Add support for XerinFuscator v3.0.0.29 (ReferenceProxy fixes)

[splashhr]

Hi team — thanks for the great project!

I’d like to request support for XerinFuscator v3.0.0.29 (a ConfuserEx-style obfuscator/fork) — it uses Confuser-like ReferenceProxy protections and DynCipher-based expression encodings. de4dotEx/de4dot-cex already handles many ConfuserEx variants, but this Xerin version leaves many proxy calls unresolved.

What I observed:

• The obfuscated assemblies contain assembly attribute: XerinAtrribute("XerinFuscator v3.0.0.29")
• ReferenceProxy is implemented using NormalEncoding and ExpressionEncoding (Confuser.DynCipher AST → IL).
• Many resolver methods use switch/jump-table or static tables initialized inside a helper .cctor call chain.

What I propose / what would help:

1. Add a detection rule matching the XerinAtrribute("XerinFuscator v3.0.0.29") (or other reliable signature) to enable Xerin-specific fix pipeline.
2. Extend ProxyCallFixer to:
   • attempt static extraction of mappings from switch and static arrays (.cctor initializers),
   • fallback to DynCipher AST evaluation if possible,
   • provide optional runtime extraction mode for cases where expressions are generated dynamically.
3. Add a small test-case or minimal repro (I can provide a sanitized, minimal assembly that reproduces the proxy pattern).

I can prepare a PR that:

• implements detection,
• adds a XerinReferenceProxyFixer (or extends existing ProxyCallFixer),
• includes a small test harness and instructions how to reproduce.

Notes / security:

• I prefer not to attach full installer binaries publicly; I can prepare a tiny minimal-repro assembly or provide a way to privately share a sample (if maintainers prefer).

If helpful, I can open a PR with implementation + tests. Please advise preferred branch/target and whether you can accept a small repro or prefer me to attach only the test assembly.

Thanks!

xerin.zip

[greenozon]

what VS do one need to build the solution, is it possible to build inside VS2019?

[meck-gd]

Hi,

A PR for this would definitely be appreciated! 🙂 You can simply use master as target branch, that's fine. As for testing, maybe include the test assembly & its source?

[splashhr]

I'm using VS2022 and .NET 4.8. Again, I’m uploading xerin_rebuild.zip. Inside it, there is:

• RELEASE folder with the ready-to-run build

• The full source solution XerinFullSRCByCode2Reverse.sln.

⚠️ Important: Do not modify anything inside the RELEASE folder. If these files remain untouched, the rebuild will work correctly.

xerin_rebuild.zip

[splashhr]

I have some progress and initial work that I’d like to share.
You can find my files attached below (im use net9.0 and dnlib)

InlineMapper.zip
AntiTamperFix.zip

also check this
https://github.com/Cheetah0xf/Xerin-3.0.0.29-String-Deobfuscator

[splashhr]

sometimes i have this error, i dont know how fix it

error.txt

[meck-gd]

sometimes i have this error, i dont know how fix it

error.txt

Hmm, would you be able to share an assembly that produces this error? And does triggering that error require changes to de4dotEx?