Jump to content
Tuts 4 You

Search the Community

Showing results for 'confuserEx'.

Didn't find what you were looking for? Try searching for:

More search options

  • Search By Author

Content Type


  • Community Discussions
    • Terms, Privacy Policy & Frequently Asked Questions
    • General Discussions and Off Topic
    • Artscene Community
    • Site Bug Reports and Feedback
  • Reverse Code Engineering
    • Challenge of Reverse Engineering
    • Hardware Reverse Engineering
    • Network Security
    • Malware Reverse Engineering
    • Reverse Engineering Articles
    • Employment and Job Vacancies
  • Developers Forums
    • Programming and Coding
    • Programming Resources
    • Software Security
  • Community Projects
    • Scylla Imports Reconstruction
    • x64dbg
    • Future Community Projects
    • Community Projects Archive


There are no results to display.


  • Demos & Intros
    • 4k
    • 64k
    • Crack Intros
  • Templates
    • AT4RE Patcher
    • diablo2oo2 Universal Patcher (dUP)
    • Ultimate Patching Program (uPPP)
    • Keygen
  • ASCII Artwork
  • Chiptunes
  • Fonts & Icons
  • Source Code
  • Tools & Utilities


  • Departure's Blog
  • Kibloy's Blog
  • Loki's Musings
  • ap0x's Blog
  • cond0lence's Blog
  • D1N's Blog
  • PureBasic Adventures...
  • DAHipHop - Blog
  • Imports Fixer
  • E33's Blog
  • TreaxeR's Blog
  • TreaxeR's Blog
  • Team IREC
  • ghandi's Blog
  • X-88's Blog
  • Blog-Pu55y's ufo
  • mrexodia's Blog
  • Extreme Coders' Blog
  • xSRTsect's Blog
  • overkill's Blog
  • 0xNOP Blog
  • Code Caramelo
  • 随便随便
  • Programming MeMe Blog

Find results in...

Find results that contain...

Date Created

  • Start


Last Updated

  • Start


Filter by number of...

Found 202 results

  1. yinhuo

    UnpackMe ConfuserEx Modified

    @SHADOW_UA: Thanks for sharing the method to unpack. @BambooQJ: Thanks for recording but was unable to extract the password protected file "ConfuserEx 脱壳教程.7z".
  2. file protected with confuserex 1.0 give me error - i'm newbie with re maybe i need do something in ollydbg first idk but i want learn not only use unpackers:
  3. atom0s

    best obfuscator / packer

    Every commercial obfuscator is defeated and generally does not update frequently enough to make them worth the money from a protection standpoint. Modifying ConfuserEx yourself and adding more in depth features, altering the existing ones, and such is probably going to be your best bet if you are looking for actual protection. Just keep in mind that .NET is not a secure language to start with so getting a real level of security is not really going to happen. If you don't want to edit ConfuserEx yourself and just want someting permade, https://netguard.io/ is probably your best bet.
  4. Cubixx

    CrackMe // ConfuserEx 1.0.0-custom + SmartAssembly

    Hi! Looks like a great crackme. Im kinda new to reverse engineering. Could anyone please help me ? I know how to unpack generic non-modified obfuscators(SA/ConfuserEx/Noisette..) but im kinda having trouble with this one. Anybody could point me in a good directions ? Thanks!
  5. SkyProud

    [Deobme] ConfuserEX 0.5 custom

    Check: ConfuserEx v1.0.0 The version number is v1.0.0 In CFF Explorer, open MetaData Streams - #Blob, and you will see that in the Ascii section.
  6. Sh4DoVV

    [Deobme] ConfuserEX 0.5 custom

    hi CodeCracker how to unpack this dll ? this file obfuscated by confuserex custom please help me thanks
  7. The search function is broken for me on certain searches for example if i search appfuscator or confuserex i get the 500 internal error i have tried cleaning cache tried different browsers and even different device however if i search assembly for example it will search fine is anyone else having this issue?
  8. [ModuleReport] [IAT] Modules -> mscoree.dll [.] .net @ FileOffset 0x4AC7D0 | MetaData->Version 1.1 (struct version) -> v4.0.30319 (net version required) [.] Flags : 0x0 | Streams : 0x5 (5) -> #~ | #Strings | #US | #GUID | #Blob [!] [.net scan core] ConfuserEx v1.0.0-custom detected! [COR20] MajorRuntimeVersion 0x2 (2) | MinorRuntimeVersion 0x2 (2) -> 0x2.2 (2.2) [COR20] Flags 0x3 [COR20 Flags] [x] IL_ONLY [x] 32BITREQUIRED [ ] IL_LIBRARY [COR20 Flags] [ ] STRONGNAME [ ] NATIVE_EP [ ] TRACKDEBUGDATA [COR20 Flags] [ ] 32BITPREFERRED | 0x0 UNKNOWN [COR20 Flags] Assembly is NOT strong name signed - Scan Took : 1.641 Second(s) [00000054Fh (1359) tick(s)] [504 of 577 scan(s) done]
  9. cawk

