DarkShadow Posted February 26, 2022 Posted February 26, 2022 View File NiggaEX Unpack and provide a overview of how you did it and what tools were used. Submitter DarkShadow Submitted 02/13/2022 Category UnPackMe (.NET) 1
Mr-Toms Posted February 28, 2022 Posted February 28, 2022 you did not change anything, whats cool about it ? the protector Name?
Sean Park - Lovejoy Posted March 1, 2022 Posted March 1, 2022 use this program. you can easily unpack this without errors. ConfuserEx-Unpacker-v2.0.zip unpack me-Cleaned.exe 1
DarkShadow Posted April 17, 2022 Author Posted April 17, 2022 On 2/28/2022 at 4:20 PM, Mr-Toms said: you did not change anything, whats cool about it ? the protector Name? NiggaEX is a ConfuserEx modification with the following changes; Renamed (types, methods, fields, resources) String enc Control flow
Accede Posted April 30, 2022 Posted April 30, 2022 (edited) Control flow is alredy includet in the normal confuserEx ergo not new function same for string enc is ther to alredy same for resource and the orther stuff you mention that you attet it that stuff is alredy includet in each cunfuserEx. HM what should i say xd : of curse its not komplett devizert but the standart tools work so far Spoiler Edited April 30, 2022 by Underground 1
Mr-Toms Posted May 4, 2022 Posted May 4, 2022 (edited) you need to know the right order to unpack this this is the order i do after decompress and remove anti tamper and the unpacked file is not de4doted yet , and the entrypoint still missing NiggaEx_Decompressed_NoCfex.exe Edited May 4, 2022 by Mr-Toms
DarkShadow Posted May 10, 2022 Author Posted May 10, 2022 On 4/30/2022 at 11:33 AM, Accede said: Control flow is alredy includet in the normal confuserEx ergo not new function same for string enc is ther to alredy same for resource and the orther stuff you mention that you attet it that stuff is alredy includet in each cunfuserEx. HM what should i say xd : of curse its not komplett devizert but the standart tools work so far Reveal hidden contents It's not the same string encryption & not same renamer
Mr-Toms Posted May 11, 2022 Posted May 11, 2022 i've solved this but i dont know why moderator didnt approved my comments
DarkShadow Posted May 24, 2022 Author Posted May 24, 2022 On 5/11/2022 at 5:46 AM, Mr-Toms said: i've solved this but i dont know why moderator didnt approved my comments Check the rules
SychicBoy Posted November 7, 2022 Posted November 7, 2022 (edited) There's not much to describe about the unpacking steps, I just dumped it and made a de-obfuscator for it. Unpacked.exe Edited November 7, 2022 by SychicBoy 2
deepzero Posted November 7, 2022 Posted November 7, 2022 Well, what did you use to dump it and can you show the deobfuscator? 1
SychicBoy Posted November 11, 2022 Posted November 11, 2022 (edited) On 11/7/2022 at 10:14 PM, deepzero said: Well, what did you use to dump it and can you show the deobfuscator? HowTo.mp4 Steps: 1-Execute the target file 2-Open "ExtremeDumper-x86" and select AntiDump mode from Options>DumpType. On processes list right click on the target process and select View Modules option and find the <<EmptyName>> from the modules list and dump it. 3-Open the dumped file in dnSpy find the entrypoint then right click on the assembly module and set the entrypoint of the module then save the changes. 4-Use "ConfuserEx-Unpacker" to get rid of cflow, call proxy, etc... 5-Use "Size and Mathematical Fixer" to get rid of sizeof's and mathematical obfuscation. 6-Use "de4dot" to rename symbols. 7-Now you should do the rest yourself: (clean if cflow, fix string/int proxy, decrypt strings). Tools.zip Edited November 11, 2022 by SychicBoy 4 1
Hadits follower Posted November 13, 2022 Posted November 13, 2022 (edited) filepath -c corruptFile filepath -c vv filepath -c dd -c corruptFile will make nop cflow but file will not run , because i am new; -c vv will show u the process -c dd [manual :: Class removing process disable ] use only -vv will de4dot args as usual NSCL restored fixed or simple just drop this target 2015Unpacker.zip 2015UnpackerM.zip Edited November 14, 2022 by Only_Islams_The_Rifht_Path fixed bugs and remove chain M
Recommended Posts
Create an account or sign in to comment
You need to be a member in order to leave a comment
Create an account
Sign up for a new account in our community. It's easy!
Register a new accountSign in
Already have an account? Sign in here.
Sign In Now