13 | -------------------------------------------------------------------------------- /.github/ISSUE_TEMPLATE/feature_request.md: -------------------------------------------------------------------------------- 1 | --- 2 | name: Feature request 3 | about: Suggest an idea for this project 4 | title: '' 5 | labels: enhancement, question 6 | assignees: XenocodeRCE 7 | 8 | --- 9 | 10 | **Is your feature request related to a problem? Please describe.** 11 | A clear and concise description of what the problem is. Ex. I'm always frustrated when [...] 12 | 13 | **Describe the solution you'd like** 14 | A clear and concise description of what you want to happen. 15 | 16 | **Describe alternatives you've considered** 17 | A clear and concise description of any alternative solutions or features you've considered. 18 | 19 | **Additional context** 20 | Add any other context or screenshots about the feature request here. 21 | -------------------------------------------------------------------------------- /protections/native-shield.md: -------------------------------------------------------------------------------- 1 | --- 2 | description: Inject your .NET file into a native stub. 3 | --- 4 | 5 | # Native Shield Protection 6 | 7 | ![](../.gitbook/assets/native-shield.png) 8 | 9 | ## Description 10 | 11 | NETGuard.IO can wrap your file into a Native Delphi PE file, preventing decompilers and managed debuggers. This feature is fully compatible with x64 and x32 managed assembly ! 12 | 13 | {% hint style="warning" %} 14 | This protection does not handle library \(.dll\) files, only executable \(.exe\) managed file. 15 | {% endhint %} 16 | 17 | ## Obfuscation Impacts 18 | 19 | {% hint style="success" %} 20 | **Targets : Methods and Functions** 21 | {% endhint %} 22 | 23 | {% hint style="success" %} 24 | **Strenght :** ⭐⭐⭐⭐ 25 | {% endhint %} 26 | 27 | {% hint style="warning" %} 28 | **Produce native file** 29 | {% endhint %} 30 | 31 | -------------------------------------------------------------------------------- /protections/anti-debugger-protection.md: -------------------------------------------------------------------------------- 1 | --- 2 | description: Prevents your file from running if a debugger is found on the machine. 3 | --- 4 | 5 | # Anti Debug Protection 6 | 7 | ![](../.gitbook/assets/antidebug.png) 8 | 9 | ## Description 10 | 11 | NETGuard.IO can prevent your file from being debugged by debugging tools and decompilers. We use WinAPI and managed techniques to prevent your file from being ran if a debugger is detected on the computer. 12 | 13 | We automatically remove the file from the computer if a debugger is found in order to prevent any attempt at tampering your file. 14 | 15 | ## Obfuscation Impacts 16 | 17 | {% hint style="success" %} 18 | **Targets : Assembly** 19 | {% endhint %} 20 | 21 | {% hint style="success" %} 22 | **Strenght :** ⭐⭐⭐⭐ 23 | {% endhint %} 24 | 25 | {% hint style="warning" %} 26 | **Startup time is a little bit longer due to the computer's file being scanned** 27 | {% endhint %} 28 | 29 | -------------------------------------------------------------------------------- /obfuscation-tips/protect-multi-threading-tasks.md: -------------------------------------------------------------------------------- 1 | # Protect multi-threading tasks 2 | 3 | Multi-threading task are meant to increase your file's task quickness, usually because your program relies on quickness to perform important task. 4 | 5 | Obfuscation adds code to your file, and therefore the required time to perform your program's tasks is increased. 6 | 7 | That is why you should always exclude method that contains multi-threading task from obfuscation. 8 | 9 | {% hint style="danger" %} 10 | Before doing so, make sure no sensitive data is in the same method, and if sensitive data is in the same method, put it in a separated method. 11 | {% endhint %} 12 | 13 | ```csharp 14 | [Obfuscation(Exclude = true)] 15 | public void RunCheckCombolist() 16 | { 17 | Stopwatch watch = new Stopwatch(); 18 | watch.Start(); 19 | Parallel.For(0, 100000, i => 20 | { 21 | Thread.Sleep(1); 22 | counter++; 23 | }); 24 | watch.Stop(); 25 | Console.WriteLine("Seconds Elapsed: " + watch.Elapsed.Seconds); 26 | Console.WriteLine(counter.ToString()); 27 | Console.ReadKey(); 28 | } 29 | ``` 30 | 31 | -------------------------------------------------------------------------------- /f.a.q/payment/obfuscation-failed-refund.md: -------------------------------------------------------------------------------- 1 | # Obfuscation failed, refund ? 2 | 3 | ![](../../.gitbook/assets/icons8-remboursement-2-64.png) 4 | 5 | In this case we ask you to contact us by [mail](mailto:support@netguard.io) or live chat. 6 | 7 | {% hint style="info" %} 8 | Always include as much detail as possible in your request to fasten the work of the tech team. 9 | {% endhint %} 10 | 11 | After sending us the needed informations, there are 3 cases that might apply to you : 12 | 13 | 1. **You are premium member \(you have tokens\)** You need to re-try to protect the exact same file with different features. We do not charge you one token if the former file you tried to obfuscate is the same as the one you are currently trying to obfuscate. 14 | 2. **You are not premium member \(you do not have tokens\)** You need to re-try to protect the exact same file with different features. 15 | 3. **You were premium \(you had tokens\) but you used your last token on that failed obfuscated** You need to wait for us to reply before you can re-try to protect the exact same file with different features. Of course we will send you back the token. 16 | 17 | -------------------------------------------------------------------------------- /.github/ISSUE_TEMPLATE/bug_report.md: -------------------------------------------------------------------------------- 1 | --- 2 | name: Bug report 3 | about: Create a report to help us improve 4 | title: '' 5 | labels: bug, help wanted 6 | assignees: XenocodeRCE 7 | 8 | --- 9 | 10 | **[remove this line] If you don't follow the template the issue will be ignored ! [remove this line]** 11 | 12 | 13 | **Your NETGuard.IO username :** 14 | (optional) send us by **mail** a download link to your file; put this issue link in the mail. Do not post download link here ! 