Jump to content
Tuts 4 You
XenocodeRCE

[Deobme] ConfuserEX 0.5 custom

Rate this topic

Recommended Posts

XenocodeRCE

jd6kUKq.png


 


Just a custom version of ConfuserEX 0.5


 


Nothing that special, very  humble modifications


 


I post it here in order to know what shall I improve


 


https://www.sendspace.com/file/p1fsts


 


 


  • Like 1

Share this post


Link to post
Share on other sites
RDGMax

Nice pe header + structure .net modification


  • Like 1

Share this post


Link to post
Share on other sites
XenocodeRCE

Alcatrazz successfully deobed this and give me hints about how I shall improve this !


 


It's time to do some research about the MSIL and clr structure ...


Share this post


Link to post
Share on other sites
RDGMax
I already made a net obfuscator

 

But now I will make a .NET Scrambler anti decompiler, Will be called cachi chien obfuscator

  • Like 2

Share this post


Link to post
Share on other sites
n0th!ng

to fix metadata just use Universal fixer (without .NET options) next change number of streams to 9 


then pass it to de4dot


use ConfuserExSwitchKiller to deobfuscate cflow obfuscation 


then code some tool to fix constants 


 


 


looking forward to see your modded ConfuserEx 


CrackTest2_fix-cleaned.rar

Edited by n0th!ng (see edit history)
  • Like 4

Share this post


Link to post
Share on other sites
XenocodeRCE

to fix metadata just use Universal fixer (without .NET options) next change number of streams to 9 

then pass it to de4dot

use ConfuserExSwitchKiller to deobfuscate cflow obfuscation 

then code some tool to fix constants 

 

 

looking forward to see your modded ConfuserEx 

 

Nicely done ! With Antitamper de4dot would have messed up the assembly so beware

 

I'm constantly improving ConfuserEX, it takes me about 4h a day, reading ECMA and so on.

 

I may post another chall at the very end of the week (Hint : clr emulation || PE32+)

Share this post


Link to post
Share on other sites
Sh4DoVV

hi CodeCracker

how to unpack this dll ?

this file obfuscated by confuserex custom

please help me

thanks

 

Edited by Teddy Rogers (see edit history)

Share this post


Link to post
Share on other sites
SkyProud

Check: ConfuserEx v1.0.0

The version number is v1.0.0

In CFF Explorer, open MetaData Streams - #Blob, and you will see that in the Ascii section.

 

CFF_Explorer1.PNG

Edited by SkyProud
Further details provided. (see edit history)

Share this post


Link to post
Share on other sites
XenocodeRCE
2 hours ago, SkyProud said:

Check: ConfuserEx v1.0.0

The version number is v1.0.0

In CFF Explorer, open MetaData Streams - #Blob, and you will see that in the Ascii section.

 

CFF_Explorer1.PNG

 

wrong its v0.5, i faked the version info. Don't rely on this kind of things, go and deep-analysis the file

Share this post


Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now

×