# de4dot/de4dot **Attribution required: if you use, quote, or summarise this content, you must credit and link back to [awesome-repositories.com](https://awesome-repositories.com/repository/de4dot-de4dot).** 7,428 stars · 2,808 forks · C# · GPL-3.0 · archived ## Links - GitHub: https://github.com/de4dot/de4dot - awesome-repositories: https://awesome-repositories.com/repository/de4dot-de4dot.md ## Description de4dot is a .NET deobfuscator and unpacker designed to reverse obfuscation and restore readable code and metadata within .NET assemblies. It functions as a bytecode analyzer that simplifies control flow, strips anti-debugging protections, and extracts original payloads from packed executable wrappers. The project distinguishes itself through a modular deobfuscation pipeline and a sandbox environment used for dynamic string decryption, which executes decryption methods to replace encrypted strings with plain-text values. It can identify specific obfuscation tools through pattern-based binary analysis and synchronize symbols across multiple assemblies to maintain consistent naming and linkage. Its broader capabilities cover binary analysis and reverse engineering, including the removal of tamper detection mechanisms, the decryption of embedded assets, and the conversion of wrapped executables into standard formats. It also provides utilities for restoring readable symbols and reversing specific compression algorithms to retrieve original file content. ## Tags ### Security & Cryptography - [.NET Reverse Engineering](https://awesome-repositories.com/f/security-cryptography/net-reverse-engineering.md) — Provides a comprehensive suite for analyzing and reconstructing .NET assemblies to recover source-level logic. - [Anti-Analysis Removal](https://awesome-repositories.com/f/security-cryptography/anti-analysis-removal.md) — Removes tamper detection and anti-analysis code designed to hinder reverse engineering and debugging. - [Assembly Extraction](https://awesome-repositories.com/f/security-cryptography/assembly-extraction.md) — Extracts assemblies from wrappers and decrypts embedded files or resources for further study. ([source](https://github.com/de4dot/de4dot#readme)) - [Binary Pattern Matching](https://awesome-repositories.com/f/security-cryptography/binary-pattern-matching.md) — Identifies obfuscation tools by scanning binary headers and metadata for known byte-sequence signatures. - [Binary Unpacking](https://awesome-repositories.com/f/security-cryptography/binary-unpacking.md) — Extracts the original payload from packed executables to allow for detailed internal analysis. ([source](https://github.com/de4dot/de4dot/blob/master/De4DotCommon.props)) - [Control Flow Simplification](https://awesome-repositories.com/f/security-cryptography/control-flow-simplification.md) — Simplifies complex execution paths by decrypting constants and devirtualizing code to restore readability. ([source](https://github.com/de4dot/de4dot#readme)) - [Dynamic String Decryption](https://awesome-repositories.com/f/security-cryptography/dynamic-string-decryption.md) — Executes original decryption logic within a controlled sandbox to replace encrypted strings with plain-text values. - [Logic Deobfuscation](https://awesome-repositories.com/f/security-cryptography/logic-deobfuscation.md) — dnSpyEx removes proxy methods and devirtualizes code to clean up the internal assembly logic. ([source](https://github.com/de4dot/de4dot/blob/master/README.md)) - [.NET Assembly Deobfuscation](https://awesome-repositories.com/f/security-cryptography/net-assembly-deobfuscation.md) — Automates the removal of obfuscation layers from multiple .NET binaries to restore project-wide readability. - [Obfuscated Code Analysis](https://awesome-repositories.com/f/security-cryptography/security/utilities/security-hardening-and-protection/obfuscated-code-analysis.md) — Reverses obfuscation patterns in binaries to restore readable code and metadata for security analysis. ([source](https://github.com/de4dot/de4dot/blob/master/De4DotCommon.props)) - [Binary Protection Strippers](https://awesome-repositories.com/f/security-cryptography/traffic-protection/protection-bypassers/binary-protection-strippers.md) — Provides