Jump to content
View in the app

A better way to browse. Learn more.

Tuts 4 You

A full-screen app on your home screen with push notifications, badges and more.

To install this app on iOS and iPadOS
  1. Tap the Share icon in Safari
  2. Scroll the menu and tap Add to Home Screen.
  3. Tap Add in the top-right corner.
To install this app on Android
  1. Tap the 3-dot menu (⋮) in the top-right corner of the browser.
  2. Tap Add to Home screen or Install app.
  3. Confirm by tapping Install.

Featured Replies

Posted

Difficulty: 3-5
Language : .NET
Platform: Windows 
OS Version: All
Packer / Protector : ConfuserEx Fork

Description :

Pretty heavily forked ConfuserEx and I'm not sure if it's good or not. If you get it cracked please post how you did it and don't just say "I used public tools", tell what tools and how. Thank you!

Screenshot :

ME2nWbW.png

Download :

CrackMe.exe

Solved by Cursedzx

Go to solution
  • 3 months later...
  • Solution

Unpacked!

1. Used dnspy to remove antitamper and the calls

2. converted all integer values that has something to do with strings ex: "epic".Length (my tool)

3. Resolved all SizeOf values with my tool

4. Calculated all math calls like Math.Truncate or Math.log10 with my tool
5. used de4dot to calculated the remaining stuff to get the field values.

6. grabbed the field values and removed the fields(marked as empty Types) with my tool

7. removed the cos and junk call that will always return 0 with any uint value you use in the parameter also marked as(marked as empty Types) (my tool)

8. cleaned the rest of math calculations with de4dot

9. TheProxy used his cflow killer to kill all the cflow

Credits:

TheProxy - Helping to remove the Cflow
Mighty - helped me to get the types from operand (for sizeOf resolver)

Autori and Blank - for tips
 

pass: 1830

Screenshot:

File:

0Pic.PNG

CrackMe3-StrToIntResolved-SizeOfRemoved-SysMathCallFixed-cleaned-EmptyTypesRemoved-EmptyTypesRemoved-cleaned_unpacked-StringDec-Cleaned.exe

Edited by Cursedzx

  • Author
On 5/3/2019 at 7:30 PM, Cursedzx said:

Unpacked!

1. Used dnspy to remove antitamper and the calls

2. converted all integer values that has something to do with strings ex: "epic".Length (my tool)

3. Resolved all SizeOf values with my tool

4. Calculated all math calls like Math.Truncate or Math.log10 with my tool
5. used de4dot to calculated the remaining stuff to get the field values.

6. grabbed the field values and removed the fields(marked as empty Types) with my tool

7. removed the cos and junk call that will always return 0 with any uint value you use in the parameter also marked as(marked as empty Types) (my tool)

8. cleaned the rest of math calculations with de4dot

9. TheProxy used his cflow killer to kill all the cflow

Credits:

TheProxy - Helping to remove the Cflow
Mighty - helped me to get the types from operand (for sizeOf resolver)

Autori and Blank - for tips
 

pass: 1830

Screenshot:

File:

0Pic.PNG

CrackMe3-StrToIntResolved-SizeOfRemoved-SysMathCallFixed-cleaned-EmptyTypesRemoved-EmptyTypesRemoved-cleaned_unpacked-StringDec-Cleaned.exe 916 kB · 4 downloads

Good work! 👍

  • 2 months later...

Finally I can also unpack this, My method:

- remove anti tamper with dnspy

- clean cflow and sizeOf, string.Length, Math's using modified confuser unpacker

- replace or inlining local variable like <Module>.a69ad3ae-21ea-4884-9794-dd4fb7db216a and proxy call to Math.cos using ILReplacer

- codeExplorer predicate killer and done.

 

CrackMe-cleaned.rar

  • 1 year later...

Hey Cursedzx  can you share your  Constant Decrypter by CursedSheep ..?

Create an account or sign in to comment

Configure browser push notifications

Chrome (Android)
  1. Tap the lock icon next to the address bar.
  2. Tap Permissions → Notifications.
  3. Adjust your preference.
Chrome (Desktop)
  1. Click the padlock icon in the address bar.
  2. Select Site settings.
  3. Find Notifications and adjust your preference.