Posted January 14, 20196 yr Difficulty: 3-5 Language : .NET Platform: Windows OS Version: All Packer / Protector : ConfuserEx Fork Description : Pretty heavily forked ConfuserEx and I'm not sure if it's good or not. If you get it cracked please post how you did it and don't just say "I used public tools", tell what tools and how. Thank you! Screenshot : Download : CrackMe.exe
May 3, 20196 yr Solution Unpacked! 1. Used dnspy to remove antitamper and the calls 2. converted all integer values that has something to do with strings ex: "epic".Length (my tool) 3. Resolved all SizeOf values with my tool 4. Calculated all math calls like Math.Truncate or Math.log10 with my tool 5. used de4dot to calculated the remaining stuff to get the field values. 6. grabbed the field values and removed the fields(marked as empty Types) with my tool 7. removed the cos and junk call that will always return 0 with any uint value you use in the parameter also marked as(marked as empty Types) (my tool) 8. cleaned the rest of math calculations with de4dot 9. TheProxy used his cflow killer to kill all the cflow Credits: TheProxy - Helping to remove the Cflow Mighty - helped me to get the types from operand (for sizeOf resolver) Autori and Blank - for tips pass: 1830 Screenshot: File: CrackMe3-StrToIntResolved-SizeOfRemoved-SysMathCallFixed-cleaned-EmptyTypesRemoved-EmptyTypesRemoved-cleaned_unpacked-StringDec-Cleaned.exe Edited May 3, 20196 yr by Cursedzx
May 10, 20196 yr Author On 5/3/2019 at 7:30 PM, Cursedzx said: Unpacked! 1. Used dnspy to remove antitamper and the calls 2. converted all integer values that has something to do with strings ex: "epic".Length (my tool) 3. Resolved all SizeOf values with my tool 4. Calculated all math calls like Math.Truncate or Math.log10 with my tool 5. used de4dot to calculated the remaining stuff to get the field values. 6. grabbed the field values and removed the fields(marked as empty Types) with my tool 7. removed the cos and junk call that will always return 0 with any uint value you use in the parameter also marked as(marked as empty Types) (my tool) 8. cleaned the rest of math calculations with de4dot 9. TheProxy used his cflow killer to kill all the cflow Credits: TheProxy - Helping to remove the Cflow Mighty - helped me to get the types from operand (for sizeOf resolver) Autori and Blank - for tips pass: 1830 Screenshot: File: CrackMe3-StrToIntResolved-SizeOfRemoved-SysMathCallFixed-cleaned-EmptyTypesRemoved-EmptyTypesRemoved-cleaned_unpacked-StringDec-Cleaned.exe 916 kB · 4 downloads Good work! 👍
August 6, 20196 yr Finally I can also unpack this, My method: - remove anti tamper with dnspy - clean cflow and sizeOf, string.Length, Math's using modified confuser unpacker - replace or inlining local variable like <Module>.a69ad3ae-21ea-4884-9794-dd4fb7db216a and proxy call to Math.cos using ILReplacer - codeExplorer predicate killer and done. CrackMe-cleaned.rar
Create an account or sign in to comment