Jump to content
Tuts 4 You

[CrackMe] ConfuserEX


CodeNatif

Recommended Posts

XenocodeRCE

Can't managed to deob string only because your file is using FW 4.5/4.5.1 and CC tools is compiled under 3.5/4.0


 


Only have to patch the simple if statement


 


Class%2BEditor%2B-%2BC__Users_samjam53_D


 


 


Nothing has been modded, you added fake watermark but it's useless since we can use de4dot argument to force unknown


Link to comment
CodeNatif

Can't managed to deob string only because your file is using FW 4.5/4.5.1 and CC tools is compiled under 3.5/4.0

 

Only have to patch the simple if statement

 

Class%2BEditor%2B-%2BC__Users_samjam53_D

 

 

Nothing has been modded, you added fake watermark but it's useless since we can use de4dot argument to force unknown

Can you post your cracked file ?

Link to comment
CodeExplorer
System.IO.FileLoadException: Could not load file or assembly 'Crack Me, Version=1.0.0.0, Culture=neutral, PublicKeyToken=null' or one of its dependencies. Operation is not supported. (Exception from HRESULT: 0x80131515)

File name: 'Crack Me, Version=1.0.0.0, Culture=neutral, PublicKeyToken=null' ---> System.NotSupportedException: An attempt was made to load an assembly from a network location which would have caused the assembly to be sandboxed in previous versions of the .NET Framework. This release of the .NET Framework does not enable CAS policy by default, so this load may be dangerous. If this load is not intended to sandbox the assembly, please enable the loadFromRemoteSources switch. See http://go.microsoft.com/fwlink/?LinkId=155569for more information.

   at System.Reflection.RuntimeAssembly._nLoad(AssemblyName fileName, String codeBase, Evidence assemblySecurity, RuntimeAssembly locationHint, StackCrawlMark& stackMark, Boolean throwOnFileNotFound, Boolean forIntrospection, Boolean suppressSecurityChecks)

   at System.Reflection.RuntimeAssembly.nLoad(AssemblyName fileName, String codeBase, Evidence assemblySecurity, RuntimeAssembly locationHint, StackCrawlMark& stackMark, Boolean throwOnFileNotFound, Boolean forIntrospection, Boolean suppressSecurityChecks)

   at System.Reflection.RuntimeAssembly.InternalLoadAssemblyName(AssemblyName assemblyRef, Evidence assemblySecurity, StackCrawlMark& stackMark, Boolean forIntrospection, Boolean suppressSecurityChecks)

   at System.Reflection.Assembly.Load(AssemblyName assemblyRef)

   at Confuser_Methods_Decryptor.MainForm.Button2Click(Object sender, EventArgs e) in d:\ConvertedTo45\ConfuserExMethodsDecryptor\ConfuserExMethodsDecryptor\MainForm.cs:line 173

Here is how to fix the error:

http://blogs.msdn.com/b/drew/archive/2009/12/24/xunit-and-td-net-fixing-the-attempt-was-made-to-load-an-assembly-from-a-network-location-problem.aspx

 

But it comes the second error:

System.IO.FileLoadException: Could not load file or assembly 'Crack Me, Version=1.0.0.0, Culture=neutral, PublicKeyToken=null' or one of its dependencies. Attempt to load an unverifiable executable with fixups (IAT with more than 2 sections or a TLS section.) (Exception from HRESULT: 0x80131019)

If I mark "IL only" from ".NET Directory" it will crush.

  • Like 2
Link to comment
XenocodeRCE

It uses native code (x32 native predicates) so it is a little bit tricky to change the assembly,

only works with dnlib.

You must also dump the assembly with resources and attach resources.

Unpacked file here:

http://www45.zippyshare.com/v/tIfLjsda/file.html

 

You can get ride of x86 predicates easily (more or less) thanks to UbbeLoL and its paper. He also gave a nice snippet about how you could emulate the methods using BeaEngine and dnlib : https://github.com/UbbeLoL/ConfuserDeobfuscator/tree/x86emu/ConfuserDeobfuscator/ConfuserDeobfuscator/Engine/Routines/Ex/x86

 

But as proven / stated before, removing cflow is not really necessary if the purpose is only cracking this file

Link to comment

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
×
×
  • Create New...