15 | 16 | 17 | **Describe the bug** 18 | A clear and concise description of what the bug is. 19 | 20 | **To Reproduce** 21 | Steps to reproduce the behavior: 22 | 1. Go to '...' 23 | 2. Click on '....' 24 | 3. Scroll down to '....' 25 | 4. See error 26 | 27 | **Expected behavior** 28 | A clear and concise description of what you expected to happen. 29 | 30 | **Screenshots** 31 | If applicable, add screenshots to help explain your problem. 32 | 33 | **Desktop (please complete the following information):** 34 | - OS: [e.g. Windows x64 / x32] 35 | - Framework [e.g. FW 2.0, FW 4.7.1] 36 | 37 | **Additional context** 38 | Add any other context about the problem here. 39 | -------------------------------------------------------------------------------- /obfuscation-tips/you-also-use-vmprotect.md: -------------------------------------------------------------------------------- 1 | --- 2 | description: >- 3 | VMProtect is a Native Virtualizer / Packer than can be used along with 4 | NETGuard.IO obfuscation using our Native Shield Protection feature. 5 | --- 6 | 7 | # You also use VMProtect ? 8 | 9 | {% embed url="https://www.youtube.com/watch?v=wZ9D0zkJRs0&feature=youtu.be" caption="" %} 10 | 11 | If you select our **Native Shield Protection** you will be able to use every native packer / virtualizer on top of the file produced by NETGuard.IO obfuscation**.\*** 12 | 13 | {% page-ref page="../protections/native-shield.md" %} 14 | 15 | **NETGuard.IO** also comes with **Anti Dump Protection** to prevent your .NET Assembly from being dump by memory inspection tool, however with enough privilege on the kernel anyone could easily hook some APIs and dump the RAW bytes. 16 | 17 | {% page-ref page="../protections/anti-dump.md" %} 18 | 19 | To maximize the protection of your assembly, you can use [VMProtect ](https://vmpsoft.com/)and manually add the address of VirtualProtect to the Mutation/Virtualization queue. This is made in order to prevent hackers and crackers from finding the address of VirtualProtect, used to start the execution of the .NET Assembly from the Native stub. 20 | 21 | -------------------------------------------------------------------------------- /NoLicense.md: -------------------------------------------------------------------------------- 1 | # For users 2 | If you find software that doesn’t have a license, that generally means you have no permission from the creators of the software to use, modify, or share the software. Although a code host such as GitHub may allow you to view and fork the code, this does not imply that you are permitted to use, modify, or share the software for any purpose. 3 | 4 | Your options: 5 | 6 | - Ask the maintainers nicely to add a license. Unless the software includes strong indications to the contrary, lack of a license is probably an oversight. If the software is hosted on a site like GitHub, open an issue requesting a license and include a link to this site. If you’re bold and it’s fairly obvious what license is most appropriate, open a pull request to add a license – see “suggest this license” in the sidebar of the page for each license on this site (e.g., [MIT](https://choosealicense.com/licenses/mit/#suggest-this-license)). 7 | - Don’t use the software. Find or create an alternative that is under an open source license. 8 | - Negotiate a private license. Bring your lawyer. 9 | 10 | # Current notice 11 | 12 | As the repository owner, I allow : 13 | 14 | - The usage of the code you can find in this repository 15 | - The share of the code you can find in this repository 16 | -------------------------------------------------------------------------------- /obfuscation-tips/adding-more-security.md: -------------------------------------------------------------------------------- 1 | # Adding more security ? 2 | 3 | ## Rely on native packer / virtualization tools 4 | 5 | Our obfuscator is strong, but no matter how strong it is, there is always a possibility for one to code a program to reverse the obfuscation process applied by NETGuard.IO on your file. With time and skills, one could almost completely remove the obfuscation layers of your file. That is why we try our best to fix managed software security issue : the fact that they are managed. 6 | 7 | With the rise of dnlib, a library to modify managed files, more and more de-obfuscation tools have been created ; however they only target at MSIL level, that is managed. That is why we are doing our best to develop obfuscation techniques that not only rely on managed code but also on native techniques. 8 | 9 | {% page-ref page="../protections/native-shield.md" %} 10 | 11 | This protection produces a fresh native executable file from your managed executable file. Given the fact that you have now a native file, you are free to use any native packer / virtualization tools you want : 12 | 13 | * VMProtect 14 | * Themida 15 | * X86 Virtualizer 16 | * PELock 17 | 18 | Usage of native packer / virtualization tools can help to reduce the possibility of your program being cracked / de-obfuscated / unpacked. 19 | 20 | {% hint style="warning" %} 21 | If a compatibility issue happens when using their software, please contact them because only they can fix their respective software. 22 | {% endhint %} 23 | 24 | -------------------------------------------------------------------------------- /f.a.q/obfuscated-file/protected-file-is-detected-as-a-virus.md: -------------------------------------------------------------------------------- 1 | # Protected file is detected as a virus ? 2 | 3 | ![](../../.gitbook/assets/icons8-supprimer-shield-64.png) 4 | 5 | NETGuard.IO Obfuscator uses state-of-the-art techniques to scramble your original code and ensure decompiled code is hard to understand. 6 | 7 | "Standard" .NET code is well-known from Antiviruses database,became some malware hides themself from antivirus the same way, so when one .NET file comes with non-standard code and anti debugging / runtime memory edition, some Antivirus might get triggered. 