DllObfuscation

1.1

DllObfuscation.ps1

                                
<#PSScriptInfo

.VERSION 1.1

.GUID bf3eb691-da27-49bf-928a-64e56d0b7afc

.AUTHOR Chris.D.

.COMPANYNAME .

.COPYRIGHT 2020

.TAGS Obfuscation,DllSecurity,Security,Dll,DllHide,DllObfuscate,Obfuscate,HideDll,Obscure

.LICENSEURI

.PROJECTURI

.ICONURI

.EXTERNALMODULEDEPENDENCIES 

.REQUIREDSCRIPTS

.EXTERNALSCRIPTDEPENDENCIES

.RELEASENOTES

.PRIVATEDATA

#>

<# 

.DESCRIPTION 

 Simple dll file obfuscation with various levels of security, using Confuser.

#> 

Param()

$execobf = [ScriptBlock]{

[string[]]$config = @("$(Resolve-Path .)","A.Module.Name.dll");

[int]$obflvl = $(Read-Host "Enter an obfuscation option [0-4]"); #0 - Level0 obf. debuggable, 1 - Level1 obf. debuggable-noil, 2 - Level2 obf. not debuggable, 3 - Level3 obf. not mergable, 4 - Level4 obf. not usable

$ops = @'

PHByb2plY3Qgb3V0cHV0RGlyPSJ7T1VURElSfSIgYmFzZURpcj0ie0JBU0VESVJ9IiBkZWJ1Zz0idHJ1ZSIgeG1sbnM9Imh0dHA6Ly9jb25mdXNlci5jb2RlcGxleC5jb20iPg0KICA8bW9kdWxlIHBhdGg9IntNT0RVTEV9Ij4NCiAgPHJ1bGUgcGF0dGVybj0idHJ1ZSIgaW5oZXJpdD0iZmFsc2UiIC8+DQogIDwvbW9kdWxl

Pg0KPC9wcm9qZWN0Pg==;

PHByb2plY3Qgb3V0cHV0RGlyPSJ7T1VURElSfSIgYmFzZURpcj0ie0JBU0VESVJ9IiBkZWJ1Zz0idHJ1ZSIgeG1sbnM9Imh0dHA6Ly9jb25mdXNlci5jb2RlcGxleC5jb20iPg0KICA8bW9kdWxlIHBhdGg9IntNT0RVTEV9Ij4NCiAgICA8cnVsZSBwYXR0ZXJuPSJ0cnVlIiBpbmhlcml0PSJmYWxzZSI+DQogICAgICA8cHJv

dGVjdGlvbiBpZD0iYW50aSBpbGRhc20iLz4NCiAgICA8L3J1bGU+DQogIDwvbW9kdWxlPg0KPC9wcm9qZWN0Pg==;

PHByb2plY3Qgb3V0cHV0RGlyPSJ7T1VURElSfSIgYmFzZURpcj0ie0JBU0VESVJ9IiB4bWxucz0iaHR0cDovL2NvbmZ1c2VyLmNvZGVwbGV4LmNvbSI+DQogIDxtb2R1bGUgcGF0aD0ie01PRFVMRX0iPg0KICAgIDxydWxlIHBhdHRlcm49InRydWUiIHByZXNldD0iYWdncmVzc2l2ZSIgaW5oZXJpdD0iZmFsc2UiPg0KICAg

ICAgPHByb3RlY3Rpb24gaWQ9ImFudGkgaWxkYXNtIiAvPg0KICAgICAgPHByb3RlY3Rpb24gaWQ9ImFudGkgZHVtcCIgLz4NCiAgICAgIDxwcm90ZWN0aW9uIGlkPSJjb25zdGFudHMiIC8+DQogICAgPC9ydWxlPg0KICA8L21vZHVsZT4NCjwvcHJvamVjdD4=;

PHByb2plY3Qgb3V0cHV0RGlyPSJ7T1VURElSfSIgYmFzZURpcj0ie0JBU0VESVJ9IiB4bWxucz0iaHR0cDovL2NvbmZ1c2VyLmNvZGVwbGV4LmNvbSI+DQogIDxtb2R1bGUgcGF0aD0ie01PRFVMRX0iPg0KICAgIDxydWxlIHBhdHRlcm49InRydWUiIHByZXNldD0iYWdncmVzc2l2ZSIgaW5oZXJpdD0iZmFsc2UiPg0KICAg

ICAgPHByb3RlY3Rpb24gaWQ9ImFudGkgdGFtcGVyIiAvPg0KICAgIDwvcnVsZT4NCiAgPC9tb2R1bGU+DQo8L3Byb2plY3Q+;

