Jump to content
View in the app

A better way to browse. Learn more.
Tuts 4 You

A full-screen app on your home screen with push notifications, badges and more.

To install this app on iOS and iPadOS
  1. Tap the Share icon in Safari
  2. Scroll the menu and tap Add to Home Screen.
  3. Tap Add in the top-right corner.
To install this app on Android
  1. Tap the 3-dot menu (⋮) in the top-right corner of the browser.
  2. Tap Add to Home screen or Install app.
  3. Confirm by tapping Install.

ConfuserEx Light Test

Modify
Modify
in UnPackMe (.NET)

Featured Replies

Posted

Language : C#
Platform : Windows
OS Version : Windows 7 Above
Packer / Protector : ConfuserEx Plus Extra

Description :

Provide key, how?

Capture.JPG.ab29c5f5c9d6168b3d5169b2e45a1ddb.JPG.jpeg.f2b2cb7b186ab3830cd5c52e60790b7c.jpeg

UnPackMe.7z

    • Like 2

    Solved by Mr-Toms

    Go to solution

    For unpacking

    1) cawk unpacker
    2) dump after decryption
    3) fix EP
    4) Proxy call fixer by Davicore
    5) Strings decryptor by CC
    6) Switch killer by CC
    7) Dump resources (empty)
    😎 Clean cctor and <module>methods

    (maybe 4, 5 and 6 can be replaced by cawk unpacker again)

    I will check the key algo tomorrow, don't have time now.

    a29p-EP-anti2_noproxy_stringdec-cleaned_deobfuscated-res2-cctor-module.exe

     

    --------------------------------------------------------

     

    Username = "Usuario"

    Code = "161308" 

    int length = username.length();
int num2 = length + 2 - 4 + 40 + 10;
return Convert.ToString(419 * num2 * length - length);

     

    ---------------------------------------------------

     

    EDIT2: I have received a few PMs asking how to fix EP, so I will post the videos I used as reference here. Following this 2 videos you should be able to unpack confuserex fully.

     

     

    Edited by cachito
    Add result

    • Like 6

    Unpacked and cleaned file: DotNet_unpk_cln.exe

    KeyGen, because key depends by the length of the Windows user name: DotNet_KeyGen.exe

    Edited by #Sith
    Added description

    • 4 weeks later...
    • 2 years later...
    • Solution

    First thing you need to do is know what protection used on the .exe

    so as we can see its use compressor and my step isnt debugging it manually
    to grab original .exe

    my step is 
    1. i always use ManagedJiterFr4 to grab original .exe 
    drag n drop then press execute then continue and you will see the original exe there its renamed to a29p
    2. then press set asm then save asm 
    3. goto dnspy to remove the Tamper ( you can do it manually , theres alot of tutorial on YT)
    4. after you remove the tamper dont forget to set the right Entry Point , Luckily in this case theres no renamer used in Namespace so we can easily choose the right EP)
    5. Then you should remove Ref Proxy ( you can use any proxy call fixer )
    6. and you should remove CFlow ( use universal cfex cflow remover )
    7. Decrypt string using ConstantDec by CS

    and i think theres error on Activate Button ? it doesnt show anything when we put wrong key / the right key

     

    koi_NoTamp_FixEP_NoProxy_NoCFlow-ConstantDec.exe

    Create an account or sign in to comment

    Go to topic listing

    Configure browser push notifications
    Chrome (Android)
    1. Tap the lock icon next to the address bar.
    2. Tap Permissions → Notifications.
    3. Adjust your preference.
    Chrome (Desktop)
    1. Click the padlock icon in the address bar.
    2. Select Site settings.
    3. Find Notifications and adjust your preference.