Jump to content
View in the app

A better way to browse. Learn more.
Tuts 4 You

A full-screen app on your home screen with push notifications, badges and more.

To install this app on iOS and iPadOS
  1. Tap the Share icon in Safari
  2. Scroll the menu and tap Add to Home Screen.
  3. Tap Add in the top-right corner.
To install this app on Android
  1. Tap the 3-dot menu (⋮) in the top-right corner of the browser.
  2. Tap Add to Home screen or Install app.
  3. Confirm by tapping Install.

Modded ConfuserEx (Find the Password)

BillsTheGod
BillsTheGod
in CrackMe

Featured Replies

Posted

Platform: Windows
Language: C#/.NET
OS Version: Windows 10 (I only tested on it so)
Protector: Modded ConfuserEx

Objective:

Modification to ConfuserEx; constants, math protection, variablesmelter, antide4dot (broked rn), three antidebugs (one inside antitamper), sizeof, antivm, antiemulator, antidnspy, antijustdecompiler, intergritychecking, typescrambler etc 

Unpack the file and find the password. Document how you deobfuscated it.

https://www.virustotal.com/#/file/3cd889f4be35cb440f4a4a1c3ececc62a7075ccddeb76553e06ad12e96d94fe4/detection (false positive because of the obfuscation)

If there are any errors in this thread or in my english, I am sorry, it is my first time at this forum and I am brazillian :P

Screenshot:

0c8ef07abe03f71a2898c921b8abeb7f.png

Download: 

CrackMee.exe

Solved by XenocodeRCE

Go to solution
  • 1 month later...
  • Solution

Hello

 

Password is

 

Spoiler

firsttahsaying2435dgauuatherworksainsewerofadamyheadi

 

It's relatively easy to get the corretc flag. All your obfuscation routines is not usefull against memory scanning. Enter a wrong pass, click on button, get wrong pass flag, search for it in memory, and the good password is in clear in the file.

 

Also you should consider something as far as dnlib is concerned to shrunk the old strings from the binary file, because the good password is in clear not only in memory (thats to be expected somehow) but also in raw bytes at offset 00001b790

  • 2 weeks later...
  • Author
On 3/11/2019 at 8:54 AM, XenocodeRCE said:

Hello

 

Password is

 

  Reveal hidden contents

firsttahsaying2435dgauuatherworksainsewerofadamyheadi

 

It's relatively easy to get the corretc flag. All your obfuscation routines is not usefull against memory scanning. Enter a wrong pass, click on button, get wrong pass flag, search for it in memory, and the good password is in clear in the file.

 

Also you should consider something as far as dnlib is concerned to shrunk the old strings from the binary file, because the good password is in clear not only in memory (thats to be expected somehow) but also in raw bytes at offset 00001b790

Nice work, I re-added Ref Proxy and fixed some issue at it, changed a little bit of MathProtection, fixed sizeof's issues, stopped normal x86 converter and more, I will post another CrackMe soon, Thanks for your reply.

Create an account or sign in to comment

Go to topic listing

Configure browser push notifications
Chrome (Android)
  1. Tap the lock icon next to the address bar.
  2. Tap Permissions → Notifications.
  3. Adjust your preference.
Chrome (Desktop)
  1. Click the padlock icon in the address bar.
  2. Select Site settings.
  3. Find Notifications and adjust your preference.