Jump to content
Tuts 4 You

[Unpack]Crypto+Confuser 1.9


patchaya

Recommended Posts

Tutorial:


 


1. MegaDumper, get ResourceAssembly.dll (assembly than contains resources)


2. Use ConfuserDelegateKiller to remove delegates from UnpackMe.exe (google it)


3. de4dot with parameters (-p un --strtyp delegate --strtok 06000043)


4. CryptoObfuscator constant fixer by me (pm if you need)


4. Remove all instructions from <Module>.cctor


5. Attach resources with ResourceManager (use file from step 1)


6. Clean from junk classes and delegates


Edited by SHADOW_UA
  • Like 13
Link to comment
ιvancιтooz

Tutorial:

 

1. MegaDumper, get ResourceAssembly.dll (assembly than contains resources)

2. ConfuserDelegateKiller (google it)

3. de4dot with parameters (-p un --strtyp delegate --strtok 06000043)

4. CryptoObfuscator constant fixer by me (pm if you need)

4. Remove all instructions from <Module>.cctor

5. Attach resources with ResourceManager

6. Clean from junk classes and delegates

I try to use confuser delegate killer but no works jeOStOb.png

Link to comment

I try to use confuser delegate killer but no works

ResourceAssembly.dll is for step 6. You need to drag UnpackMe.exe on ConfuserDelegateKiller, not this dll.

Link to comment
ιvancιтooz

ResourceAssembly.dll is for step 6. You need to drag UnpackMe.exe on ConfuserDelegateKiller, not this dll.

and what is the step 1 , i don't understand sorry :(

Edited by ♛IvancitoOz♛
Link to comment
ιvancιтooz

MX0UNiG.png


 


 


Unpacked with cleaning source  , thanks to shadow_ua , unpacked by IvancitoOz


Edited by ♛IvancitoOz♛
Link to comment
  • 1 year later...
On 9/16/2016 at 10:17 AM, LeeZay said:

@SHADOW_UA  help unpack Obfuscated .net 

11.PNG


As i can see form the picture that is appfuscator so try to use CodeCracker Apffuscator Unpackers :D

  • Like 1
Link to comment
  • 1 year later...
On 2/9/2015 at 3:14 AM, SHADOW_UA said:

Tutorial:

 

 

 

 

1. MegaDumper, get ResourceAssembly.dll (assembly than contains resources)

 

 

2. Use ConfuserDelegateKiller to remove delegates from UnpackMe.exe (google it)

 

 

3. de4dot with parameters (-p un --strtyp delegate --strtok 06000043)

 

 

4. CryptoObfuscator constant fixer by me (pm if you need)

 

 

4. Remove all instructions from <Module>.cctor

 

 

5. Attach resources with ResourceManager (use file from step 1)

 

 

6. Clean from junk classes and delegates

 

 

Hi there, i know its been a long time since but i would like to know how to determine the specific string token to use in de4dot?

Link to comment
  • 4 weeks later...

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
×
×
  • Create New...