Jump to content
Tuts 4 You

[UnpackMe]Confuser 1.7


CodeEnding
Go to solution Solved by n0th!ng,

Recommended Posts

  • Solution

how to unpack this UnpackMe


1-Dump the file to extract resource


2- use ConfuserMethodDecrypter by CodeCracker (use the orginal file)


3-fix resource (ResourceManager)


4-Nop <Module>.cctor


5-use Confuser Delegate Killer (not all the delegates will be fixed ,use SAE and fix it manually )


6-use de4dot to decrypt strings


 


good luck 


  • Like 2
Link to comment

how to unpack this UnpackMe

1-Dump the file to extract resource

2- use ConfuserMethodDecrypter by CodeCracker (use the orginal file)

3-fix resource (ResourceManager)

4-Nop <Module>.cctor

5-use Confuser Delegate Killer (not all the delegates will be fixed ,use SAE and fix it manually )

6-use de4dot to decrypt strings

 

good luck 

 

Can you please say your original id . Use my skype name .

 

His another id => https://forum.tuts4you.com/user/86001-ella/   [use vpn]

.

the user steal method by various username in tuts4you by various userid .

 

 

" leecher "

Edited by Death
Link to comment

Can you please say your original id . Use my skype name .

 

His another id => https://forum.tuts4you.com/user/86001-ella/   [use vpn]

.

the user steal method by various username in tuts4you by various userid .

 

 

" leecher "

this is my only account here 

and what the meaning of what you said ?

are you say that i stole your way?

if that what you want to say then please next be more careful when you suspect someone otherwise f*** off ,i don't even know you!

 

 

good luck 

  • Like 1
Link to comment

this is my only account here 

and what the meaning of what you said ?

are you say that i stole your way?

if that what you want to say then please next be more careful when you suspect someone otherwise f*** off ,i don't even know you!

 

 

good luck 

 

 

bro don't act , the method you provided matched "which you seen on tv" . Explain about your userid , ok well i will flash more clear that who u are .

 

xd 

Link to comment

bro don't act , the method you provided matched "which you seen on tv" . Explain about your userid , ok well i will flash more clear that who u are .

 

xd 

 

i am not here to argue with you about meaningless thing like this , i said this is my only account here so shut up .

Edited by n0th!ng
Link to comment

@Death


 


You must have made a mistake.


 


n0th!ng is my brother .


 



I have known him for a long time


Edited by 381400744
Link to comment

well may be but he had friend called afroz . actually don't know who that and who what . Just see the method is same my method i showed over tv . but i really not think so . 


will show as same was created by me on tv , 


 


to be continue ......... 


Link to comment

well may be but he had friend called afroz . actually don't know who that and who what . Just see the method is same my method i showed over tv . but i really not think so . 

will show as same was created by me on tv , 

 

to be continue ......... 

are you drunk ?

i don't have any friend called afroz !

and i don't believe that you suspect me because that nonsense reason !

just using the available tools will lead to the same result , use your brain a little .

  • Like 3
Link to comment
ιvancιтooz

are you drunk ?

i don't have any friend called afroz !

and i don't believe that you suspect me because that nonsense reason !

just using the available tools will lead to the same result , use your brain a little .

i dump the file but when i dump the folder they have 3 dll's 

-wow64.dll

-wow64cpu.dll

-wow64lg2.dll

Link to comment

anyway its simple to unpack can contact with me if someone not understand . 


 


Thanks


There is 2 way to defeat the obc 


1 : is that provided 


2. yck1509 private de4dot which supported 1.6 to 1.7


 


i had it 2010 but i lost so if some one have that 4 class please share with me or post here


Edited by Death
Link to comment

anyway its simple to unpack can contact with me if someone not understand . 


 


 


There is 2 way to defeat the obc 


1 : is that provided 


2. yck1509 private de4dot which supported 1.6 to 1.7


 


i had it 2010 but i lost so if some one have that share with us or private pm if possible


 


Thanks


Link to comment

@n0th!ng

are you drunk ? => how did you know this ? i see before you not even know me .


i don't even know you!

 

xd , thanks for that post for

proved yourself => :)

Link to comment

Here is ubelol deobfucator which support old confuser 1.6 to 1.7 but need to mod bit for direct clean full . 


cause 1.7 unfinished . The src mainly which confuser in deobfucator name space i think that coded ki or 0xd4d or not sure . 


Tasks


ConfuserDeobfuscator.cs


Confuser 1.7 ( Unfinished, ;http://confuser.codeplex.com/ )

Edited by Death
Link to comment

@n0th!ng

are you drunk ? => how did you know this ? i see before you not even know me .


i don't even know you!

xd , thanks for that post for

proved yourself => :)

 

o.O

hhhhhhhhhhhh this is too much  !

Edited by n0th!ng
Link to comment
ιvancιтooz

o.O

hhhhhhhhhhhh this is too much  !

i have a problem when i dump the file , the folder hasn't got resources 

Link to comment
  • 1 year later...
CodeExplorer
On 4/5/2015 at 4:51 PM, Death said:

well may be but he had friend called afroz . actually don't know who that and who what . Just see the method is same my method i showed over tv . but i really not think so . 

 

will show as same was created by me on tv , 

 

 

 

to be continue ......... 

The method is basically using my tools/de4dot LOL! " 4-Nop <Module>.cctor" is the way of defeating Confuser, CAN'T think of other method, except maybe nooping methods called from <Module>.cctor!
Through is nice that some people share their methods.
 

  • Like 2
Link to comment

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
×
×
  • Create New...