Jump to content
View in the app

A better way to browse. Learn more.
Tuts 4 You

A full-screen app on your home screen with push notifications, badges and more.

To install this app on iOS and iPadOS
  1. Tap the Share icon in Safari
  2. Scroll the menu and tap Add to Home Screen.
  3. Tap Add in the top-right corner.
To install this app on Android
  1. Tap the 3-dot menu (⋮) in the top-right corner of the browser.
  2. Tap Add to Home screen or Install app.
  3. Confirm by tapping Install.

Custom ConfuserEx

Annie
Annie
in CrackMe

Featured Replies

Posted
Difficulty : 2-4
Language : .NET/C#
Platform : Windows
OS Version : All
Packer / Protector : Custom ConfuserEx
 
Description:
Should Be A Very Simple Unpack/Crack Me. Pretty Easy To Remove Anti Tamper.
 
Objective:
Unpack And Attach Unobfuscated File And Or Post The Message Box Saying Success!
 
Screenshot(s):

Unpack Me - Chinx.exe

r5iZno8KTr_bV8or8_kM2g.png

rqiQ40gXQnCMqx8GQ-Cy7Q.png

Spoiler

44544F3546F554453434F34C534F42423432343565UH55TFG67876876H76768424332434 う果ば

 

unpacked.exe

    •
    • Like 2
    • Thanks 2
    • Author
    43 minutes ago, BackBox said:

    r5iZno8KTr_bV8or8_kM2g.png

    rqiQ40gXQnCMqx8GQ-Cy7Q.png

      Hide contents

    44544F3546F554453434F34C534F42423432343565UH55TFG67876876H76768424332434 う果ば

     

    unpacked.exe

    Tutorial?

    Confuserex "Mod" become worse and worse... A lot of memory is use for shit. Is that useful to add so much attributes? Junk class, ... are useless, they can be removed with publics tools. 
     

    Tutorial : 

    https://mindlocksite.wordpress.com/2017/02/11/easy-way-to-unpack-confuserex-1-0-max-settings/

     

    The only thing to do is to modify a constant decryptor to patch the anti-invoke : https://mindlocksite.wordpress.com/2017/08/31/mod-confuserex-to-counter-public-tools/

     

     

    Screenshot_1.png

    Unpack Me - Unpacked.exe

    •
    • Thanks 1

    Since this one is already solved, I decided to go about it another way. Your protection kills off a bunch of tools, including dnSpy (so rude!) which killed part of my motivation and I didn't have a tool to fix the strings after the methods were decrypted (though I did find the check).

    Spoiler

     

    I just opened the program, entered something random to trigger the check against the key and looked for the error message with good old Cheat Engine. I initially looked for UTF-16 strings since I remember reading that it is what .NET uses internally, but I didn't find anything useful. Using UTF-8 I found one result and when looking in the memory region I noticed a big blob of semi-random bytes inside a region otherwise filled with strings. Changed text-encoding to UTF-8 and the result is what you see in the screenshot below.

    Then I copied that entire string, pasted it in, and voila! This is a pretty lame method that should only work in rare cases, but I didn't have any tools for ConfuserEx and didn't want to code any up myself.

    Proof:
     ocd3VCD.png

     

     

    • Like 1
    • Thanks 2
    • 10 months later...

    I was able to unpack it, and get the key, and it continues to fail. Maybe its just a bad crackme. Still was a fun challenge, but the dnspy kill really annoyed me

    Create an account or sign in to comment

    Go to topic listing

    Configure browser push notifications
    Chrome (Android)
    1. Tap the lock icon next to the address bar.
    2. Tap Permissions → Notifications.
    3. Adjust your preference.
    Chrome (Desktop)
    1. Click the padlock icon in the address bar.
    2. Select Site settings.
    3. Find Notifications and adjust your preference.