NiggaEX

February 26, 2022

View File

NiggaEX

Unpack and provide a overview of how you did it and what tools were used.

Submitter

DarkShadow
Submitted

02/13/2022
Category

UnPackMe (.NET)

February 28, 2022

you did not change anything, whats cool about it ? the protector Name?

March 1, 2022

use this program. you can easily unpack this without errors.

ConfuserEx-Unpacker-v2.0.zip unpack me-Cleaned.exe

April 17, 2022

On 2/28/2022 at 4:20 PM, Mr-Toms said:

you did not change anything, whats cool about it ? the protector Name?

NiggaEX is a ConfuserEx modification with the following changes;

Renamed (types, methods, fields, resources)

String enc

Control flow

April 30, 2022

Control flow is alredy includet in the normal confuserEx ergo not new function same for string enc is ther to alredy same for resource and the orther stuff you mention that you attet it that stuff is alredy includet in each cunfuserEx.

HM what should i say xd :

of curse its not komplett devizert but the standart tools work so far

Spoiler

Edited April 30, 2022 by Underground

May 4, 2022

you need to know the right order to unpack this

this is the order i do after decompress and remove anti tamper

and the unpacked file is not de4doted yet , and the entrypoint still missing

NiggaEx_Decompressed_NoCfex.exe

Edited May 4, 2022 by Mr-Toms

May 10, 2022

On 4/30/2022 at 11:33 AM, Accede said:

Control flow is alredy includet in the normal confuserEx ergo not new function same for string enc is ther to alredy same for resource and the orther stuff you mention that you attet it that stuff is alredy includet in each cunfuserEx.

HM what should i say xd :

of curse its not komplett devizert but the standart tools work so far

Reveal hidden contents

It's not the same string encryption & not same renamer

May 11, 2022

i've solved this but i dont know why moderator didnt approved my comments

May 24, 2022

On 5/11/2022 at 5:46 AM, Mr-Toms said:

i've solved this but i dont know why moderator didnt approved my comments

Check the rules

November 7, 2022

There's not much to describe about the unpacking steps, I just dumped it and made a de-obfuscator for it.

Unpacked.exe

Edited November 7, 2022 by SychicBoy

November 7, 2022

Well, what did you use to dump it and can you show the deobfuscator?

November 11, 2022

On 11/7/2022 at 10:14 PM, deepzero said:

Well, what did you use to dump it and can you show the deobfuscator?

Steps:
1-Execute the target file
2-Open "ExtremeDumper-x86" and select AntiDump mode from Options>DumpType. On processes list right click on the target process and select View Modules option and find the <<EmptyName>> from the modules list and dump it.
3-Open the dumped file in dnSpy find the entrypoint then right click on the assembly module and set the entrypoint of the module then save the changes.
4-Use "ConfuserEx-Unpacker" to get rid of cflow, call proxy, etc...
5-Use "Size and Mathematical Fixer" to get rid of sizeof's and mathematical obfuscation.
6-Use "de4dot" to rename symbols.
7-Now you should do the rest yourself: (clean if cflow, fix string/int proxy, decrypt strings).

Tools.zip

Edited November 11, 2022 by SychicBoy

November 13, 2022

filepath -c corruptFile 
filepath -c vv
filepath -c dd

-c corruptFile will make nop cflow but file will not run , because i am new;

-c vv will show u the process

-c dd [manual :: Class removing process disable ]

use only -vv will de4dot args as usual

NSCL restored fixed

or simple just drop this target

2015Unpacker.zip

2015UnpackerM.zip

Edited November 14, 2022 by Only_Islams_The_Rifht_Path
fixed bugs and remove chain M

Sign In

NiggaEX

Recommended Posts

DarkShadow

NiggaEX

Mr-Toms

Sean the hard worker

DarkShadow

Accede

Mr-Toms

DarkShadow

Mr-Toms

DarkShadow

SychicBoy

deepzero

SychicBoy

Hadits follower

Create an account or sign in to comment

Create an account

Sign in

Community

Search