Posted January 23, 20196 yr Language : C# Platform : Windows OS Version : Windows 7 Above Packer / Protector : ConfuserEx Plus Extra Description : Provide key, how? UnPackMe.7z
January 24, 20196 yr For unpacking 1) cawk unpacker 2) dump after decryption 3) fix EP 4) Proxy call fixer by Davicore 5) Strings decryptor by CC 6) Switch killer by CC 7) Dump resources (empty) 😎 Clean cctor and <module>methods (maybe 4, 5 and 6 can be replaced by cawk unpacker again) I will check the key algo tomorrow, don't have time now. a29p-EP-anti2_noproxy_stringdec-cleaned_deobfuscated-res2-cctor-module.exe -------------------------------------------------------- Username = "Usuario" Code = "161308" int length = username.length(); int num2 = length + 2 - 4 + 40 + 10; return Convert.ToString(419 * num2 * length - length); --------------------------------------------------- EDIT2: I have received a few PMs asking how to fix EP, so I will post the videos I used as reference here. Following this 2 videos you should be able to unpack confuserex fully. Edited February 6, 20196 yr by cachito Add result
January 25, 20196 yr Unpacked and cleaned file: DotNet_unpk_cln.exe KeyGen, because key depends by the length of the Windows user name: DotNet_KeyGen.exe Edited January 25, 20196 yr by #Sith Added description
February 18, 20196 yr here a Project generating right key https://www45.zippyshare.com/v/6pf4s7E5/file.html WindowsApp1.rar
April 16, 20214 yr Solution First thing you need to do is know what protection used on the .exe so as we can see its use compressor and my step isnt debugging it manually to grab original .exe my step is 1. i always use ManagedJiterFr4 to grab original .exe drag n drop then press execute then continue and you will see the original exe there its renamed to a29p 2. then press set asm then save asm 3. goto dnspy to remove the Tamper ( you can do it manually , theres alot of tutorial on YT) 4. after you remove the tamper dont forget to set the right Entry Point , Luckily in this case theres no renamer used in Namespace so we can easily choose the right EP) 5. Then you should remove Ref Proxy ( you can use any proxy call fixer ) 6. and you should remove CFlow ( use universal cfex cflow remover ) 7. Decrypt string using ConstantDec by CS and i think theres error on Activate Button ? it doesnt show anything when we put wrong key / the right key koi_NoTamp_FixEP_NoProxy_NoCFlow-ConstantDec.exe
Create an account or sign in to comment