8 | 9 | You shall contact Antivirus false positive report system :ans ask them to remove the false detection\(s\) on your protected file. Note that they will ask you to send them the file. 10 | 11 | Here are some of the most-used antivirus false report service : 12 | 13 | * [ ] Kasperskpy : [https://virusdesk.kaspersky.com/\#scanresults](https://virusdesk.kaspersky.com/#scanresults) 14 | * [ ] Avast : [https://www.avast.com/en-us/false-positive-file-form.php](https://www.avast.com/en-us/false-positive-file-form.php) 15 | * [ ] Windows Defender : [https://www.microsoft.com/en-us/wdsi/filesubmission](https://www.microsoft.com/en-us/wdsi/filesubmission) 16 | * [ ] Bitdefender : [https://www.bitdefender.com/submit/](https://www.bitdefender.com/submit/) 17 | 18 | ![False detection submission reply from Microsoft Security Intelligence ](../../.gitbook/assets/vwva0ya.png) 19 | 20 | {% hint style="info" %} 21 | If you got issue with any of these services please contact our technical support ! 22 | {% endhint %} 23 | 24 | -------------------------------------------------------------------------------- /f.a.q/payment/netguard.io-token.md: -------------------------------------------------------------------------------- 1 | # What is a 'token' ? 2 | 3 | ![](../../.gitbook/assets/icons8-sac-d-and-39-argent-64.png) 4 | 5 | ## All NETGuard pricing plans include a pay-per-use option that use Token as virtual currency 6 | 7 | It means that you will **only pay for what you use**, you will not be charged monthly and pay for days when you want to obfuscate your file only once in a while. 8 | 9 | `A token is a digital coin that you spare in order to unlock the premium statu, and therefore be able to select premium obfuscation techniques.` 10 | 11 | That means **you can select as many obfuscation features as you want**, in the end you will always pay only one token per file. 12 | 13 | Let's take an exemple with an imaginary program : 14 | 15 | | Filename | MD5 | Token cost | 16 | | :--- | :--- | :--- | 17 | | myFile v1.0.0.0 | 4D1D4F2CF85A8F1DB9966B5196570ECB | 1 | 18 | | myFile v1.0.0.0 | 4D1D4F2CF85A8F1DB9966B5196570ECB | 0 | 19 | | myFile v1.0.0.0 | 4D1D4F2CF85A8F1DB9966B5196570ECB | 0 | 20 | | myFile v1.0.0.1 | **D03EFD80B566869F7A526DC084B7E749** | 1 | 21 | | myFile v1.0.0.0 | 4D1D4F2CF85A8F1DB9966B5196570ECB | 1 | 22 | 23 | {% hint style="danger" %} 24 | **Edited files, even only one byte, are considered to be different !** 25 | {% endhint %} 26 | 27 | As you can see, **if the las file you try to protect has its MD5 the same as the current file you want to obfuscate, the token cost is null**. That is meant to easily fix compatibility issue with strong obfuscation features. 28 | 29 | However, **if you change / update the original file, its MD5 will change**, that is why **it will costs you a token**. 30 | 31 | -------------------------------------------------------------------------------- /protections/renaming-protection.md: -------------------------------------------------------------------------------- 1 | --- 2 | description: Rename all of your functions and properties smartly. 3 | --- 4 | 5 | # Name Protection 6 | 7 | ![](../.gitbook/assets/rename.png) 8 | 9 | ## Description 10 | 11 | Names are what hackers and reverse engineer looks for when they want to trace your code in a decompiler and infer meaning of your methods. NETGuard.IO renaming pattern uses real names grabbed from .NET Framework library files to confuse them. 12 | 13 | NETGuard.IO prevent the renaming of public members for library \(.dll\) files, while still renaming private and internal members. On executable \(.exe\) files NETGuard.IO apply a global renaming rules to rename every classes and methods in your project. 14 | 15 | Names are also used a decoding key for specific back-ground algorithm, therefore if the file got passed in de4dot and gets renamed, it will not run anymore. 16 | 17 | ## Code Exemple 18 | 19 | {% tabs %} 20 | {% tab title="BEFORE" %} 21 | ```csharp 22 | internal class LoginForm 23 | { 24 | public LoginForm(Action statu) 25 | { 26 | this.SessionStatu= statu; 27 | } 28 | private Action Sessio; 29 | } 30 | ``` 31 | {% endtab %} 32 | 33 | {% tab title="AFTER" %} 34 | ```csharp 35 | internal class TypeInitializationException 36 | { 37 | public TypeInitializationException(Action updateProgress) 38 | { 39 | this.DefaultDependencyAttribute = updateProgress; 40 | } 41 | private Action DefaultDependencyAttribute; 42 | } 43 | ``` 44 | {% endtab %} 45 | {% endtabs %} 46 | 47 | ## Obfuscation Impacts 48 | 49 | {% hint style="success" %} 50 | **Targets : Classes, Functions and Methods, Properties, Resources** 51 | {% endhint %} 52 | 53 | {% hint style="success" %} 54 | **Strenght :** ⭐⭐⭐⭐⭐ 55 | {% endhint %} 56 | 57 | {% hint style="danger" %} 58 | Make sure to mark JSON classes with the **\[Serialize\]** attribuute ! 59 | {% endhint %} 60 | 61 | -------------------------------------------------------------------------------- /netguard-desktop-app.md: -------------------------------------------------------------------------------- 1 | --- 2 | description: This is a quick tutorial on how to use our Desktop Application 3 | --- 4 | 5 | # NETGuard Desktop App 6 | 7 | {% hint style="info" %} 8 | This tutorial supposes you already have an account on NETGuard.IO ! 9 | {% endhint %} 10 | 11 | ## Download Link 12 | 13 | > [https://netguard.io/api/desktop\_app.7z](https://netguard.io/api/desktop_app.7z) 14 | 15 | {% hint style="warning" %} 16 | Our application is not digitally signed yet. Your antivirus might trigger false positive detection. 