From 914c687360560b6c89e948ee20c9a4827ecb78af Mon Sep 17 00:00:00 2001
From: "SychicBoy [CS-RET]" <53654076+SychicBoy@users.noreply.github.com>
Date: Wed, 6 Apr 2022 04:21:33 +0430
Subject: [PATCH] Update README.md
---
README.md | 129 +++++++++++++++++++++++++-----------------------------
1 file changed, 60 insertions(+), 69 deletions(-)
diff --git a/README.md b/README.md
index 1d4907d..a2ded30 100644
--- a/README.md
+++ b/README.md
@@ -1,74 +1,65 @@
-# NetReactorSlayer
-
-An open source (GPLv3) deobfuscator for [Eziriz .NET Reactor](https://www.eziriz.com/reactor_download.htm)
-
-# Preview:
-
-
-# Currently Supported .NET Reactor Versions:
-- From 6.0.0.0 To 6.8.0.0
-
-# Features:
-- Clean Control Flow
-- Restore Hidden Calls
-- Remove Proxy Calls
-- Decrypt Strings
-- Remove Anti Tamper
-- Remove Anti Debugger
-- Decrypt Resources
-- Dump Embedded Assemblies
-- Decrypt Methods (NecroBit)
-- Unpack Native
-- Decrypt Tokens
-
-# Usage:
+
+
+
+# NetReactorSlayer
    
+
+**NetReactorSlayer** is an open source (GPLv3) deobfuscator for [Eziriz .NET Reactor](https://www.eziriz.com/reactor_download.htm)
+
+Preview
+
+GUI | CLI
+:-------------------------:|:-------------------------:
+
| 
+
+
+
+### Features & Commands:
+
+| Description | Command | Default Value |
+| ------ | ------ | ------ |
+| Decrypt Methods (NecroBit) | `--decrypt-method` `` | True |
+| Deobfuscate Control Flow | `--deobfuscate-cflow` `` | True |
+| Decrypt Hidden Calls | `--decrypt-hidden-calls` `` | True |
+| Remove Reference Proxies | `--remove-ref-proxies` `` | True |
+| Decrypt Strings | `--decrypt-strings` `` | True |
+| Remove Anti Tamper & Anti Debug | `--anti-tamper` `` | True |
+| Decrypt Assembly Resources | `--decrypt-resources` `` | True |
+| Dump Embedded Assemblies | `--dump-assemblies` `` | True |
+| Dump Assemblies That Embedded By Costura.Fody | `--dump-costura-assemblies` `` | True |
+| Decrypt Tokens | `--decrypt-tokens` `` | True |
+| Unpack Original Assembly From Native Image | | |
+| Close CLI immediately after finish deobfuscation | `--no-pause` `` | False |
+| Preserve All MD Tokens | `--preserve-all` `` | False |
+| Keep Old Max Stack Value | `--keep-stack` `` | False |
+| Cleanup obfuscator leftovers | `-cleanup` `` | True |
+
+### Usage:
Just drag and drop target obfuscated assembly on it.
-# Optional commands:
-```
---no-necrobit Don't decrypt methods (NecroBit).
---no-anti-tamper Don't remove anti tamper.
---no-anti-debug Don't remove anti debugger.
---no-hide-call Don't restore hidden calls.
---no-str Don't decrypt strings.
---no-rsrc Don't decrypt assembly resources.
---no-deob Don't deobfuscate methods.
---no-arithmetic Don't resolve arithmetic equations.
---no-proxy-call Don't clean proxied calls.
---no-dump Don't dump embedded assemblies.
---no-remove Don't remove obfuscator methods, resources, etc...
---no-decrypt-token Don't decrypt tokens.
-```
-# Known Issues:
-- ### Strings are still encrypted after deobfuscation:
-In some targets string decryptor method is virtualized, that's why NetReactorSlayer can't decrypt strings.
-### How to know is string decryptor method is virtualized or not:
-The normal string decryptor method should looks like this:
-
-And the virtualized string decryptor method should looks like one of below images:
-
-
-
-
-- ### Control Flow Deobfuscator Not Working / Control Flow Deobfuscator Deleted Most OpCodes:
-.NET Reactor 6.7 or above use some arithmetic equations to apply control flow:
-
-if you click on the class of field, You'll see one of class methods define the fields value on runtime:
-
-NetReactorSlayer get that fields value to deobfuscate control flow, but in some targets this method is virtualized and the method goanna looks like one of below images:
-
-
-
-That's why NetReactorSlayer get's failed to clean controlflow because it's don't have a feature yet to devirtualize virtualized methods.
-
-- ### Target file not working after deobfuscation:
-- Try to save deobfuscated file with Preserve all MD tokens & Keep old MaxStack options:
-
-
-# Note:
-Its free, but there is no support for it, I'll keep updating it for latest .NET Reactor version as I can.
-
-# Credits:
+### Known Issues:
+- If target assembly not working after deobfuscation try using `--preserve-all` and/or `--keep-stack` command(s).
+
+- Since **NETReactorSlayer** does not yet have the ability to de-virtualize virtualized functions, if the target protected assembly contains virtualized functions, NETReactorSlayer may fail to de-obfuscate some protections such as string encryption and control flow.
+
+
+ ➡️Click to see few example of comparing virtualized functions with normal functions
+
+Normal | Virtualized
+:-------------------------:|:-------------------------:
+
| 
Or
+
+Normal | Virtualized
+:-------------------------:|:-------------------------:
+
| 
Or
+
+
+### Contribution:
+Want to contribute to this project? Feel free to open a [pull request](https://github.com/SychicBoy/NETReactorSlayer/pulls).
+
+### License:
+**NETReactorSlayer** is licensed under [GPLv3](https://www.gnu.org/licenses/gpl-3.0.en.html).
+
+### Credits:
- [dnlib](https://github.com/0xd4d/dnlib)
- [de4dot.blocks](https://github.com/de4dot/de4dot/tree/master/de4dot.blocks)
- [Harmony](https://github.com/pardeike/Harmony)