Jump to content
Tuts 4 You
patchaya

[Unpack]Crypto+Confuser 1.9

Rate this topic

Recommended Posts

ιvancιтooz

Emmms, the file it's packed with crypto and confuser, and the title is unpack confuser 1.9 -_-


Share this post


Link to post
Share on other sites
SHADOW_UA

Tutorial:


 


1. MegaDumper, get ResourceAssembly.dll (assembly than contains resources)


2. Use ConfuserDelegateKiller to remove delegates from UnpackMe.exe (google it)


3. de4dot with parameters (-p un --strtyp delegate --strtok 06000043)


4. CryptoObfuscator constant fixer by me (pm if you need)


4. Remove all instructions from <Module>.cctor


5. Attach resources with ResourceManager (use file from step 1)


6. Clean from junk classes and delegates


Edited by SHADOW_UA (see edit history)
  • Like 13

Share this post


Link to post
Share on other sites
ιvancιтooz

Tutorial:

 

1. MegaDumper, get ResourceAssembly.dll (assembly than contains resources)

2. ConfuserDelegateKiller (google it)

3. de4dot with parameters (-p un --strtyp delegate --strtok 06000043)

4. CryptoObfuscator constant fixer by me (pm if you need)

4. Remove all instructions from <Module>.cctor

5. Attach resources with ResourceManager

6. Clean from junk classes and delegates

I try to use confuser delegate killer but no works jeOStOb.png

Share this post


Link to post
Share on other sites
SHADOW_UA

I try to use confuser delegate killer but no works

ResourceAssembly.dll is for step 6. You need to drag UnpackMe.exe on ConfuserDelegateKiller, not this dll.

Share this post


Link to post
Share on other sites
ιvancιтooz

ResourceAssembly.dll is for step 6. You need to drag UnpackMe.exe on ConfuserDelegateKiller, not this dll.

and what is the step 1 , i don't understand sorry :(

Edited by ♛IvancitoOz♛ (see edit history)

Share this post


Link to post
Share on other sites
patchaya

@SHADOW_UA  thank you very much   :prop:


Share this post


Link to post
Share on other sites
ιvancιтooz

MX0UNiG.png


 


 


Unpacked with cleaning source  , thanks to shadow_ua , unpacked by IvancitoOz


Edited by ♛IvancitoOz♛ (see edit history)

Share this post


Link to post
Share on other sites
ghostfish

@SHADOW_UA  thank you very much :plane: 


Share this post


Link to post
Share on other sites
TheProxy RE
On 9/16/2016 at 10:17 AM, LeeZay said:

@SHADOW_UA  help unpack Obfuscated .net 

11.PNG


As i can see form the picture that is appfuscator so try to use CodeCracker Apffuscator Unpackers :D

  • Like 1

Share this post


Link to post
Share on other sites
ymmxl
On 2/9/2015 at 3:14 AM, SHADOW_UA said:

Tutorial:

 

 

 

 

1. MegaDumper, get ResourceAssembly.dll (assembly than contains resources)

 

 

2. Use ConfuserDelegateKiller to remove delegates from UnpackMe.exe (google it)

 

 

3. de4dot with parameters (-p un --strtyp delegate --strtok 06000043)

 

 

4. CryptoObfuscator constant fixer by me (pm if you need)

 

 

4. Remove all instructions from <Module>.cctor

 

 

5. Attach resources with ResourceManager (use file from step 1)

 

 

6. Clean from junk classes and delegates

 

 

Hi there, i know its been a long time since but i would like to know how to determine the specific string token to use in de4dot?

Share this post


Link to post
Share on other sites
aguml

Hello friend.

I need "CryptoObfuscator constant fixer".

¿Can you send me it?

Thanks.

PD: I'm spanish and my english is very bad.

Share this post


Link to post
Share on other sites
aguml

Hello friend.

I need too "ResourceManager".

¿Can you send me it?

Thanks.

Edited by aguml (see edit history)

Share this post


Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now

×
×
  • Create New...