Jump to content
View in the app

A better way to browse. Learn more.
Tuts 4 You

A full-screen app on your home screen with push notifications, badges and more.

To install this app on iOS and iPadOS
  1. Tap the Share icon in Safari
  2. Scroll the menu and tap Add to Home Screen.
  3. Tap Add in the top-right corner.
To install this app on Android
  1. Tap the 3-dot menu (⋮) in the top-right corner of the browser.
  2. Tap Add to Home screen or Install app.
  3. Confirm by tapping Install.

[CrackMe] ConfuserEX

CodeNatif
CodeNatif
in UnPackMe (.NET)

Featured Replies

Posted

KsGxqcw.png


 


Only obfuscated with ConfuserEX.


 


The objective is to unpack and crack the file.


CrackMe - ConfuserEX.rar

Edited by CodeNatif

Can't managed to deob string only because your file is using FW 4.5/4.5.1 and CC tools is compiled under 3.5/4.0


 


Only have to patch the simple if statement


 


Class%2BEditor%2B-%2BC__Users_samjam53_D


 


 


Nothing has been modded, you added fake watermark but it's useless since we can use de4dot argument to force unknown


  • Author

Can't managed to deob string only because your file is using FW 4.5/4.5.1 and CC tools is compiled under 3.5/4.0

 

Only have to patch the simple if statement

 

Class%2BEditor%2B-%2BC__Users_samjam53_D

 

 

Nothing has been modded, you added fake watermark but it's useless since we can use de4dot argument to force unknown

Can you post your cracked file ?

System.IO.FileLoadException: Could not load file or assembly 'Crack Me, Version=1.0.0.0, Culture=neutral, PublicKeyToken=null' or one of its dependencies. Operation is not supported. (Exception from HRESULT: 0x80131515)

File name: 'Crack Me, Version=1.0.0.0, Culture=neutral, PublicKeyToken=null' ---> System.NotSupportedException: An attempt was made to load an assembly from a network location which would have caused the assembly to be sandboxed in previous versions of the .NET Framework. This release of the .NET Framework does not enable CAS policy by default, so this load may be dangerous. If this load is not intended to sandbox the assembly, please enable the loadFromRemoteSources switch. See http://go.microsoft.com/fwlink/?LinkId=155569for more information.

   at System.Reflection.RuntimeAssembly._nLoad(AssemblyName fileName, String codeBase, Evidence assemblySecurity, RuntimeAssembly locationHint, StackCrawlMark& stackMark, Boolean throwOnFileNotFound, Boolean forIntrospection, Boolean suppressSecurityChecks)

   at System.Reflection.RuntimeAssembly.nLoad(AssemblyName fileName, String codeBase, Evidence assemblySecurity, RuntimeAssembly locationHint, StackCrawlMark& stackMark, Boolean throwOnFileNotFound, Boolean forIntrospection, Boolean suppressSecurityChecks)

   at System.Reflection.RuntimeAssembly.InternalLoadAssemblyName(AssemblyName assemblyRef, Evidence assemblySecurity, StackCrawlMark& stackMark, Boolean forIntrospection, Boolean suppressSecurityChecks)

   at System.Reflection.Assembly.Load(AssemblyName assemblyRef)

   at Confuser_Methods_Decryptor.MainForm.Button2Click(Object sender, EventArgs e) in d:\ConvertedTo45\ConfuserExMethodsDecryptor\ConfuserExMethodsDecryptor\MainForm.cs:line 173

Here is how to fix the error:

http://blogs.msdn.com/b/drew/archive/2009/12/24/xunit-and-td-net-fixing-the-attempt-was-made-to-load-an-assembly-from-a-network-location-problem.aspx

 

But it comes the second error:

System.IO.FileLoadException: Could not load file or assembly 'Crack Me, Version=1.0.0.0, Culture=neutral, PublicKeyToken=null' or one of its dependencies. Attempt to load an unverifiable executable with fixups (IAT with more than 2 sections or a TLS section.) (Exception from HRESULT: 0x80131019)

If I mark "IL only" from ".NET Directory" it will crush.

    •
    • Like 2

    It uses native code (x32 native predicates) so it is a little bit tricky to change the assembly,


    only works with dnlib.


    You must also dump the assembly with resources and attach resources.


    Unpacked file here:


    http://www45.zippyshare.com/v/tIfLjsda/file.html

    •
    • Like 3

    It uses native code (x32 native predicates) so it is a little bit tricky to change the assembly,

    only works with dnlib.

    You must also dump the assembly with resources and attach resources.

    Unpacked file here:

    http://www45.zippyshare.com/v/tIfLjsda/file.html

     

    You can get ride of x86 predicates easily (more or less) thanks to UbbeLoL and its paper. He also gave a nice snippet about how you could emulate the methods using BeaEngine and dnlib : https://github.com/UbbeLoL/ConfuserDeobfuscator/tree/x86emu/ConfuserDeobfuscator/ConfuserDeobfuscator/Engine/Routines/Ex/x86

     

    But as proven / stated before, removing cflow is not really necessary if the purpose is only cracking this file

    cflow can't decrypt of new confuser . pass : -115661398


     


    here is my unpack


    Crack Me_Unpacked.zip

    Crack Me_Cracked.zip

    Edited by Death

    • Like 3
    • 7 years later...
    On 5/5/2015 at 9:28 PM, CodeExplorer said:

    Here is how to fix the error:

    http://blogs.msdn.com/b/drew/archive/2009/12/24/xunit-and-td-net-fixing-the-attempt-was-made-to-load-an-assembly-from-a-network-location-problem.aspx

     

    But it comes the second error:

    System.IO.FileLoadException: Could not load file or assembly 'Crack Me, Version=1.0.0.0, Culture=neutral, PublicKeyToken=null' or one of its dependencies. Attempt to load an unverifiable executable with fixups (IAT with more than 2 sections or a TLS section.) (Exception from HRESULT: 0x80131019)

    If I mark "IL only" from ".NET Directory" it will crush.

    What causes "Attempt to load an unverifiable executable with fixups" exception when try to Assembly.LoadFile?

    Create an account or sign in to comment

    Go to topic listing

    Configure browser push notifications
    Chrome (Android)
    1. Tap the lock icon next to the address bar.
    2. Tap Permissions → Notifications.
    3. Adjust your preference.
    Chrome (Desktop)
    1. Click the padlock icon in the address bar.
    2. Select Site settings.
    3. Find Notifications and adjust your preference.