17 | {% endhint %} 18 | 19 | ## SETP 1 - VERY FIRST LOG IN 20 | 21 | Enter your username & password, then click "LOG IN" 22 | 23 | ![](.gitbook/assets/loginfrm.png) 24 | 25 | {% hint style="info" %} 26 | Note that you can activate "**AUTO LOGIN NEXT TIME**" 27 | {% endhint %} 28 | 29 | It will ask you for a secret key, you can find it on your online dashboard : 30 | 31 | ![Hold your mouse over the white dot to see your secret key](.gitbook/assets/d2bskq6.gif) 32 | 33 | ## STEP 2 - SELECT THE FILE 34 | 35 | Next please select if your file is "**EXECUTABLE**" \(.exe\) or "**LIBRARY"** \(.dll\) 36 | 37 | ![](.gitbook/assets/step2.png) 38 | 39 | Then click the select arrow like on the image and once its done please click **CONTINUE** 40 | 41 | ## STEP 3 - DEPENDENCIES 42 | 43 | You will see a list of external dependencies for your file. If you see one missing dependency, please contact us :-\) 44 | 45 | ![](.gitbook/assets/step3.png) 46 | 47 | If not, click **CONTINUE** 48 | 49 | ## STEP 4 - SELECT OBFUSCATION FEATURES 50 | 51 | ![ll](.gitbook/assets/step4.png) 52 | 53 | Select the features you want at the right side of the application \(the little white boxed\). 54 | 55 | {% hint style="info" %} 56 | If you have Beta membership you can click on "**SHOW BETA FEATURES**". 57 | {% endhint %} 58 | 59 | {% hint style="info" %} 60 | If you are premium member, you can click on "**SIMPLE MODE**" to have a more simple menu. 61 | {% endhint %} 62 | 63 | Once you are done, please click "**START OBFUSCATION**". Please wait for your file to be protected. 64 | 65 | -------------------------------------------------------------------------------- /protections/hide-call-protection.md: -------------------------------------------------------------------------------- 1 | --- 2 | description: 'Obscure and hide method calls, internal and external.' 3 | --- 4 | 5 | # Hide Call Protection 6 | 7 | ![](../.gitbook/assets/hidecall.png) 8 | 9 | ## Description 10 | 11 | Another thing that might reveal your sensitive code and how your program works is the Call Flow Graph of your application. The Call Flow of your program allow the hacker to trace the program flow trough all the methods in the classes. 12 | 13 | NETGuard engines will replace called method by proxy methods, and those proxy methods will be hidden and kept safe from lurking eyes using non-documented opcodes. 14 | 15 | ## Code Exemple 16 | 17 | {% tabs %} 18 | {% tab title="BEFORE" %} 19 | ```csharp 20 | Match match = (Match)obj; 21 | ListViewItem listViewItem = this.resultListView.Items.Add(match.ToString()); 22 | listViewItem.SubItems.Add(match.Index.ToString()); 23 | listViewItem.SubItems.Add(match.Length.ToString()); 24 | ``` 25 | {% endtab %} 26 | 27 | {% tab title="AFTER" %} 28 | ```csharp 29 | Match match = (Match)enumerator.Current; 30 | ListViewItem listViewItem = .ó\u00B2)\u00A5Ä(calli(System.Windows.Forms.ListView/ListViewItemCollection(), this.resultListView, .CrossAppDomainData[39]), .Ï\u0091\u00A5Hÿ(match)); 31 | .V\u000FèÌ\u00B7(calli(System.Windows.Forms.ListViewItem/ListViewSubItemCollection(), listViewItem, .CrossAppDomainData[44]), calli(System.Int32(), match, .CrossAppDomainData[45]).ToString()); 32 | .V\u000FèÌ\u00B7(calli(System.Windows.Forms.ListViewItem/ListViewSubItemCollection(), listViewItem, .CrossAppDomainData[44]), calli(System.Int32(), match, .CrossAppDomainData[46]).ToString()); 33 | ``` 34 | {% endtab %} 35 | {% endtabs %} 36 | 37 | ## Obfuscation Impacts 38 | 39 | {% hint style="success" %} 40 | **Targets : Methods and Functions** 41 | {% endhint %} 42 | 43 | {% hint style="success" %} 44 | **Strenght :** ⭐⭐⭐ 45 | {% endhint %} 46 | 47 | {% hint style="success" %} 48 | **This protection will prevent any static analysis and trace tools from working because it replace the opcode used by decompilers to trace the code** 49 | {% endhint %} 50 | 51 | -------------------------------------------------------------------------------- /SUMMARY.md: -------------------------------------------------------------------------------- 1 | # Table of contents 2 | 3 | * [NETGuard.IO - Help Desk](README.md) 4 | * [Getting started](getting-started.md) 5 | * [Obfuscation Features](protections/README.md) 6 | * [MSIL Code Encryption](protections/msil-code-encryption.md) 7 | * [Constants Protection](protections/protections-of-constants.md) 8 | * [DRM Protection](protections/drm-protection.md) 9 | * [Hide Call Protection](protections/hide-call-protection.md) 10 | * [Code Flow Protection](protections/code-flow-protection.md) 11 | * [Name Protection](protections/renaming-protection.md) 12 | * [Anti Debug Protection](protections/anti-debugger-protection.md) 13 | * [Anti Dump Protection](protections/anti-dump.md) 14 | * [Native Shield Protection](protections/native-shield.md) 15 | * [F.A.Q](f.a.q/README.md) 16 | * [Payment](f.a.q/payment/README.md) 17 | * [Pricing Plans](f.a.q/payment/pricing-plans-explained.md) 18 | * [What are the payment methods ?](f.a.q/payment/what-payment-method-is-available.md) 19 | * [I don't use this service anymore, refund ?](f.a.q/payment/i-dont-use-this-service-anymore-refund.md) 20 | * [What is a 'token' ?](f.a.q/payment/netguard.io-token.md) 21 | * [Obfuscation failed, refund ?](f.a.q/payment/obfuscation-failed-refund.md) 22 | * [Obfuscated file](f.a.q/obfuscated-file/README.md) 23 | * ["Could not create SSL/TLS secure channel" error](f.a.q/obfuscated-file/could-not-create-ssl-tls-secure-channel-error.md) 24 | * [Protected file is detected as a virus ?](f.a.q/obfuscated-file/protected-file-is-detected-as-a-virus.md) 25 | * [Personal Data](f.a.q/personal-data/README.md) 26 | * [Is my personal data safe ?](f.a.q/personal-data/is-my-personal-data-safe.md) 27 | * [NETGuard Desktop App](netguard-desktop-app.md) 28 | * [Obfuscation Tips](obfuscation-tips/README.md) 29 | * [Updating my protected file ?](obfuscation-tips/protecting-the-same-file-multiple-times.md) 30 | * [Program that uses JSON data](obfuscation-tips/protect-programs-that-uses-json.md) 31 | * [Protect multi-threading tasks](obfuscation-tips/protect-multi-threading-tasks.md) 32 | * [You also use VMProtect ?](obfuscation-tips/you-also-use-vmprotect.md) 33 | * [Adding more security ?](obfuscation-tips/adding-more-security.md) 34 | 35 | -------------------------------------------------------------------------------- /f.a.q/personal-data/is-my-personal-data-safe.md: -------------------------------------------------------------------------------- 1 | # Is my personal data safe ? 