Jump to content
Tuts 4 You
  • 0
Sign in to follow this  
Annie

Custom ConfuserEx

Question

Annie
Difficulty : 2-4
Language : .NET/C#
Platform : Windows
OS Version : All
Packer / Protector : Custom ConfuserEx
 
Description:
Should Be A Very Simple Unpack/Crack Me. Pretty Easy To Remove Anti Tamper.
 
Objective:
Unpack And Attach Unobfuscated File And Or Post The Message Box Saying Success!
 
Screenshot(s):

Unpack Me - Chinx.exe

Share this post


Link to post

5 answers to this question

Recommended Posts

  • 1
BackBox

r5iZno8KTr_bV8or8_kM2g.png

rqiQ40gXQnCMqx8GQ-Cy7Q.png

Spoiler

44544F3546F554453434F34C534F42423432343565UH55TFG67876876H76768424332434 う果ば

 

unpacked.exe

  • Like 2
  • Thanks 2

Share this post


Link to post
  • 0
Annie
43 minutes ago, BackBox said:

r5iZno8KTr_bV8or8_kM2g.png

rqiQ40gXQnCMqx8GQ-Cy7Q.png

  Hide contents

44544F3546F554453434F34C534F42423432343565UH55TFG67876876H76768424332434 う果ば

 

unpacked.exe

Tutorial?

Share this post


Link to post
  • 0
MindSystem

Confuserex "Mod" become worse and worse... A lot of memory is use for shit. Is that useful to add so much attributes? Junk class, ... are useless, they can be removed with publics tools. 
 

Tutorial : 

https://mindlocksite.wordpress.com/2017/02/11/easy-way-to-unpack-confuserex-1-0-max-settings/

 

The only thing to do is to modify a constant decryptor to patch the anti-invoke : https://mindlocksite.wordpress.com/2017/08/31/mod-confuserex-to-counter-public-tools/

 

 

Screenshot_1.png

Unpack Me - Unpacked.exe

  • Thanks 1

Share this post


Link to post
  • 0
HoLLy

Since this one is already solved, I decided to go about it another way. Your protection kills off a bunch of tools, including dnSpy (so rude!) which killed part of my motivation and I didn't have a tool to fix the strings after the methods were decrypted (though I did find the check).

Spoiler

 

I just opened the program, entered something random to trigger the check against the key and looked for the error message with good old Cheat Engine. I initially looked for UTF-16 strings since I remember reading that it is what .NET uses internally, but I didn't find anything useful. Using UTF-8 I found one result and when looking in the memory region I noticed a big blob of semi-random bytes inside a region otherwise filled with strings. Changed text-encoding to UTF-8 and the result is what you see in the screenshot below.

Then I copied that entire string, pasted it in, and voila! This is a pretty lame method that should only work in rare cases, but I didn't have any tools for ConfuserEx and didn't want to code any up myself.

Proof:
 ocd3VCD.png

 

 

  • Like 1
  • Thanks 2

Share this post


Link to post
  • 0
Xen

I was able to unpack it, and get the key, and it continues to fail. Maybe its just a bad crackme. Still was a fun challenge, but the dnspy kill really annoyed me

Share this post


Link to post

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
Sign in to follow this  
×
×
  • Create New...