Jump to content
Tuts 4 You
  • 0
Sign in to follow this  
BillsTheGod

Modded ConfuserEx (Find the Password)

Question

BillsTheGod

Platform: Windows
Language: C#/.NET
OS Version: Windows 10 (I only tested on it so)
Protector: Modded ConfuserEx

Objective:

Modification to ConfuserEx; constants, math protection, variablesmelter, antide4dot (broked rn), three antidebugs (one inside antitamper), sizeof, antivm, antiemulator, antidnspy, antijustdecompiler, intergritychecking, typescrambler etc 

Unpack the file and find the password. Document how you deobfuscated it.

https://www.virustotal.com/#/file/3cd889f4be35cb440f4a4a1c3ececc62a7075ccddeb76553e06ad12e96d94fe4/detection (false positive because of the obfuscation)

If there are any errors in this thread or in my english, I am sorry, it is my first time at this forum and I am brazillian :P

Screenshot:

0c8ef07abe03f71a2898c921b8abeb7f.png

Download: 

CrackMee.exe

Share this post


Link to post

1 answer to this question

Recommended Posts

  • 1
XenocodeRCE

Hello

 

Password is

 

Spoiler

firsttahsaying2435dgauuatherworksainsewerofadamyheadi

 

It's relatively easy to get the corretc flag. All your obfuscation routines is not usefull against memory scanning. Enter a wrong pass, click on button, get wrong pass flag, search for it in memory, and the good password is in clear in the file.

 

Also you should consider something as far as dnlib is concerned to shrunk the old strings from the binary file, because the good password is in clear not only in memory (thats to be expected somehow) but also in raw bytes at offset 00001b790

Share this post


Link to post

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
Sign in to follow this  
×
×
  • Create New...