UniShield
June 29, 2023 ยท View on GitHub
Deobfuscator for NetShield Protector
Notes
This tool does not have anything to do with DNGuard, if you want to send me a message, make sure your sample was obfuscated with the obfuscator linked above.
All 3 Licensing Protections use encryption, UniShield only extract the encrypted data & tries to decrypt with what's available.
(they're stupid protections anyway)
Some protections that NetShield Uses are from MindLated.
If for some reason UniShield doesn't support a protection, try LostMyMisoSoup instead
The CFlow Protection currently present in UniShield is outdated, It only currently works with NetShield v1.0
(caused by blocks being randomised after the mentioned version)
Supported Protections
| Name | Status | Known Version Supported |
|---|---|---|
| Licensing - HWID Locked (Computer) | Fully Supported, Requires valid Hardware | 1.0 -> 1.3.3 |
| Licensing - HWID Locked (Removable Device) | Fully Supported, Requires valid Removable Device | 1.0 -> 1.3.3 |
| Licensing - License Locked | Fully Supported, Requires valid License | 1.0 -> 1.3.3 |
| Calli | Fully Supported | 1.3.3 |
| Anti-ILDasm | Fully Supported | 1.2 -> 1.3.3 |
| Int Confusion | Fully Supported | 1.2 -> 1.3.3 |
| Base64 String Encoding | Fully Supported | 1.0 -> 1.3.3 |
| Anti-De4Dots | Fully Supported | 1.0 -> 1.3.3 |
| Fake Attributes | Fully Supported | 1.0 -> 1.3.3 |
| Junk Types | Fully Supported | 1.0 -> 1.3.3 |
| CFlow | Well Supported for NetShield Protector v1.0, needs support for randomised Blocks. | 1.0 only |
Screenshots
v1.2.1
v1.2
v1.1
v1.0
Changelog
v1.2.1
- Fixed Stability Issue in Base64 Cleanup - Added Support for New Licensing Packing
v1.2
- Improved Base64 String Cleanup - Added Support for Calli Instructions - Added In-app Updater
v1.1
- Slight Optimisations - Added `MinimalLayout` in Configuration File - Improves processing speed by a lot - Fixed File Loading Issues - Added Processing Counter
Misc
Default Configuration File (config.txt) - v1.2
[Rendering] // Can get laggy if turned on DetailedLog = 0 // Basic Rendering, Recommended if a large file has to be processed MinimalLayout = 0 [Misc] UseCustomFileBrowser = 1 [Protections] // Renaming not supported since names are randomised // You might need to do some small manual work to have the protected application running after cleaning CFlow. Base64Strings = 1 Packed_RemovableDrive = 1 Packed_ComputerHWID = 1 Packed_LicenseFile = 1 AntiDe4Dots = 1 FakeAttribs = 1 JunkMethods = 1 ILDasm = 1 CFlow = 1 IntConfusion = 1 Callis = 1
Default Configuration File (config.txt) - v1.1
[Rendering] // Can get laggy if turned on DetailedLog = 0 // Basic Rendering, Recommended if a large file has to be processed MinimalLayout = 0 [Misc] UseCustomFileBrowser = 1 [Protections] // Renaming not supported since names are randomised // You might need to do some small manual work to have the protected application running after cleaning CFlow. Base64Strings = 1 Packed_RemovableDrive = 1 Packed_ComputerHWID = 1 Packed_LicenseFile = 1 AntiDe4Dots = 1 FakeAttribs = 1 JunkMethods = 1 ILDasm = 1 CFlow = 1 IntConfusion = 1
Default Configuration File (config.txt) - v1.0
[Rendering] // Can get laggy if turned on DetailedLog = 0 [Misc] UseCustomFileBrowser = 1 [Protections] // Renaming not supported since names are randomised // You might need to do some small manual work to have the protected application running after cleaning CFlow. Base64Strings = 1 Packed_RemovableDrive = 1 Packed_ComputerHWID = 1 Packed_LicenseFile = 1 AntiDe4Dots = 1 FakeAttribs = 1 JunkMethods = 1 ILDasm = 1 CFlow = 1 IntConfusion = 1
Default Preset File (preset.txt) - v1.2.1
[TextEncoding] Encoding_GetUTF8 = System.Text,Encoding,get_UTF8 Encoding_GetAscii = System.Text,Encoding,get_ASCII Encoding_GetBytes = System.Text,Encoding,GetBytes [Cryptography] DecodeBase64String = System,Convert,FromBase64String SymmetricAlgorithm_Decryptor = System.Security.Cryptography,SymmetricAlgorithm,CreateDecryptor HMACSHA256_HashGen = System.Security.Cryptography,HMACSHA256 SHA256_CryptoService = System.Security.Cryptography,SHA256CryptoServiceProvider [ILDasm] SupressIldasmAttribute = System.Runtime.CompilerServices,SuppressIldasmAttribute
Default Preset File (preset.txt) - v1.2
[TextEncoding] Encoding_GetUTF8 = System.Text,Encoding,get_UTF8 Encoding_GetAscii = System.Text,Encoding,get_ASCII Encoding_GetBytes = System.Text,Encoding,GetBytes [Encryption] SymmetricAlgorithm_Decryptor = System.Security.Cryptography,SymmetricAlgorithm,CreateDecryptor HMACSHA256_HashGen = System.Security.Cryptography,HMACSHA256 SHA256_CryptoService = System.Security.Cryptography,SHA256CryptoServiceProvider [ILDasm] SupressIldasmAttribute = System.Runtime.CompilerServices,SuppressIldasmAttribute
Default Preset File (preset.txt) - v1.0 & v1.1
[TextEncoding] Encoding_GetAscii = System.Text,Encoding,get_ASCII Encoding_GetBytes = System.Text,Encoding,GetBytes [Encryption] SymmetricAlgorithm_Decryptor = System.Security.Cryptography,SymmetricAlgorithm,CreateDecryptor HMACSHA256_HashGen = System.Security.Cryptography,HMACSHA256 SHA256_CryptoService = System.Security.Cryptography,SHA256CryptoServiceProvider [ILDasm] SupressIldasmAttribute = System.Runtime.CompilerServices,SuppressIldasmAttribute
Default Image (drawing.png)
(Right click -> Save Image as...)
Update Icon (info.png)
(Right click -> Save Image as...)
Credits
- Washi - OldRod (ConsoleAsciiImage)
- DevT02 - Junk Remover (Useless NOP Remover)
- wtfsck/0xd4d - dnlib
- AhmedMinegames - NetShield Protector
- Igor Pavlov - 7-Zip