I try to reverse engineer the demo version of a English/French survey software called S*phinx iQ (http://www.s*phinxsurvey.com/) [remove stars]. This software costs EUR 2,000...
The software is developed with .NET and I successfully opened the main executable in .NET Reflector. Most of the content (namespaces, classes, methods) is readable but an important part is also obfuscated. Indeed, all the functions/methods calls from inside these readable functions/methods refer to "internal delegates" in a namespace labeled "A". All these delegates have random 32-characters name (ex: c62c2a6bc720de02e0a392a51102c40b9) and always contains a "friend function/method" only containing a function/method call to a "friend field/variable" in the same delegate.
In the readable part of the code, you can find something like this:
which refers to "A.c62c2a6bc720de02e0a392a51102c40b9.ce656513e27ae33feda0f91f8761bcc94()".
In "A", we can find:
I am looking for a clue on how to deobfuscate this mess. I tried SAE and a lot of different dissasembler but they all see the same mess.
Full demo version can be downloaded here (remove stars):
Main executable here [remove stars]:
Thanks a lot,