2 | 3 | ![](../../.gitbook/assets/icons8-appareil-photo-mural-prive-64.png) 4 | 5 | ## Privacy is the most important concern of the 21th century 6 | 7 | Obfuscation and privacy both aim at allowing the target to be safe from mean people and abusers. In a way, obfuscating your file allow you to make your project code privacy higher than before. 8 | 9 | Due to the fact that the Reverse Engineering scene has become something very toxic and harmful, while we obviously need to be present to watch what happens in the field of obfuscation, we decided to give ourselves some control over the usage of NETGuard Obfuscator; 10 | 11 | A few users with bad intentions were using our service to obfuscate target and then code some tools and scripts to try to automate the process of de-obfuscation. Some were also using our service to protect the source code of malware. 12 | 13 | {% hint style="success" %} 14 | We do not allow illegal code to be protected using our service 15 | {% endhint %} 16 | 17 | To that extent, we decided to introduce some sort of detection engines within our obfuscation engines. It means that everytime you obfuscate a file, the server will produce a synthesis of different scans ran during the obfuscation process. This gather data on your file such as it's PE characteristics, it's MD5, it's date of creation, a neuronal network for discrimination analysis on your program's purpose, the name of your methods and classes and properties, the name of the external libraries your program uses, the discrimination analysis on the external libraries your program uses. 18 | 19 | As you can see, we gather a lot of data, but keep in mind that to allow us to obfuscate your file, we do need complete access over the compiled binary, we will never ask you for the source code of your projects to make you obfuscate them. The obfuscation engines execute some \(de\)optimization routine and therefore needs read and write access to your program compiled file, and since c\# is not compiled to machine code but is compiled to MSIL, anyone can access the MSIL level with dnlib or mono.cecil libraries for instance. 20 | 21 | The data we gather is exclusively used to make your user and customer experience better, we will never sell your data, we have been building a strong community since 2014 and we are proud to have this community even today. We offer you the chance to protect your source code against malicious users. 22 | 23 | {% hint style="success" %} 24 | We use strong encryption to protect all of your personal data on our servers. 25 | {% endhint %} 26 | 27 | -------------------------------------------------------------------------------- /f.a.q/payment/pricing-plans-explained.md: -------------------------------------------------------------------------------- 1 | # Pricing Plans 2 | 3 | ![](../../.gitbook/assets/icons8-sac-dargent-yen-64.png) 4 | 5 | ## BASIC PLAN 6 | 7 | {% tabs %} 8 | {% tab title="PAY-PER-USE" %} 9 | ### Basic Plan 10 | 11 | > Perfect if you want to try our code obfuscation or stick with simplicity. 12 | 13 | {% hint style="success" %} 14 | ## **$5** for 2 tokens 15 | {% endhint %} 16 | 17 | ### **Features of Basic Plan** 18 | 19 | * Access to all premium features 20 | * Premium 24/7 support 21 | * 1 security audit for all your projects 22 | {% endtab %} 23 | 24 | {% tab title="PAY MONTHLY" %} 25 | ### Basic Plan 26 | 27 | > Perfect if you want to try our code obfuscation or stick with simplicity. 28 | 29 | {% hint style="success" %} 30 | ## **$50** per month 31 | {% endhint %} 32 | 33 | ### **Features of Basic Plan** 34 | 35 | * Access to all premium features 36 | * Premium 24/7 support 37 | * 1 security audit for all your projects 38 | {% endtab %} 39 | {% endtabs %} 40 | 41 | 42 | 43 | ## STANDARD PLAN 44 | 45 | {% tabs %} 46 | {% tab title="PAY-PER-USE" %} 47 | ### Standard Plan 48 | 49 | > Suitable to deploy your project with ease and keep decompilers at bay 50 | 51 | {% hint style="success" %} 52 | ## $32 for 30 tokens 53 | {% endhint %} 54 | 55 | ### **Features of Standard Plan** 56 | 57 | * All Basic Plan features 58 | * Native Virtualization 59 | * DRM Protection 60 | {% endtab %} 61 | 62 | {% tab title="PAY MONTHLY" %} 63 | ### Standard Plan 64 | 65 | > Suitable to deploy your project with ease and keep decompilers at bay 66 | 67 | {% hint style="success" %} 68 | ## $120 for 3 months 69 | {% endhint %} 70 | 71 | ### **Features of Standard Plan** 72 | 73 | * All Basic Plan features 74 | * Native Virtualization 75 | * DRM Protection 76 | {% endtab %} 77 | {% endtabs %} 78 | 79 | 80 | 81 | ## EXTENDED PLAN 82 | 83 | {% tabs %} 84 | {% tab title="PAY-PER-USE" %} 85 | ### Extended Plan 86 | 87 | > For big projects that need continous rock-solid obfuscation integration. 88 | 89 | {% hint style="success" %} 90 | ## $49 for 40 tokens 91 | {% endhint %} 92 | 93 | ### **Features of Extended Plan** 94 | 95 | * All Standard Plan features 96 | * Access to Beta features 97 | * RESTful API access from your program 98 | {% endtab %} 99 | 100 | {% tab title="PAY MONTHLY" %} 101 | 102 | 103 | ### Extended Plan 104 | 105 | > For big projects that need continous rock-solid obfuscation integration. 106 | 107 | {% hint style="success" %} 108 | ## $550 for 1 year 109 | {% endhint %} 110 | 111 | ### **Features of Extended Plan** 112 | 113 | * All Standard Plan features 114 | * Access to Beta features 115 | * RESTful API access from your program 116 | {% endtab %} 117 | {% endtabs %} 118 | 119 | -------------------------------------------------------------------------------- /protections/drm-protection.md: -------------------------------------------------------------------------------- 1 | --- 2 | description: Put sensitive data on our servers 3 | --- 4 | 5 | # DRM Protection 6 | 7 | 8 | 9 | ![](../.gitbook/assets/cloud-development.png) 10 | 11 | ## Description 12 | 13 | Your sensitive strings can be at risk if some malicious user wants to steal them by performing static or dynamic analysis of your file. **⛔** 14 | 15 | With the DRM Protection, NETGuard.IO will encrypt your strings with a strong Advanced Encryption Standard algorithm, and the decoding key will be stored safely on our servers. **🚀** When launched, your obfuscated file will download the decoding key on our server's endpoint. The endpoint logs IP addresses of people that access it, this will allow us to offer you a white-list option in the near future **🍀** 16 | 17 | Due to the nature of the protection, your file will always need internet access once DRM Protection is applied. Also if our servers goes down, even temporarily, your file will not be able to run properly \(we use a DDOS-protected hosting service to prevent that\). 