    Cawks KeygenMe

    Difficulty : 3-4 Language : .NET Platform : Windows OS Version : All Packer / Protector : confuserex custom Description : Valid submissions 1)a valid serial for your name 2)a working keygen good luck Screenshot : Keygen.exe
  10. I have this malware(possibly Locky variant), which is packed by an unknown packer(de4dot -d). It looks like it's packed by customized ConfuserEx, but I am not 100% sure(newbie). I have tried using tools like NoFuserEx, de4dot, UnconfuserEx, without any luck. I have this idea: maybe I could pause on some memory management API, e.g. VirtualAlloc and monitor the memory region's size it allocates. If the memory region is enough large to hold the malware actual payload, keep an eye on it, maybe I could finally get the payload. So is there any .NET debugger allowing me to pause on System API like VirtualAlloc? I know I could use debugger like Olly, but if I open this malware with Olly, I am debugging the .NET framework, right? Attached is the malware. This malware is packed multi times. dump-unpacked-cleaned.exe
  11. @Etor Madiv already explained a lot, all thumbs up! You don't need to unpack ConfuserEx, or do "a lot of debugging". I think that the easiest way to defeat this "protection" would be to run the application inside virtual machine, and then find "MZ" header of unpacked binary in the memory. Takes just a few minutes with Olly and some memory dumping plugin/tool. Oh, and based on the strings inside unpacked malware, it's called "iSpy Keylogger".
  12. gundamfj

    need help to unpack .NET malware

    Do you successfully unpack all layers and get the final payload? Do you unpack ConfuserEx 1.0 manually?
  13. Bartosz Wójcik

    Build Modded Confuser Ex

    I've used ConfuserEx to pack my free software (AutoIt Obfuscator) but got so many false positives I had to drop it, how is your tool doing with those damn false positives? Did you check it against VirtusTotal?
  14. kao

    Custom ConfuserEx

    Answer: Difficulty is 1/10: monkey with half a brain can obtain the "code hidden inside" using DNSpy. Like this: Tutorial? What tutorial? Just google any beginner introduction on how to use DNSpy. Or read the tutorial "How to break almost every ConfuserEX crackmes" by @XenocodeRCE (attached). How to break almost every ConfuserEX crackmes.pdf
  15. ConfuserEx: https://github.com/yck1509/ConfuserEx dnlib: https://github.com/0xd4d/dnlib dnSpy: https://github.com/0xd4d/dnSpy Paint.NET (3.36) https://github.com/wangdeshui/paint.net Crytek CryENGINE (Managed Portion) https://github.com/CRYTEK-CRYENGINE/CRYENGINE
  16. 0xNOP

    I have a malicious dotnet sample

    Well, once you study ConfuserEx for a while you get used to see so many landmarks within the protected assemblies that it's not strange to see them to the naked eye afterwards, you just need to really know them for example, the CCTOR body at the entry-point is very different when you use Normal Anti-Tamper Vs. JIT Anti-Tamper, so once you identify that, you keep on going, then move onto strings decryption and lastly cflow, everything is hosted on GitHub so it's easier to see where you're stepping through if you feel kinda lost, also tools like the ones CodeCracker made and other people as well, will come in handy and don't forget about using a good decompiler / debugger like dnSpy and that's it! For better signature recognition I recommend either a PEiD with updated signatures and top-most suggestion is get PiD from GameCopyWorld or w.e. it is the website :> Good luck! Note: Attached below is my DotNetResolver with working Strings Plugin. DotNetResolver.7z
  17. Hacktreides

    I have a malicious dotnet sample

    @0xNOP nice work! Thank you Can you explain me the workaround? I have downloaded dotnet resolver form here but i'm unable to find the compiled dll plugin for strings. And after that how you get the unpacked binary? And how you indentify confuserEX? On my dumped file rdg protector say dotnet crypter and my peid says just "Microsoft Visual C# / Basic .NET [Overlay]".
  18. 0xNOP

    I have a malicious dotnet sample

    Oh... *brain fart* :> thanks xD @Hacktreides this is the only thing I could recover from it (sample corrupted): https://mega.nz/#!agw12KzJ!upg0JNycjHRRcPqvb2r3zVjTQN1B7iohEZMHOLcSp6o (note: it's a auto-decompressing exe) Also with DotNetResolver + Strings plugin you will be able to see most of the strings and stuff, sorry couldn't give you a more cleaner sample, couldn't get past the cflow obfuscation. Protector is ConfuserEx just as ExeInfo and PEID specified it's in between the 0.3.0 and 0.4.0 version.
  19. YuqseLx

