Jump to content
View in the app

A better way to browse. Learn more.
Tuts 4 You

A full-screen app on your home screen with push notifications, badges and more.

To install this app on iOS and iPadOS
  1. Tap the Share icon in Safari
  2. Scroll the menu and tap Add to Home Screen.
  3. Tap Add in the top-right corner.
To install this app on Android
  1. Tap the 3-dot menu (⋮) in the top-right corner of the browser.
  2. Tap Add to Home screen or Install app.
  3. Confirm by tapping Install.

[Deobme] ConfuserEX 0.5 custom

XenocodeRCE
XenocodeRCE
in UnPackMe (.NET)

Featured Replies

Posted

SIJ3cOb.png


 


 


Very simple modded version, nothing special.

CrackTest_.rar

Edited by XenocodeRCE

    • Like 2

    Solved by n0th!ng

    Go to solution
    • Solution

    not full unpacked 


    ConfuserExExpressionKiller + then i used CodeCracker's appfuscator tools (old one) to fix the parameters of constants decryptions methods


    P.S: forget to mention that you need to modify AppFuscatorConstantFill.exe a little in order to fix all the parameters


    go to method "GetTypeSize" (Token : 0x06000009)


    then change "System.Guid" to "System.Decimal"


    then save it 


     


     


    good luck 


    unpacked.rar

    Edited by n0th!ng

    • Like 4
    • Author

    not full unpacked 

    ConfuserExExpressionKiller + then i used CodeCracker's appfuscator tools (old one) to fix the parameters of constants decryptions methods

    P.S: forget to mention that you need to modify AppFuscatorConstantFill.exe a little in order to fix all the parameters

    go to method "GetTypeSize" (Token : 0x06000009)

    then change "System.Guid" to "System.Decimal"

    then save it 

     

     

    good luck 

     

     

    I take it as solved, since you only have to create a tool to statically remove the weak cflow.

    Few questions though :

    1. InvalidMD protection mark (0-10) ?

    Constant protection mark (0-10) ?

    What shall I improve / do ?

    Thanks for your answers

    I take it as solved, since you only have to create a tool to statically remove the weak cflow.

    Few questions though :

    1. InvalidMD protection mark (0-10) ?

    Constant protection mark (0-10) ?

    What shall I improve / do ?

    Thanks for your answers

    1. InvalidMD protection mark (0-10) ?

    • it really didn't bother me since i used de4dot after dumping it so i can't evaluate it 

    1. Constant protection mark (0-10) ?

    • this is much more better then last time but i believe it can be better then this  (7/10)

    1. What shall I improve / do ?

    • Constants protections you may add some initializing variable(like in CFG) , or you can use the method name for example as a decryption key (i have a sample i will send it to you)

    CFlow obfuscation , it is good as it is , but it was easy since i used CodeCracker's Tools , you can use native methods to do the operations like not or add ...etc

    and it is better to think about another way to  store decrypted array of constants protections 

    (off this unpackme) i tested your modded ConfuserEx's packer  , it is better not to depend on a fixed values like when it calculates entrypoint token

    good luck i hope i helped you even a little 

    Edited by n0th!ng

    • Like 2

    Create an account or sign in to comment

    Go to topic listing

    Configure browser push notifications
    Chrome (Android)
    1. Tap the lock icon next to the address bar.
    2. Tap Permissions → Notifications.
    3. Adjust your preference.
    Chrome (Desktop)
    1. Click the padlock icon in the address bar.
    2. Select Site settings.
    3. Find Notifications and adjust your preference.