Jump to content
Tuts 4 You

[Deobme] ConfuserEX 0.5 custom

XenocodeRCE

By XenocodeRCE
in UnPackMe (.NET)

 Share
Go to solution Solved by n0th!ng,

Recommended Posts

XenocodeRCE

XenocodeRCE

Posted
Posted (edited)

SIJ3cOb.png


 


 


Very simple modded version, nothing special.

CrackTest_.rar

Edited by XenocodeRCE
  • Like 2
  • Solution
n0th!ng

n0th!ng

Posted
  • Solution
Posted (edited)

not full unpacked 


ConfuserExExpressionKiller + then i used CodeCracker's appfuscator tools (old one) to fix the parameters of constants decryptions methods


P.S: forget to mention that you need to modify AppFuscatorConstantFill.exe a little in order to fix all the parameters


go to method "GetTypeSize" (Token : 0x06000009)


then change "System.Guid" to "System.Decimal"


then save it 


 


 


good luck 


unpacked.rar

Edited by n0th!ng
  • Like 4
XenocodeRCE

XenocodeRCE

Posted
  • Author
Posted

not full unpacked 

ConfuserExExpressionKiller + then i used CodeCracker's appfuscator tools (old one) to fix the parameters of constants decryptions methods

P.S: forget to mention that you need to modify AppFuscatorConstantFill.exe a little in order to fix all the parameters

go to method "GetTypeSize" (Token : 0x06000009)

then change "System.Guid" to "System.Decimal"

then save it 

 

 

good luck 

 

 

I take it as solved, since you only have to create a tool to statically remove the weak cflow.

Few questions though :

  1. InvalidMD protection mark (0-10) ?

Constant protection mark (0-10) ?

What shall I improve / do ?

Thanks for your answers

n0th!ng

n0th!ng

Posted
Posted (edited)

I take it as solved, since you only have to create a tool to statically remove the weak cflow.

Few questions though :

  1. InvalidMD protection mark (0-10) ?

Constant protection mark (0-10) ?

What shall I improve / do ?

Thanks for your answers

  1. InvalidMD protection mark (0-10) ?

  • it really didn't bother me since i used de4dot after dumping it so i can't evaluate it 

  1. Constant protection mark (0-10) ?

  • this is much more better then last time but i believe it can be better then this  (7/10)

  1. What shall I improve / do ?

  • Constants protections you may add some initializing variable(like in CFG) , or you can use the method name for example as a decryption key (i have a sample i will send it to you)

CFlow obfuscation , it is good as it is , but it was easy since i used CodeCracker's Tools , you can use native methods to do the operations like not or add ...etc

and it is better to think about another way to  store decrypted array of constants protections 

(off this unpackme) i tested your modded ConfuserEx's packer  , it is better not to depend on a fixed values like when it calculates entrypoint token

good luck i hope i helped you even a little 

Edited by n0th!ng
  • Like 2

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
 Share
Go to topic listing
×
×
  • Create New...