    ConfuserEx Modified by Myself / EnigmaProtector

    Thanks for challange. I don't have time for tutorial but i can say what i do. First it's unpacked file and dll with resource. http://www1.zippyshare.com/v/4m9Bvvn7/file.html And that's ss for valid string. http://prntscr.com/bn8fxm I load main exe to olly and run it. It was giving error "Unable to find runtime...." but not it doesn't matter and i use when it's giving that error MegaDumper and dump exe. It's confuserex 0.6 now. ( or try giv script for enigma v4.xx) Only use ConfuserExSwitchKiller, ConfuserEx Proxy Call Fixer v2 by DaviCore and ConfuserExStrings by yq8 and delete all call in .cctor and delete unused members. After use de4dot and it's unpacked succesfully. But it's not run correctly because it's need dll with decrypted resources. For this i debug with dnspy a orijinal confuserex file and bp when antitamper finish. Run and see module tab you have .dll file and save that. If my English not good sorry about that. If i do any wrong or not good say me thank you again. Best regards.
  20. @kao , all the tools are messing up the code. So now what can be the solutions be ? Using ConfuserEx 0.5.0 tools like ConfuserExSwitchKiller , ConfuserExConstantDecryptor , there is a lot of control flow switch remaining but the application is running and even the login does.
  21. Well that malware file is done unpacking and analyzing. Now to another binary , not malware , but found via tor. It is called FraudFox. Its used to get unique browser fingerprinting among many other use. uploading only the main binary apart from the firefox portable , vip72 , proxifier , etc files. FraudFox.zip It says packed with confuserex 0.4.0 but unpack still not done. latest de4dot does not unpack clean. Used all CC tools , but no unpack happening. Can you please analyze and tell me what can be the issue in unpacking ? Regards
  22. ghostfish

    .Net ConfuserEx Modified

    use modified ConfuserExConstant.exe to get the two byte arrays use cc's SimpleByteArrayInit.exe to import the two byte arrays. use orign file to dump the res. use cc's resourcemanager.exe to replace the asm linked res. after these steps , go on with cc's tools for confuserex. all done.
  23. To me there are a few factors that have gone into the community dying out: 1. Money - This is a major contributor. Before there wasn't many aspect to profiting off things on the internet, it was still a new / fresh idea and it was not really ever attempted. Payment models did not exist outside of using major credit card vendors so the ease of setting up methods to charge people for things was not around yet. (Stuff like Paypal etc.) Slowly, it became more and more known that you could easily charge people for your work (or in most cases any more others work). More and more people started either selling their stuff or stopped releasing things because it was being stolen and sold elsewhere. 2. Attitude / Egos - The community ages ago was a lot more friendly in terms of teaching people, sharing knowledge and overall being a welcoming place for newcomers. Anymore, though, it is now an ego fest showing off who can do what faster/better, bragging about what they can do over someone else, etc. The actual welcoming atmosphere has gone out the window. There are less and less tutorials posted, less and less actual information posted on various targets. Instead you see posts referring to outdated information / outdated versions of things that leave someone new to guess or "figure it out yourself". There is a major lack of patience with newcomers now too. Someone can ask a basic question that could easily be answered but instead people would rather just chew that person out or be a total ass to them. This entirely defeats the purpose of even having a site specific to teaching and tutorials. Why advertise as that if that is completely not how it is? Even if the question is stupid or basic to someone, many often forget they were once that new to reversing themselves and just instead jump to flaming that new comer (again going back to the ego issues). 3. Rippers - This goes alone with issue 1. Ripping / stealing has become a major problem. Before, things were released with nfo's, it was considered the scene's method of copyright in a way. They were treated like law and everyone abided by them as such. That is no longer the case at all and they are more or less seen as a useless junk file anymore. At most, people enjoy looking at the art in them still, but that's basically it. Most will never even open one anymore unless they feel the need to for a serial key or some other important information. Rippers also ruin the aspect of releasing tools and such open source. For example, something more or less recent would be ConfuserEx. It is a great example of a protection project for .NET related binaries. It is entirely open source and has been a pretty popular tool. The developers of it as well as Confuser (the original before hand) put tons of time and effort into it, and you have tons of people that clone the source code, rebrand it with a different name, add maybe 1-2 new features to it then sell it as if they did everything. It completely kills a developers motivation to share anything. The same has happened with the game hacking community / scene. It is completely dead now. Sites like CheatHappens started ripping work of a lot of teams that released things for free for everyone to enjoy, and slowly it killed the motivation of those teams to bother anymore. Since then a few web teams have surfaced that do nothing but try and profit on basic cheats anyone could make if they learned how to use Cheat Engine within a week. Along with the fact that a lot of those teams stalk sites like Cheat Engine that still offer lots of cheats for free, and those teams will rip options made by others and put them into their paid-for trainers.
  24. Use CONFUSEREX Moded..... but i think you can not prevent reverse engineering.
  25. NightBaron

    The4Got10's Protector [Unpack]

    aw The4Got10's Protector Professional Edition confuserex modded by me haha
  • Create New...