Annie Posted January 12, 2018 Share Posted January 12, 2018 Difficulty : 2-4Language : .NET/C#Platform : WindowsOS Version : AllPacker / Protector : Custom ConfuserEx Description: Should Be A Very Simple Unpack/Crack Me. Pretty Easy To Remove Anti Tamper. Objective: Unpack And Attach Unobfuscated File And Or Post The Message Box Saying Success! Screenshot(s): Download https://mega.nz/#!wToG3QRD!8XuTTHHbO7zcJiuiBaPxah9kyHIXy4IhIEOCmMM-RvE Virus Total https://www.virustotal.com/#/file/fb2eecda047c4c55d23d598de4b342a48baf4697192fa76c90e1e3c1d50f06c0/detection (False Postives Due To It Being Obfuscated!) Unpack Me - Chinx.exe Link to comment Share on other sites More sharing options...
BackBox Posted January 14, 2018 Share Posted January 14, 2018 Spoiler 44544F3546F554453434F34C534F42423432343565UH55TFG67876876H76768424332434 う果ば unpacked.exe 2 2 Link to comment Share on other sites More sharing options...
Annie Posted January 14, 2018 Author Share Posted January 14, 2018 43 minutes ago, BackBox said: Hide contents 44544F3546F554453434F34C534F42423432343565UH55TFG67876876H76768424332434 う果ば unpacked.exe Tutorial? Link to comment Share on other sites More sharing options...
MindSystem Posted January 14, 2018 Share Posted January 14, 2018 Confuserex "Mod" become worse and worse... A lot of memory is use for shit. Is that useful to add so much attributes? Junk class, ... are useless, they can be removed with publics tools. Tutorial : https://mindlocksite.wordpress.com/2017/02/11/easy-way-to-unpack-confuserex-1-0-max-settings/ The only thing to do is to modify a constant decryptor to patch the anti-invoke : https://mindlocksite.wordpress.com/2017/08/31/mod-confuserex-to-counter-public-tools/ Unpack Me - Unpacked.exe 1 Link to comment Share on other sites More sharing options...
HoLLy Posted January 15, 2018 Share Posted January 15, 2018 Since this one is already solved, I decided to go about it another way. Your protection kills off a bunch of tools, including dnSpy (so rude!) which killed part of my motivation and I didn't have a tool to fix the strings after the methods were decrypted (though I did find the check). Spoiler I just opened the program, entered something random to trigger the check against the key and looked for the error message with good old Cheat Engine. I initially looked for UTF-16 strings since I remember reading that it is what .NET uses internally, but I didn't find anything useful. Using UTF-8 I found one result and when looking in the memory region I noticed a big blob of semi-random bytes inside a region otherwise filled with strings. Changed text-encoding to UTF-8 and the result is what you see in the screenshot below. Then I copied that entire string, pasted it in, and voila! This is a pretty lame method that should only work in rare cases, but I didn't have any tools for ConfuserEx and didn't want to code any up myself. Proof: 1 2 Link to comment Share on other sites More sharing options...
Xen Posted December 11, 2018 Share Posted December 11, 2018 I was able to unpack it, and get the key, and it continues to fail. Maybe its just a bad crackme. Still was a fun challenge, but the dnspy kill really annoyed me Link to comment Share on other sites More sharing options...
Recommended Posts
Create an account or sign in to comment
You need to be a member in order to leave a comment
Create an account
Sign up for a new account in our community. It's easy!
Register a new accountSign in
Already have an account? Sign in here.
Sign In Now