PHByb2plY3Qgb3V0cHV0RGlyPSJ7T1VURElSfSIgYmFzZURpcj0ie0JBU0VESVJ9IiB4bWxucz0iaHR0cDovL2NvbmZ1c2VyLmNvZGVwbGV4LmNvbSI+DQogIDxtb2R1bGUgcGF0aD0ie01PRFVMRX0iPg0KICAgIDxydWxlIHBhdHRlcm49InRydWUiIHByZXNldD0iYWdncmVzc2l2ZSIgaW5oZXJpdD0iZmFsc2UiPg0KICAg

ICAgPHByb3RlY3Rpb24gaWQ9ImFudGkgaWxkYXNtIi8+DQogICAgICA8cHJvdGVjdGlvbiBpZD0iaW52YWxpZCBtZXRhZGF0YSIvPg0KICAgICAgPHByb3RlY3Rpb24gaWQ9ImFudGkgZHVtcCIvPg0KICAgICAgPHByb3RlY3Rpb24gaWQ9ImFudGkgdGFtcGVyIi8+DQogICAgICA8cHJvdGVjdGlvbiBpZD0iY29uc3RhbnRz

Ii8+DQogICAgICA8cHJvdGVjdGlvbiBpZD0icmVmIHByb3h5Ii8+DQogICAgICA8cHJvdGVjdGlvbiBpZD0icmVzb3VyY2VzIi8+DQogICAgICA8cHJvdGVjdGlvbiBpZD0icmVuYW1lIi8+DQogICAgPC9ydWxlPg0KICA8L21vZHVsZT4NCjwvcHJvamVjdD4=

'@ -isplit";" -ireplace "`r`n","";

if ($obflvl -in @(0,1,2,3,4)) {

 if(Test-Path -Path ".\$($obflvl).crproj") {

 rm ".\$($obflvl).crproj"; rm ".\temp.txt";

  }

[System.Convert]::FromBase64String("$($ops[$obflvl])") | Set-Content -Path ".\temp.txt" -Encoding Byte;

$output = Get-Content -Path ".\temp.txt" | %{ $_ -replace "`"{OUTDIR}`"", "`"$($config[0])\Confused`"" -replace "`"{BASEDIR}`"","`"$($config[0])`"" -replace "`"{MODULE}`"","`"$($config[1])`"" }; Set-Content -Value $output -Path ".\$($obflvl).crproj";

 }

 $isOnline = @($((Test-NetConnection www.google.com -Port 443 -InformationLevel Detailed -WarningAction SilentlyContinue).TcpTestSucceeded));

 if ( (-not $isOnline[0]) ) {

 try {

 if (Test-Path ".\ConfuserEx_bin\Confuser.CLI.exe") {

 Start-Process -FilePath $(Resolve-Path ".\ConfuserEx_bin\Confuser.CLI.exe").Path -ArgumentList @("$($config[0])\$($obflvl).crproj") -RedirectStandardError ".\error-obf.txt" -ErrorAction Stop;

 }

}

 catch {

 $error = [Exception]::new("Exe problem"); Write-Error -Exception $error -Message "Exe cannot be found, try installing it.";

 }

} else { # try and get confuser_ex from online source.

  wget -Uri "https://github.com/yck1509/ConfuserEx/releases/download/v1.0.0/ConfuserEx_bin.zip" -Method Get -UseDefaultCredentials -OutFile "ConfuserEx_bin.zip";

  $path = $(Resolve-Path ".\ConfuserEx_bin.zip").Path; Expand-Archive -Path "$path" -DestinationPath ([Regex]::Replace($(Split-Path "$path" -Leaf),"\.zip","")) -Force

  Start-Process -FilePath $(Resolve-Path ".\ConfuserEx_bin\Confuser.CLI.exe").Path -ArgumentList @("$($config[0])\$($obflvl).crproj") -RedirectStandardError ".\error-obf.txt" -ErrorAction Stop;

 }

}; Invoke-Command -ScriptBlock $execobf;

# Execute remotely as a background job.

# Invoke-Command -ScriptBlock $execobf -Session $(New-PSSession -ComputerName YourServerhere) -JobName "BGOBF-001" -AsJob;

# Get-Job -Name "BGOBF-001" | Wait-Job -Name "BGOBF-001" -Timeout 5;

# Get-Job -Name "BGOBF-001" | Start-Job -Name "BGOBF-001";

# Get-Job -Name "BGOBF-001" | Remove-Job -Name "BGOBF-001";