Jump to content
Tuts 4 You
  • 0
Zyhes

ConfuserEx Fork

Question

Zyhes

Difficulty: 3-5
Language : .NET
Platform: Windows 
OS Version: All
Packer / Protector : ConfuserEx Fork

Description :

Pretty heavily forked ConfuserEx and I'm not sure if it's good or not. If you get it cracked please post how you did it and don't just say "I used public tools", tell what tools and how. Thank you!

Screenshot :

ME2nWbW.png

Download :

CrackMe.exe

Share this post


Link to post

2 answers to this question

Recommended Posts

  • 1
Cursedzx
Posted (edited)

Unpacked!

1. Used dnspy to remove antitamper and the calls

2. converted all integer values that has something to do with strings ex: "epic".Length (my tool)

3. Resolved all SizeOf values with my tool

4. Calculated all math calls like Math.Truncate or Math.log10 with my tool
5. used de4dot to calculated the remaining stuff to get the field values.

6. grabbed the field values and removed the fields(marked as empty Types) with my tool

7. removed the cos and junk call that will always return 0 with any uint value you use in the parameter also marked as(marked as empty Types) (my tool)

8. cleaned the rest of math calculations with de4dot

9. TheProxy used his cflow killer to kill all the cflow

Credits:

TheProxy - Helping to remove the Cflow
Mighty - helped me to get the types from operand (for sizeOf resolver)

Autori and Blank - for tips
 

pass: 1830

Screenshot:

File:

0Pic.PNG

CrackMe3-StrToIntResolved-SizeOfRemoved-SysMathCallFixed-cleaned-EmptyTypesRemoved-EmptyTypesRemoved-cleaned_unpacked-StringDec-Cleaned.exe

Edited by Cursedzx (see edit history)
  • Like 1

Share this post


Link to post
  • 0
Zyhes
On 5/3/2019 at 7:30 PM, Cursedzx said:

Unpacked!

1. Used dnspy to remove antitamper and the calls

2. converted all integer values that has something to do with strings ex: "epic".Length (my tool)

3. Resolved all SizeOf values with my tool

4. Calculated all math calls like Math.Truncate or Math.log10 with my tool
5. used de4dot to calculated the remaining stuff to get the field values.

6. grabbed the field values and removed the fields(marked as empty Types) with my tool

7. removed the cos and junk call that will always return 0 with any uint value you use in the parameter also marked as(marked as empty Types) (my tool)

8. cleaned the rest of math calculations with de4dot

9. TheProxy used his cflow killer to kill all the cflow

Credits:

TheProxy - Helping to remove the Cflow
Mighty - helped me to get the types from operand (for sizeOf resolver)

Autori and Blank - for tips
 

pass: 1830

Screenshot:

File:

0Pic.PNG

CrackMe3-StrToIntResolved-SizeOfRemoved-SysMathCallFixed-cleaned-EmptyTypesRemoved-EmptyTypesRemoved-cleaned_unpacked-StringDec-Cleaned.exe 916 kB · 4 downloads

Good work! 👍

Share this post


Link to post

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
×
×
  • Create New...