18 | 19 | {% hint style="danger" %} 20 | This protection needs your file to access the internet to run properly . 21 | {% endhint %} 22 | 23 | {% hint style="success" %} 24 | This protection logs IPs of whoever access your file, and prevents known hackers from doing anything harmfull to your code. 25 | {% endhint %} 26 | 27 | {% hint style="success" %} 28 | This protection serves an anti-cracking purpose. 29 | {% endhint %} 30 | 31 | ## Code exemple 32 | 33 | {% tabs %} 34 | {% tab title="BEFORE" %} 35 | ```csharp 36 | // RegExTester.frmMain 37 | // Token: 0x06000033 RID: 51 RVA: 0x00002222 File Offset: 0x00000422 38 | private void ignoreCaseButton_Click(object sender, EventArgs e) 39 | { 40 | MessageBox.Show("This option makes the RegEx case-insensitive which means that 'a' and 'A' are treated as the same letter.", "Ignore Case Option", MessageBoxButtons.OK, MessageBoxIcon.Asterisk); 41 | } 42 | ``` 43 | {% endtab %} 44 | 45 | {% tab title="AFTER" %} 46 | ```csharp 47 | // RegExTester.frmMain 48 | // Token: 0x06000033 RID: 51 RVA: 0x000021C7 File Offset: 0x000003C7 49 | private void ignoreCaseButton_Click(object sender, EventArgs e) 50 | { 51 | MessageBox.Show(Koi.getKarp("HoPnc8iEHXZiG4yAYv7ub7E/irj4JucpI/NNYV5zC52B4wsVsWx6897F7ZJZ2oVyXQXHp5Htu6GlX7MVQSuASYDzz3lnmbTIGhwnDLieOb28DRnRawMJYpGNn1yaliGt3QMoXT6OFUUbu3DfnmTaDA=="), Koi.getKarp("aKNq8EST20T9rgy4gnKECEKIO7HsEgJbn6BAXN69ZBM="), MessageBoxButtons.OK, MessageBoxIcon.Asterisk); 52 | } 53 | ``` 54 | {% endtab %} 55 | {% endtabs %} 56 | 57 | ### Obfuscation Impacts 58 | 59 | {% hint style="success" %} 60 | **Targets : Methods** 61 | {% endhint %} 62 | 63 | {% hint style="success" %} 64 | **Strenght :** ⭐⭐⭐⭐ 65 | {% endhint %} 66 | 67 | {% hint style="info" %} 68 | **This protection's strenght increases when selected with** [_**MSIL Coce Encryption**_](msil-code-encryption.md) **and** [_**Constants Protection**_](protections-of-constants.md)_\*\*\*\*_ 69 | {% endhint %} 70 | 71 | -------------------------------------------------------------------------------- /protections/code-flow-protection.md: -------------------------------------------------------------------------------- 1 | --- 2 | description: Split functions in blocks and obscure the way they are executed. 3 | --- 4 | 5 | # Code Flow Protection 6 | 7 | ![](../.gitbook/assets/codeflow.png) 8 | 9 | ## Description 10 | 11 | The goal of this protection is to "spaghettify " the code execution flow while keeping its original functionality. That means the code should execute the same original tasks and instructions while providing a numbers of new proxy flow within the method. 12 | 13 | The new method flow is meant to prevent hackers from understanding the method flow with ease. NETGuard uses VirtualMachine-based obfuscation techniques to protect the code flow stack value. 14 | 15 | ## Code Exemple 16 | 17 | {% tabs %} 18 | {% tab title="BEFORE" %} 19 | ```csharp 20 | // RegExTester.frmMain 21 | // Token: 0x06000033 RID: 51 RVA: 0x00003548 File Offset: 0x00002548 22 | private void testButton_Click(object sender, EventArgs e) 23 | { 24 | if (this.testButton.Text == "Test [F5]") 25 | { 26 | this.StartTest(); 27 | return; 28 | } 29 | if (this.testButton.Text == "Stop [Esc]") 30 | { 31 | this.AbortTest(); 32 | } 33 | } 34 | ``` 35 | {% endtab %} 36 | 37 | {% tab title="AFTER" %} 38 | ```csharp 39 | // RegExTester.frmMain 40 | // Token: 0x06000039 RID: 57 RVA: 0x000069D4 File Offset: 0x00004BD4 41 | private void testButton_Click(object sender, EventArgs e) 42 | { 43 | if (this.testButton.Text == "Test [F5]") 44 | { 45 | goto IL_20; 46 | } 47 | goto IL_F5; 48 | int num2; 49 | int num4; 50 | for (;;) 51 | { 52 | IL_2B: 53 | int num = num2; 54 | uint num3; 55 | switch ((num3 = (uint)((~(~num) * -1298256071 ^ 691573724) - 2137251886 + num4)) % 6u) 56 | { 57 | case 0u: 58 | goto IL_F5; 59 | case 2u: 60 | return; 61 | case 3u: 62 | goto IL_20; 63 | case 4u: 64 | this.StartTest(); 65 | num2 = (int)(num3 ^ 548416123u ^ 507462520u); 66 | num4 = (int)Program.CALLCONV[62]; 67 | continue; 68 | case 5u: 69 | this.AbortTest(); 70 | num2 = (int)(num3 - 4138857096u ^ 1633831253u); 71 | num4 = (int)Program.CALLCONV[63]; 72 | continue; 73 | } 74 | break; 75 | } 76 | return; 77 | IL_20: 78 | num4 = 1904912783; 79 | num2 = -826226997; 80 | goto IL_2B; 81 | IL_F5: 82 | num2 = ((!(this.testButton.Text == "Stop [Esc]")) ? -2143424651 : -1760466103); 83 | num4 = -1100246372; 84 | goto IL_2B; 85 | } 86 | ``` 87 | {% endtab %} 88 | {% endtabs %} 89 | 90 | ## Obfuscation Impacts 91 | 92 | {% hint style="success" %} 93 | **Targets : Methods and Functions** 94 | {% endhint %} 95 | 96 | {% hint style="success" %} 97 | **Strenght :** ⭐⭐⭐⭐ 98 | {% endhint %} 99 | 100 | {% hint style="danger" %} 101 | **Multi-threading tasks should be marked as excluded from the obfuscation process due to the nature of the protection that adds too much code to keep insane speed in multi-threading code.** 102 | {% endhint %} 103 | 104 | -------------------------------------------------------------------------------- /protections/protections-of-constants.md: -------------------------------------------------------------------------------- 1 | --- 2 | description: 'Encrypt strings, numbers and arrays, and mutate result.' 