Posted May 4, 201510 yr Only obfuscated with ConfuserEX. The objective is to unpack and crack the file. CrackMe - ConfuserEX.rar Edited May 4, 201510 yr by CodeNatif
May 4, 201510 yr Can't managed to deob string only because your file is using FW 4.5/4.5.1 and CC tools is compiled under 3.5/4.0 Only have to patch the simple if statement Nothing has been modded, you added fake watermark but it's useless since we can use de4dot argument to force unknown
May 5, 201510 yr Author Can't managed to deob string only because your file is using FW 4.5/4.5.1 and CC tools is compiled under 3.5/4.0 Only have to patch the simple if statement Nothing has been modded, you added fake watermark but it's useless since we can use de4dot argument to force unknown Can you post your cracked file ?
May 5, 201510 yr System.IO.FileLoadException: Could not load file or assembly 'Crack Me, Version=1.0.0.0, Culture=neutral, PublicKeyToken=null' or one of its dependencies. Operation is not supported. (Exception from HRESULT: 0x80131515)File name: 'Crack Me, Version=1.0.0.0, Culture=neutral, PublicKeyToken=null' ---> System.NotSupportedException: An attempt was made to load an assembly from a network location which would have caused the assembly to be sandboxed in previous versions of the .NET Framework. This release of the .NET Framework does not enable CAS policy by default, so this load may be dangerous. If this load is not intended to sandbox the assembly, please enable the loadFromRemoteSources switch. See http://go.microsoft.com/fwlink/?LinkId=155569for more information. at System.Reflection.RuntimeAssembly._nLoad(AssemblyName fileName, String codeBase, Evidence assemblySecurity, RuntimeAssembly locationHint, StackCrawlMark& stackMark, Boolean throwOnFileNotFound, Boolean forIntrospection, Boolean suppressSecurityChecks) at System.Reflection.RuntimeAssembly.nLoad(AssemblyName fileName, String codeBase, Evidence assemblySecurity, RuntimeAssembly locationHint, StackCrawlMark& stackMark, Boolean throwOnFileNotFound, Boolean forIntrospection, Boolean suppressSecurityChecks) at System.Reflection.RuntimeAssembly.InternalLoadAssemblyName(AssemblyName assemblyRef, Evidence assemblySecurity, StackCrawlMark& stackMark, Boolean forIntrospection, Boolean suppressSecurityChecks) at System.Reflection.Assembly.Load(AssemblyName assemblyRef) at Confuser_Methods_Decryptor.MainForm.Button2Click(Object sender, EventArgs e) in d:\ConvertedTo45\ConfuserExMethodsDecryptor\ConfuserExMethodsDecryptor\MainForm.cs:line 173Here is how to fix the error:http://blogs.msdn.com/b/drew/archive/2009/12/24/xunit-and-td-net-fixing-the-attempt-was-made-to-load-an-assembly-from-a-network-location-problem.aspx But it comes the second error:System.IO.FileLoadException: Could not load file or assembly 'Crack Me, Version=1.0.0.0, Culture=neutral, PublicKeyToken=null' or one of its dependencies. Attempt to load an unverifiable executable with fixups (IAT with more than 2 sections or a TLS section.) (Exception from HRESULT: 0x80131019)If I mark "IL only" from ".NET Directory" it will crush.
May 6, 201510 yr It uses native code (x32 native predicates) so it is a little bit tricky to change the assembly,only works with dnlib.You must also dump the assembly with resources and attach resources.Unpacked file here:http://www45.zippyshare.com/v/tIfLjsda/file.html
May 6, 201510 yr It uses native code (x32 native predicates) so it is a little bit tricky to change the assembly, only works with dnlib. You must also dump the assembly with resources and attach resources. Unpacked file here: http://www45.zippyshare.com/v/tIfLjsda/file.html You can get ride of x86 predicates easily (more or less) thanks to UbbeLoL and its paper. He also gave a nice snippet about how you could emulate the methods using BeaEngine and dnlib : https://github.com/UbbeLoL/ConfuserDeobfuscator/tree/x86emu/ConfuserDeobfuscator/ConfuserDeobfuscator/Engine/Routines/Ex/x86 But as proven / stated before, removing cflow is not really necessary if the purpose is only cracking this file
May 7, 201510 yr cflow can't decrypt of new confuser . pass : -115661398 here is my unpackCrack Me_Unpacked.zipCrack Me_Cracked.zip Edited May 7, 201510 yr by Death
May 7, 201510 yr For x86 ctrl flow predicate use the new tool ConfuserExPredicateKiller:http://www36.zippyshare.com/v/JUESkgCD/file.htmlCflow deobfuscated here:http://www20.zippyshare.com/v/1mA7P4N3/file.htmlStrings and constants still left to be decrypted.
May 7, 201510 yr Strings decrypted:http://www78.zippyshare.com/v/BjhnIMe8/file.htmlFinally completed now!
February 2, 20232 yr On 5/5/2015 at 9:28 PM, CodeExplorer said: Here is how to fix the error: http://blogs.msdn.com/b/drew/archive/2009/12/24/xunit-and-td-net-fixing-the-attempt-was-made-to-load-an-assembly-from-a-network-location-problem.aspx But it comes the second error: System.IO.FileLoadException: Could not load file or assembly 'Crack Me, Version=1.0.0.0, Culture=neutral, PublicKeyToken=null' or one of its dependencies. Attempt to load an unverifiable executable with fixups (IAT with more than 2 sections or a TLS section.) (Exception from HRESULT: 0x80131019) If I mark "IL only" from ".NET Directory" it will crush. What causes "Attempt to load an unverifiable executable with fixups" exception when try to Assembly.LoadFile?
February 2, 20232 yr 2 hours ago, cipsi said: What causes "Attempt to load an unverifiable executable with fixups" exception when try to Assembly.LoadFile? Mixed mode assembly, assembly which contains native code, check this: https://forum.tuts4you.com/topic/39332-hooking-clr-jit-before-cctor/?do=findComment&comment=188978
Create an account or sign in to comment