Jump to content
Tuts 4 You

ConfuserEx Fork


Zyhes

Recommended Posts

Difficulty: 3-5
Language : .NET
Platform: Windows 
OS Version: All
Packer / Protector : ConfuserEx Fork

Description :

Pretty heavily forked ConfuserEx and I'm not sure if it's good or not. If you get it cracked please post how you did it and don't just say "I used public tools", tell what tools and how. Thank you!

Screenshot :

ME2nWbW.png

Download :

CrackMe.exe

Link to post
  • 3 months later...
Cursedzx

Unpacked!

1. Used dnspy to remove antitamper and the calls

2. converted all integer values that has something to do with strings ex: "epic".Length (my tool)

3. Resolved all SizeOf values with my tool

4. Calculated all math calls like Math.Truncate or Math.log10 with my tool
5. used de4dot to calculated the remaining stuff to get the field values.

6. grabbed the field values and removed the fields(marked as empty Types) with my tool

7. removed the cos and junk call that will always return 0 with any uint value you use in the parameter also marked as(marked as empty Types) (my tool)

8. cleaned the rest of math calculations with de4dot

9. TheProxy used his cflow killer to kill all the cflow

Credits:

TheProxy - Helping to remove the Cflow
Mighty - helped me to get the types from operand (for sizeOf resolver)

Autori and Blank - for tips
 

pass: 1830

Screenshot:

File:

0Pic.PNG

CrackMe3-StrToIntResolved-SizeOfRemoved-SysMathCallFixed-cleaned-EmptyTypesRemoved-EmptyTypesRemoved-cleaned_unpacked-StringDec-Cleaned.exe

Edited by Cursedzx (see edit history)
  • Like 1
Link to post
On 5/3/2019 at 7:30 PM, Cursedzx said:

Unpacked!

1. Used dnspy to remove antitamper and the calls

2. converted all integer values that has something to do with strings ex: "epic".Length (my tool)

3. Resolved all SizeOf values with my tool

4. Calculated all math calls like Math.Truncate or Math.log10 with my tool
5. used de4dot to calculated the remaining stuff to get the field values.

6. grabbed the field values and removed the fields(marked as empty Types) with my tool

7. removed the cos and junk call that will always return 0 with any uint value you use in the parameter also marked as(marked as empty Types) (my tool)

8. cleaned the rest of math calculations with de4dot

9. TheProxy used his cflow killer to kill all the cflow

Credits:

TheProxy - Helping to remove the Cflow
Mighty - helped me to get the types from operand (for sizeOf resolver)

Autori and Blank - for tips
 

pass: 1830

Screenshot:

File:

0Pic.PNG

CrackMe3-StrToIntResolved-SizeOfRemoved-SysMathCallFixed-cleaned-EmptyTypesRemoved-EmptyTypesRemoved-cleaned_unpacked-StringDec-Cleaned.exe 916 kB · 4 downloads

Good work! 👍

Link to post
  • 2 months later...

Finally I can also unpack this, My method:

- remove anti tamper with dnspy

- clean cflow and sizeOf, string.Length, Math's using modified confuser unpacker

- replace or inlining local variable like <Module>.a69ad3ae-21ea-4884-9794-dd4fb7db216a and proxy call to Math.cos using ILReplacer

- codeExplorer predicate killer and done.

 

CrackMe-cleaned.rar

  • Like 1
Link to post
  • 1 year later...

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
×
×
  • Create New...