3 | --- 4 | 5 | # Constants Protection 6 | 7 | ![](../.gitbook/assets/constantencryption.png) 8 | 9 | ## Strings 10 | 11 | ### Description 12 | 13 | NETGuard offers to encode and encrypt string-based data. Strings are first encrypted using professional standard encryption algorithm to prevent any leak of data. 14 | 15 | The encryption part partially relies on x86 machine code generated method to prevent decompilers to retrieve the code logic.Then the newly created piece of code is encoded using state of the art obfuscation techniques to prevent anyone from understanding the code. 16 | 17 | The second step actually mutates the code into a meaningless code that makes the method safe from hackers. 18 | 19 | ### Code Exemple 20 | 21 | {% tabs %} 22 | {% tab title="BEFORE" %} 23 | ```csharp 24 | this.contextStatusBarPanel.Text = string.Format("CLR {0}.{1}", Environment.Version.Major, Environment.Version.Minor); 25 | ``` 26 | {% endtab %} 27 | 28 | {% tab title="AFTER" %} 29 | ```csharp 30 | string s = string.Format(.SuppressMessageAttribute((uint)((6.0 * (double)num >= 10.0 + Math.Pow((double)num, 4.0) + (double)num * 6.0) ? ((int)((IntPtr)835599393)) : (-1774442645 - sizeof(ushort) - (int)Math.Floor(948.7677371109686))), (uint)((2.0 + Math.Sin((double)num2 * 1.0) >= 1.0) ? (-1401948064 - (int)Math.Floor(6649.3740176560232)) : ((int)((IntPtr)1008681497)))), NETGuardID, token); 31 | ``` 32 | {% endtab %} 33 | {% endtabs %} 34 | 35 | ## Numbers 36 | 37 | ### Description 38 | 39 | Numbers in your code can be very sensitive, and reveal a part of your keys. With that in mind, NETGuard uses the same logic we can find in string protection for integers and other numbers : x86 method encoding, strong encryption of actual value coupled with number decomposition. 40 | 41 | ### Code Exemple 42 | 43 | {% tabs %} 44 | {% tab title="BEFORE" %} 45 | ```csharp 46 | int num = int.MinValue; 47 | int num2 = int.MinValue; 48 | int num3 = 0; 49 | int num4 = 0; 50 | ``` 51 | {% endtab %} 52 | 53 | {% tab title="AFTER" %} 54 | ```csharp 55 | uint num6 = (uint)((2.0 * (double)num5 >= 10.0 + Math.Pow((double)num5, 2.0) + (double)num5 * 2.0) ? 1900399322 : (-453298880 - Type.EmptyTypes.Length)); 56 | uint[] array3 = array; 57 | array3[(10.0 + Math.Pow((double)num4, 2.0) + (double)num4 * 7.0 >= 7.0 * (double)num4) ? ((int)((IntPtr)Type.EmptyTypes.Length)) : 311978074] = (uint)((4.0 * (double)num >= 10.0 + Math.Pow((double)num, 4.0) + (double)num * 4.0) ? (168811203 - sizeof(DateTime) + (int)Math.Floor(317.15675077594665)) : -1485681892); 58 | array3[(3.0 * (double)num >= 10.0 + Math.Pow((double)num, 4.0) + (double)num * 3.0) ? (1105999488 + (int)Math.Floor(9878.46086898421)) : (sizeof(.SafeCompressedStackHandle) + sizeof(byte) - sizeof(.SafeCompressedStackHandle))] = (uint)((6.0 >= 7.0 + Math.Sin((double)num2 * 2.0)) ? (218495996 + (int)Math.Floor(9878.4164446780542)) : (186488182 + Type.EmptyTypes.Length)); 59 | ``` 60 | {% endtab %} 61 | {% endtabs %} 62 | 63 | ### Obfuscation Impacts 64 | 65 | {% hint style="success" %} 66 | **Targets : Methods and Functions** 67 | {% endhint %} 68 | 69 | {% hint style="success" %} 70 | **Strenght :** ⭐⭐⭐⭐⭐ 71 | {% endhint %} 72 | 73 | {% hint style="info" %} 74 | **Some premium plans also have DRM Protection to put data used by the decoding routine usually stored in the file, on a safe remote server** 75 | {% endhint %} 76 | 77 | -------------------------------------------------------------------------------- /getting-started.md: -------------------------------------------------------------------------------- 1 | # Getting started 2 | 3 | ## How to access your NETGuard Dashboard 4 | 5 | To start using NETGuard.IO visit [https://netguard.io/panel/register.php](https://netguard.io/panel/register.php) . After registering and logging in to your account, you will be asked to create a new project or to manage your alread-existing ones in your personnal **Dashboard**. From here you will also be able to use the top-menu to visit your **Account Settings**, **Payments History** and **Obfuscation History**. 6 | 7 | ![Over your mouse on the 'New Project' box to create a new project](.gitbook/assets/001%20%281%29.png) 8 | 9 | ## Step 1 - Create a new NETGuard project 10 | 11 | By clicking on the '**New Project**' box you'll be prompted to fill in some informations to create the new project. You will need to enter **Your Application's Name**, and **A Little Description Of Your Application**. Then you are to select the compiled main project's file \(can be a .exe or a .dll file, only ONE file\). 12 | 13 | Once done the application box with automatically be filled with the new project you just created. Click on it to be sent to the Project **Obfuscation Settings** page. 14 | 15 | {% hint style="danger" %} 16 | Don't forget to fill in all the details if you want NETGuard to allow you to create the project 17 | {% endhint %} 18 | 19 | Initialy you can protect up to 6 different projects, and once you run out of projets to create, you can contact us so we can create new space on our servers for you. 20 | 21 | ![Fill in the information needed for your future project and select the main file](.gitbook/assets/002.png) 22 | 23 | ## Step 2 - Project Obfuscation Settings 24 | 25 | On this page you will be able to select **Obfuscation Settings** on the right, once clicked they will pop-up creating a list on the left on your screen. If you have a free plan you can select a minimum number of **Ofuscation Settings**, if you have any premium plans \(subscription or pay-per-use\) you can select everyone of them. When you are ready, click '**Obfuscate**'. 26 | 27 | On this page you will also be able to update your project main file. We only allow files bellow 8MB size. 28 | 29 | {% hint style="info" %} 30 | Some premium plans have special unlocked features. See [NETGuard.IO store](https://netguard.io/store.php) page for more informations. 31 | {% endhint %} 32 | 33 | {% hint style="success" %} 34 | The **ADVANCED MODE** is still under construction and will be available very soon ! 