Jump to content
Tuts 4 You

[UnpackMe]Confuser 1.7


CodeEnding
Go to solution Solved by n0th!ng,

Recommended Posts

  • Solution

how to unpack this UnpackMe


1-Dump the file to extract resource


2- use ConfuserMethodDecrypter by CodeCracker (use the orginal file)


3-fix resource (ResourceManager)


4-Nop <Module>.cctor


5-use Confuser Delegate Killer (not all the delegates will be fixed ,use SAE and fix it manually )


6-use de4dot to decrypt strings


 


good luck 


  • Like 2
Link to comment
Share on other sites

Hadits follower

how to unpack this UnpackMe

1-Dump the file to extract resource

2- use ConfuserMethodDecrypter by CodeCracker (use the orginal file)

3-fix resource (ResourceManager)

4-Nop <Module>.cctor

5-use Confuser Delegate Killer (not all the delegates will be fixed ,use SAE and fix it manually )

6-use de4dot to decrypt strings

 

good luck 

 

Can you please say your original id . Use my skype name .

 

His another id => https://forum.tuts4you.com/user/86001-ella/   [use vpn]

.

the user steal method by various username in tuts4you by various userid .

 

 

" leecher "

Edited by Death
Link to comment
Share on other sites

Can you please say your original id . Use my skype name .

 

His another id => https://forum.tuts4you.com/user/86001-ella/   [use vpn]

.

the user steal method by various username in tuts4you by various userid .

 

 

" leecher "

this is my only account here 

and what the meaning of what you said ?

are you say that i stole your way?

if that what you want to say then please next be more careful when you suspect someone otherwise f*** off ,i don't even know you!

 

 

good luck 

  • Like 1
Link to comment
Share on other sites

Hadits follower

this is my only account here 

and what the meaning of what you said ?

are you say that i stole your way?

if that what you want to say then please next be more careful when you suspect someone otherwise f*** off ,i don't even know you!

 

 

good luck 

 

 

bro don't act , the method you provided matched "which you seen on tv" . Explain about your userid , ok well i will flash more clear that who u are .

 

xd 

Link to comment
Share on other sites

bro don't act , the method you provided matched "which you seen on tv" . Explain about your userid , ok well i will flash more clear that who u are .

 

xd 

 

i am not here to argue with you about meaningless thing like this , i said this is my only account here so shut up .

Edited by n0th!ng
Link to comment
Share on other sites

@Death


 


You must have made a mistake.


 


n0th!ng is my brother .


 



I have known him for a long time


Edited by 381400744
Link to comment
Share on other sites

Hadits follower

well may be but he had friend called afroz . actually don't know who that and who what . Just see the method is same my method i showed over tv . but i really not think so . 


will show as same was created by me on tv , 


 


to be continue ......... 


Link to comment
Share on other sites

well may be but he had friend called afroz . actually don't know who that and who what . Just see the method is same my method i showed over tv . but i really not think so . 

will show as same was created by me on tv , 

 

to be continue ......... 

are you drunk ?

i don't have any friend called afroz !

and i don't believe that you suspect me because that nonsense reason !

just using the available tools will lead to the same result , use your brain a little .

  • Like 3
Link to comment
Share on other sites

ιvancιтooz

are you drunk ?

i don't have any friend called afroz !

and i don't believe that you suspect me because that nonsense reason !

just using the available tools will lead to the same result , use your brain a little .

i dump the file but when i dump the folder they have 3 dll's 

-wow64.dll

-wow64cpu.dll

-wow64lg2.dll

Link to comment
Share on other sites

Hadits follower

anyway its simple to unpack can contact with me if someone not understand . 


 


Thanks


There is 2 way to defeat the obc 


1 : is that provided 


2. yck1509 private de4dot which supported 1.6 to 1.7


 


i had it 2010 but i lost so if some one have that 4 class please share with me or post here


Edited by Death
Link to comment
Share on other sites

Hadits follower

anyway its simple to unpack can contact with me if someone not understand . 


 


 


There is 2 way to defeat the obc 


1 : is that provided 


2. yck1509 private de4dot which supported 1.6 to 1.7


 


i had it 2010 but i lost so if some one have that share with us or private pm if possible


 


Thanks


Link to comment
Share on other sites

Hadits follower

@n0th!ng

are you drunk ? => how did you know this ? i see before you not even know me .


i don't even know you!

 

xd , thanks for that post for

proved yourself => :)

Link to comment
Share on other sites

Hadits follower

Here is ubelol deobfucator which support old confuser 1.6 to 1.7 but need to mod bit for direct clean full . 


cause 1.7 unfinished . The src mainly which confuser in deobfucator name space i think that coded ki or 0xd4d or not sure . 


Tasks


ConfuserDeobfuscator.cs


Confuser 1.7 ( Unfinished, ;http://confuser.codeplex.com/ )

Edited by Death
Link to comment
Share on other sites

@n0th!ng

are you drunk ? => how did you know this ? i see before you not even know me .


i don't even know you!

xd , thanks for that post for

proved yourself => :)

 

o.O

hhhhhhhhhhhh this is too much  !

Edited by n0th!ng
Link to comment
Share on other sites

ιvancιтooz

o.O

hhhhhhhhhhhh this is too much  !

i have a problem when i dump the file , the folder hasn't got resources 

Link to comment
Share on other sites

  • 1 year later...
CodeExplorer
On 4/5/2015 at 4:51 PM, Death said:

well may be but he had friend called afroz . actually don't know who that and who what . Just see the method is same my method i showed over tv . but i really not think so . 

 

will show as same was created by me on tv , 

 

 

 

to be continue ......... 

The method is basically using my tools/de4dot LOL! " 4-Nop <Module>.cctor" is the way of defeating Confuser, CAN'T think of other method, except maybe nooping methods called from <Module>.cctor!
Through is nice that some people share their methods.
 

  • Like 2
Link to comment
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
×
×
  • Create New...