tools to strip tamper detection and anti-debug protection layers from binary files to enable analysis. ([source](https://github.com/de4dot/de4dot#readme)) - [Embedded Asset Decryption](https://awesome-repositories.com/f/security-cryptography/embedded-asset-decryption.md) — dnSpyEx unlocks encrypted or compressed resources and embedded files to make them accessible for review. ([source](https://github.com/de4dot/de4dot/blob/master/README.md)) - [Malware Analysis Tools](https://awesome-repositories.com/f/security-cryptography/malware-analysis-tools.md) — Provides tools for inspecting suspicious .NET binaries to extract payloads and study malicious behavior. - [Multi-Assembly Coordination](https://awesome-repositories.com/f/security-cryptography/net-assembly-deobfuscation/multi-assembly-coordination.md) — Deobfuscates multiple files simultaneously to ensure symbol references remain consistent across all processed assemblies. ([source](https://github.com/de4dot/de4dot#readme)) - [Obfuscator Detection](https://awesome-repositories.com/f/security-cryptography/obfuscator-detection.md) — Detects specific obfuscation tools used on binaries through pattern matching and structural analysis. ([source](https://github.com/de4dot/de4dot#readme)) ### Part of an Awesome List - [Bytecode Analysis Tools](https://awesome-repositories.com/f/awesome-lists/devtools/bytecode-analysis-tools.md) — Analyzes Common Intermediate Language bytecode to simplify control flow and remove junk instructions. - [Modular Pipelines](https://awesome-repositories.com/f/awesome-lists/security/deobfuscation/modular-pipelines.md) — Implements a modular pipeline where independent modules target specific obfuscation or packing techniques sequentially. ### DevOps & Infrastructure - [Binary Payload Extraction](https://awesome-repositories.com/f/devops-infrastructure/filesystem-storage-drivers/binary-payload-extraction.md) — Extracts original payloads and decrypts embedded assets from packed executable wrappers. - [Wrapper Unpacking](https://awesome-repositories.com/f/devops-infrastructure/filesystem-storage-drivers/binary-payload-extraction/wrapper-unpacking.md) — Identifies and strips binary packing layers to recover original executable assemblies from embedded resources. ### Operating Systems & Systems Programming - [Reverse Engineering Tools](https://awesome-repositories.com/f/operating-systems-systems-programming/binary-analysis-capabilities/reverse-engineering-tools.md) — Provides a workflow to analyze internal binary logic by removing anti-debugging protections and decrypting strings. ### Software Engineering & Architecture - [Symbol Restoration](https://awesome-repositories.com/f/software-engineering-architecture/code-readability-optimizations/symbol-restoration.md) — Recovers human-readable names for obfuscated identifiers by analyzing assembly metadata and token signatures. - [Program Logic Restoration](https://awesome-repositories.com/f/software-engineering-architecture/code-readability-optimizations/symbol-restoration/program-logic-restoration.md) — Analyzes compiled binaries to reverse obfuscation and restore the original program logic. ([source](https://github.com/de4dot/de4dot/blob/master/.gitignore)) - [CIL Simplification](https://awesome-repositories.com/f/software-engineering-architecture/control-flow-optimization/cil-simplification.md) — Simplifies Common Intermediate Language bytecode by removing obfuscated indirection and junk code to restore logical flow. ### Development Tools & Productivity - [Cross-Assembly Synchronization](https://awesome-repositories.com/f/development-tools-productivity/symbol-reference-mapping/binary-symbol-management/cross-assembly-synchronization.md) — Tracks symbol references across multiple processed binaries to ensure consistent naming and linkage during restoration. ### Testing & Quality Assurance - [Decompilation Preparation](https://awesome-repositories.com/f/testing-quality-assurance/code-quality-review/static-analysis/decompilation-preparation.md) — Converts wrapped executables back to standard formats so they can be loaded into decompilers for source code review.