35 | {% endhint %} 36 | 37 | ![Select which settings you want to apply on your file](.gitbook/assets/003.png) 38 | 39 | ## **Step 3 - Missing Dependencies Page** 40 | 41 | In the case where your project relies on different external dependencies \(.dll library files\) you will be sent to the **Missing Dependencies Page**. On this page, you are only asked to select those external dependencies files so NETGuard can process the obfuscation task. Due to the nature of the process we are to ask you to agree to our Privacy Policy and Terms Of Use. 42 | 43 | After that you will be redirected to the **Obfuscation Output page** to download your protected file. 44 | 45 | ![Select your external dll files and accept our TOS/PP, and then click 'upload dependencies'](.gitbook/assets/004.png) 46 | 47 | ## Step 4 - Obfuscation Output Page 48 | 49 | On this page you will be able to download your obfuscated main file alone of with its original external dependencies, all packed in a .zip file \(Windows handle them by default\). This is conveniant in the case you have multiple versions of these external library dependencies. 50 | 51 | You have access to the selected features on the right, and the obfuscation engines log un the accordion menu. 52 | 53 | ![Download your protected file alone or including its external dependencies ](.gitbook/assets/005.png) 54 | 55 | If you have any questions or recommendations, please contact us [on our contact page](https://netguard.io/contact.php) and we will reply you back as soon as possible ! 56 | 57 | -------------------------------------------------------------------------------- /protections/msil-code-encryption.md: -------------------------------------------------------------------------------- 1 | --- 2 | description: MSIL code of each function is encrypted and decrypted at runtime. 3 | --- 4 | 5 | # MSIL Code Encryption 6 | 7 | ![](../.gitbook/assets/msilencryption.png) 8 | 9 | ### Description 10 | 11 | Preventing hackers from accessing your code is our main priority. NETGuard.IO extract your method's MSIL instructions and encrypt them, the given data is injected into your file's header. The data is decoded at runtime when a checksum is validated. That means hackers and crackers doing static analysis won't be able to fetch your code. 12 | 13 | {% hint style="warning" %} 14 | This protection produces unverifiable modules. 15 | {% endhint %} 16 | 17 | {% hint style="success" %} 18 | This protection serves an anti tampering purpose. 19 | {% endhint %} 20 | 21 | {% hint style="success" %} 22 | This protection includes simple anti debugging checksum. 23 | {% endhint %} 24 | 25 | ## Code exemple 26 | 27 | {% tabs %} 28 | {% tab title="BEFORE" %} 29 | ```csharp 30 | // RegExTester.Program 31 | // Token: 0x0600002F RID: 47 RVA: 0x00003417 File Offset: 0x00002417 32 | [STAThread] 33 | private static void Main() 34 | { 35 | Application.EnableVisualStyles(); 36 | Application.SetCompatibleTextRenderingDefault(false); 37 | Application.Run(new frmMain()); 38 | } 39 | ``` 40 | {% endtab %} 41 | 42 | {% tab title="AFTER" %} 43 | ```csharp 44 | // RegExTester.Program 45 | // Token: 0x0600002F RID: 47 RVA: 0x00003417 File Offset: 0x00002417 46 | [STAThread] 47 | private static void Main() 48 | { 49 | /* 50 | An exception occurred when decompiling this method (0600000A) 51 | 52 | ICSharpCode.Decompiler.DecompilerException: Error decompiling System.Void _test.Program::.ctor() 53 | ---> System.ArgumentOutOfRangeException: Non-negative number required. 54 | Parameter name: length 55 | at System.Array.Copy(Array sourceArray, Int32 sourceIndex, Array destinationArray, Int32 destinationIndex, Int32 length, Boolean reliable) 56 | at System.Array.Copy(Array sourceArray, Array destinationArray, Int32 length) 57 | at ICSharpCode.Decompiler.ILAst.ILAstBuilder.StackSlot.ModifyStack(StackSlot[] stack, Int32 popCount, Int32 pushCount, ByteCode pushDefinition) in C:\projects\dnspy\Extensions\ILSpy.Decompiler\ICSharpCode.Decompiler\ICSharpCode.Decompiler\ILAst\ILAstBuilder.cs:line 50 58 | at ICSharpCode.Decompiler.ILAst.ILAstBuilder.StackAnalysis(MethodDef methodDef) in C:\projects\dnspy\Extensions\ILSpy.Decompiler\ICSharpCode.Decompiler\ICSharpCode.Decompiler\ILAst\ILAstBuilder.cs:line 373 59 | at ICSharpCode.Decompiler.ILAst.ILAstBuilder.Build(MethodDef methodDef, Boolean optimize, DecompilerContext context) in C:\projects\dnspy\Extensions\ILSpy.Decompiler\ICSharpCode.Decompiler\ICSharpCode.Decompiler\ILAst\ILAstBuilder.cs:line 264 60 | at ICSharpCode.Decompiler.Ast.AstMethodBodyBuilder.CreateMethodBody(IEnumerable`1 parameters, MethodDebugInfoBuilder& builder) in C:\projects\dnspy\Extensions\ILSpy.Decompiler\ICSharpCode.Decompiler\ICSharpCode.Decompiler\Ast\AstMethodBodyBuilder.cs:line 105 61 | at ICSharpCode.Decompiler.Ast.AstMethodBodyBuilder.CreateMethodBody(MethodDef methodDef, DecompilerContext context, IEnumerable`1 parameters, Boolean valueParameterIsKeyword, StringBuilder sb, MethodDebugInfoBuilder& stmtsBuilder) in C:\projects\dnspy\Extensions\ILSpy.Decompiler\ICSharpCode.Decompiler\ICSharpCode.Decompiler\Ast\AstMethodBodyBuilder.cs:line 83 62 | --- End of inner exception stack trace --- 63 | at ICSharpCode.Decompiler.Ast.AstMethodBodyBuilder.CreateMethodBody(MethodDef methodDef, DecompilerContext context, IEnumerable`1 parameters, Boolean valueParameterIsKeyword, StringBuilder sb, MethodDebugInfoBuilder& stmtsBuilder) in C:\projects\dnspy\Extensions\ILSpy.Decompiler\ICSharpCode.Decompiler\ICSharpCode.Decompiler\Ast\AstMethodBodyBuilder.cs:line 87 64 | at ICSharpCode.Decompiler.Ast.AstBuilder.CreateMethodBody(MethodDef method, IEnumerable`1 parameters, Boolean valueParameterIsKeyword, MethodKind methodKind, MethodDebugInfoBuilder& builder) in C:\projects\dnspy\Extensions\ILSpy.Decompiler\ICSharpCode.Decompiler\ICSharpCode.Decompiler\Ast\AstBuilder.cs:line 1358 65 | 66 | */; 67 | } 68 | ``` 69 | {% endtab %} 70 | {% endtabs %} 71 | 72 | ### Obfuscation Impacts 73 | 74 | {% hint style="success" %} 75 | **Targets : Assembly** 76 | {% endhint %} 77 | 78 | {% hint style="success" %} 79 | **Strenght :** ⭐⭐⭐⭐ 80 | {% endhint %} 81 | 82 | {% hint style="danger" %} 83 | **This protection produces unverifiable modules.** 84 | {% endhint %} 85 | 86 | --------------------------------------------------------------------------------