Jump to content
Tuts 4 You

[Deobme] ConfuserEX 0.5 custom


XenocodeRCE
Go to solution Solved by n0th!ng,

Recommended Posts

  • Solution

not full unpacked 


ConfuserExExpressionKiller + then i used CodeCracker's appfuscator tools (old one) to fix the parameters of constants decryptions methods


P.S: forget to mention that you need to modify AppFuscatorConstantFill.exe a little in order to fix all the parameters


go to method "GetTypeSize" (Token : 0x06000009)


then change "System.Guid" to "System.Decimal"


then save it 


 


 


good luck 


unpacked.rar

Edited by n0th!ng
  • Like 4
Link to comment
XenocodeRCE

not full unpacked 

ConfuserExExpressionKiller + then i used CodeCracker's appfuscator tools (old one) to fix the parameters of constants decryptions methods

P.S: forget to mention that you need to modify AppFuscatorConstantFill.exe a little in order to fix all the parameters

go to method "GetTypeSize" (Token : 0x06000009)

then change "System.Guid" to "System.Decimal"

then save it 

 

 

good luck 

 

 

I take it as solved, since you only have to create a tool to statically remove the weak cflow.

Few questions though :

  1. InvalidMD protection mark (0-10) ?

Constant protection mark (0-10) ?

What shall I improve / do ?

Thanks for your answers

Link to comment

I take it as solved, since you only have to create a tool to statically remove the weak cflow.

Few questions though :

  1. InvalidMD protection mark (0-10) ?

Constant protection mark (0-10) ?

What shall I improve / do ?

Thanks for your answers

  1. InvalidMD protection mark (0-10) ?

  • it really didn't bother me since i used de4dot after dumping it so i can't evaluate it 

  1. Constant protection mark (0-10) ?

  • this is much more better then last time but i believe it can be better then this  (7/10)

  1. What shall I improve / do ?

  • Constants protections you may add some initializing variable(like in CFG) , or you can use the method name for example as a decryption key (i have a sample i will send it to you)

CFlow obfuscation , it is good as it is , but it was easy since i used CodeCracker's Tools , you can use native methods to do the operations like not or add ...etc

and it is better to think about another way to  store decrypted array of constants protections 

(off this unpackme) i tested your modded ConfuserEx's packer  , it is better not to depend on a fixed values like when it calculates entrypoint token

good luck i hope i helped you even a little 

Edited by n0th!ng
  • Like 2
Link to comment

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
×
×
  • Create New...