Modify Posted January 23, 2019 Posted January 23, 2019 Language : C# Platform : Windows OS Version : Windows 7 Above Packer / Protector : ConfuserEx Plus Extra Description : Provide key, how? UnPackMe.7z 2
cachito Posted January 24, 2019 Posted January 24, 2019 (edited) For unpacking 1) cawk unpacker 2) dump after decryption 3) fix EP 4) Proxy call fixer by Davicore 5) Strings decryptor by CC 6) Switch killer by CC 7) Dump resources (empty) 😎 Clean cctor and <module>methods (maybe 4, 5 and 6 can be replaced by cawk unpacker again) I will check the key algo tomorrow, don't have time now. a29p-EP-anti2_noproxy_stringdec-cleaned_deobfuscated-res2-cctor-module.exe -------------------------------------------------------- Username = "Usuario" Code = "161308" int length = username.length(); int num2 = length + 2 - 4 + 40 + 10; return Convert.ToString(419 * num2 * length - length); --------------------------------------------------- EDIT2: I have received a few PMs asking how to fix EP, so I will post the videos I used as reference here. Following this 2 videos you should be able to unpack confuserex fully. Edited February 6, 2019 by cachito Add result 6
#Sith Posted January 25, 2019 Posted January 25, 2019 (edited) Unpacked and cleaned file: DotNet_unpk_cln.exe KeyGen, because key depends by the length of the Windows user name: DotNet_KeyGen.exe Edited January 25, 2019 by #Sith Added description
xxx22xxx Posted February 18, 2019 Posted February 18, 2019 here a Project generating right key https://www45.zippyshare.com/v/6pf4s7E5/file.html WindowsApp1.rar
Solution Mr-Toms Posted April 16, 2021 Solution Posted April 16, 2021 First thing you need to do is know what protection used on the .exe so as we can see its use compressor and my step isnt debugging it manually to grab original .exe my step is 1. i always use ManagedJiterFr4 to grab original .exe drag n drop then press execute then continue and you will see the original exe there its renamed to a29p 2. then press set asm then save asm 3. goto dnspy to remove the Tamper ( you can do it manually , theres alot of tutorial on YT) 4. after you remove the tamper dont forget to set the right Entry Point , Luckily in this case theres no renamer used in Namespace so we can easily choose the right EP) 5. Then you should remove Ref Proxy ( you can use any proxy call fixer ) 6. and you should remove CFlow ( use universal cfex cflow remover ) 7. Decrypt string using ConstantDec by CS and i think theres error on Activate Button ? it doesnt show anything when we put wrong key / the right key koi_NoTamp_FixEP_NoProxy_NoCFlow-ConstantDec.exe
Recommended Posts
Create an account or sign in to comment
You need to be a member in order to leave a comment
Create an account
Sign up for a new account in our community. It's easy!
Register a new accountSign in
Already have an account? Sign in here.
Sign In Now