EIYM - Encode It Your Mode

Author: Abolhb
Group: Freemasonry

Review

---

What is this?

EIYM is a .NET protector built with dnlib. You pick what protections you want, configure them how you like, and hit protect. Simple.

---

Protections

String Encryption

Encrypts all strings in your assembly using XOR. Each string gets its own random key.

Before:

string msg = "Hello World";
Console.WriteLine(msg);

After:

// String stored as encrypted bytes, decrypted at runtime
string msg = Decrypt("Kz{{~5]~}{m", 39);
Console.WriteLine(msg);

---

Int Encoding

Replaces integer constants with math operations. Makes static analysis harder.

Before:

int port = 8080;

After:

// XOR encoding
int port = 95847 ^ 87767; // equals 8080

// Or addition/subtraction
int port = 58432 - 50352; // equals 8080

Uses 4 different encoding methods randomly: XOR, ADD, SUB, and double XOR.

---

Control Flow

Adds fake branches at the start of methods. The real code always runs, but decompilers show junk.

Before:

public void DoSomething()
{
    // actual code here
}

After:

public void DoSomething()
{
    if (5847 == 5847) goto real_code;  // always true
    int fake = 342 + 521;              // never runs
    goto real_code;
    
real_code:
    // actual code here
}

---

Anti Debug

Checks Debugger.IsAttached at startup. If a debugger is found, the app exits immediately.

// Injected into module constructor
if (System.Diagnostics.Debugger.IsAttached)
    Environment.Exit(0);

---

Anti Virtual Machine

Detects VMware, VirtualBox, and Hyper-V by querying WMI for hardware info. Useful if you dont want your app running in analysis VMs.

Checks:

• Manufacturer contains "vmware"
• Manufacturer equals "microsoft corporation" AND Model contains "VIRTUAL"
• Model equals "VirtualBox"

If detected, app exits.

---

Resources Encoding

XORs all embedded resources with a random 32-byte key. Note: you'll need to implement the decryption yourself if your app uses resources at runtime.

---

Junk Code

Adds fake classes with fake methods and fields. Makes the assembly look bigger and messier. You control how many junk classes get added (default 50, max 500).

Each junk class contains:

• 3-10 random fields
• 5-15 methods with random math operations
• 2-5 properties

---

Renamer

Disabled by default. When enabled, renames your code elements to random strings.

Option	What it does
Namespaces	Renames all namespaces
Types	Renames classes, structs, enums
Methods	Renames methods (skips constructors, Main, virtual methods)
Fields	Renames fields
Properties	Renames properties
Events	Renames events

Settings:

• Length: How long the random names are (5-50 chars)
• Prefix: Added before each name (default: $MASON~)
• Chars: Character set used for random names

Before:

namespace MyApp
{
    public class UserManager
    {
        private string _username;
        public void Login() { }
    }
}

After:

namespace $MASON~xKqMnBvLpR1
{
    public class $MASON~aTyUiOpLkJ2
    {
        private string $MASON~zXcVbNmQw3;
        public void $MASON~rFgHjKlZx4() { }
    }
}

---

How to Use

1. Click Browse and select your .exe or .dll
2. Check the protections you want
3. Configure renamer if needed
4. Click Protect
5. Choose where to save the protected file

---

What Gets Skipped

The renamer wont touch:

• Entry points (Main)
• Constructors
• Virtual/abstract methods
• Runtime special names
• InitializeComponent (WinForms)
• Property getters/setters
• Event add/remove methods

---

Requirements

• .NET Framework
• dnlib (included)

---

Notes

• Test your protected app before shipping
• Some protections may break reflection-heavy code
• Resource protection requires manual decryption implementation
• Anti-VM uses System.Management, make sure to reference it

---

License

Free to use. Credit appreciated.