Jump to content
Tuts 4 You

Fu*ckuscator v1.1

Asentrix

By Asentrix
in CrackMe

 Share

Recommended Posts

Asentrix

Asentrix

Posted
Posted
Fu*ckuscator v1.1

View File

Fu*ckuscator v1.1

Brand new obfuscator on the market.

I've already completed this crackme but wanted to see what you guys come up with.

Good luck!

 

Kurapica

Kurapica

Posted
Posted

Is this another confuser mutant ?

Washi

Washi

Posted
Posted (edited)
Spoiler

Correct pass: wjdaisjdaowidjasoijdwdjaisuhdiouhaeoiheufaiouehfasiuohfeiofhuasdifu98729837642897346298374629837462897346928374

Approach

Spoiler

Didn't even open the app in a decompiler or attempted to deobfuscate. CrackMe's that use string.Equals with the correct serial immediately makes it a 0/10 difficulty challenge :)

Steps to reproduce:

  • Run program
  • Attach WinDbg and load SOS extension (.loadby sos clr)
  • Set breakpoint on System.String.Equals(string, string), (e.g. using !name2ee mscorlib.dll System.String.Equals to get the address, and using bp to set the breakpoint)
  • Continue
  • Enter random text
  • Notice breakpoint hit.
  • Run !dumpstackobjects
  • Observe correct password:

image.png.b99797b0032864193b0cdf538ad36603.png

 

Edited by Washi
  • Like 4
Asentrix

Asentrix

Posted
  • Author
Posted
On 12/30/2020 at 11:42 AM, Washi said:
  Reveal hidden contents

Correct pass: wjdaisjdaowidjasoijdwdjaisuhdiouhaeoiheufaiouehfasiuohfeiofhuasdifu98729837642897346298374629837462897346928374

Approach

  Reveal hidden contents

Didn't even open the app in a decompiler or attempted to deobfuscate. CrackMe's that use string.Equals with the correct serial immediately makes it a 0/10 difficulty challenge :)

Steps to reproduce:

  • Run program
  • Attach WinDbg and load SOS extension (.loadby sos clr)
  • Set breakpoint on System.String.Equals(string, string), (e.g. using !name2ee mscorlib.dll System.String.Equals to get the address, and using bp to set the breakpoint)
  • Continue
  • Enter random text
  • Notice breakpoint hit.
  • Run !dumpstackobjects
  • Observe correct password:

image.png.b99797b0032864193b0cdf538ad36603.png

 

Nice work :)

  • 2 weeks later...
Hadits follower

Hadits follower

Posted
Posted (edited)

i cant deob the calli ;  

some new encryption may be ?

 

but i reconstruct the exe with some old tools

How i have done ======

1. dotnet dumper with dont rename option 

2. reconstruct blod , us , string with cff explorer (i used)

3. universel fixer for fixed some dummy pe

4. de4dot option --keep-names-d --keep-types 

5. now we can reflect the code with lutz reflector

6. confuser codecracker tools 

7. drop again de4dot with 45 error what ever now SIMPLE ASSEMBLY EXPLORER for crack

CrackMe69420_C_Cracked.exe

Edited by Death
  • Like 1
  • 2 months later...
ProjectTrauma

ProjectTrauma

Posted
Posted

Passwords:

Spoiler

wjdaisjdaowidjasoijdwdjaisuhdiouhaeoiheufaiouehfasiuohfeiofhuasdifu98729837642897346298374629837462897346928374

1. Remove Hide Methods, Remove Calli and Cflow

2. Remove Math

3. Decrypt Base64

 

That's about it. For new guys, figure it out yourself first. 😁

  • Like 1

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
 Share
Go to topic listing
×
×
  • Create New...