DarkShadow Posted February 26, 2022 Share Posted February 26, 2022 View File NiggaEX Unpack and provide a overview of how you did it and what tools were used. Submitter DarkShadow Submitted 02/13/2022 Category UnPackMe (.NET) 1 Link to comment Share on other sites More sharing options...
Mr-Toms Posted February 28, 2022 Share Posted February 28, 2022 you did not change anything, whats cool about it ? the protector Name? Link to comment Share on other sites More sharing options...
Sean Park Posted March 1, 2022 Share Posted March 1, 2022 use this program. you can easily unpack this without errors. ConfuserEx-Unpacker-v2.0.zip unpack me-Cleaned.exe Link to comment Share on other sites More sharing options...
DarkShadow Posted April 17, 2022 Author Share Posted April 17, 2022 On 2/28/2022 at 4:20 PM, Mr-Toms said: you did not change anything, whats cool about it ? the protector Name? NiggaEX is a ConfuserEx modification with the following changes; Renamed (types, methods, fields, resources) String enc Control flow Link to comment Share on other sites More sharing options...
Accede Posted April 30, 2022 Share Posted April 30, 2022 (edited) Control flow is alredy includet in the normal confuserEx ergo not new function same for string enc is ther to alredy same for resource and the orther stuff you mention that you attet it that stuff is alredy includet in each cunfuserEx. HM what should i say xd : of curse its not komplett devizert but the standart tools work so far Spoiler Edited April 30, 2022 by Underground 1 Link to comment Share on other sites More sharing options...
Mr-Toms Posted May 4, 2022 Share Posted May 4, 2022 (edited) you need to know the right order to unpack this this is the order i do after decompress and remove anti tamper and the unpacked file is not de4doted yet , and the entrypoint still missing NiggaEx_Decompressed_NoCfex.exe Edited May 4, 2022 by Mr-Toms Link to comment Share on other sites More sharing options...
DarkShadow Posted May 10, 2022 Author Share Posted May 10, 2022 On 4/30/2022 at 11:33 AM, Accede said: Control flow is alredy includet in the normal confuserEx ergo not new function same for string enc is ther to alredy same for resource and the orther stuff you mention that you attet it that stuff is alredy includet in each cunfuserEx. HM what should i say xd : of curse its not komplett devizert but the standart tools work so far Reveal hidden contents It's not the same string encryption & not same renamer Link to comment Share on other sites More sharing options...
Mr-Toms Posted May 11, 2022 Share Posted May 11, 2022 i've solved this but i dont know why moderator didnt approved my comments Link to comment Share on other sites More sharing options...
DarkShadow Posted May 24, 2022 Author Share Posted May 24, 2022 On 5/11/2022 at 5:46 AM, Mr-Toms said: i've solved this but i dont know why moderator didnt approved my comments Check the rules Link to comment Share on other sites More sharing options...
SychicBoy Posted November 7, 2022 Share Posted November 7, 2022 (edited) There's not much to describe about the unpacking steps, I just dumped it and made a de-obfuscator for it. Unpacked.exe Edited November 7, 2022 by SychicBoy 2 Link to comment Share on other sites More sharing options...
deepzero Posted November 7, 2022 Share Posted November 7, 2022 Well, what did you use to dump it and can you show the deobfuscator? 1 Link to comment Share on other sites More sharing options...
SychicBoy Posted November 11, 2022 Share Posted November 11, 2022 (edited) On 11/7/2022 at 10:14 PM, deepzero said: Well, what did you use to dump it and can you show the deobfuscator? HowTo.mp4 Steps: 1-Execute the target file 2-Open "ExtremeDumper-x86" and select AntiDump mode from Options>DumpType. On processes list right click on the target process and select View Modules option and find the <<EmptyName>> from the modules list and dump it. 3-Open the dumped file in dnSpy find the entrypoint then right click on the assembly module and set the entrypoint of the module then save the changes. 4-Use "ConfuserEx-Unpacker" to get rid of cflow, call proxy, etc... 5-Use "Size and Mathematical Fixer" to get rid of sizeof's and mathematical obfuscation. 6-Use "de4dot" to rename symbols. 7-Now you should do the rest yourself: (clean if cflow, fix string/int proxy, decrypt strings). Tools.zip Edited November 11, 2022 by SychicBoy 4 1 Link to comment Share on other sites More sharing options...
Hadits follower Posted November 13, 2022 Share Posted November 13, 2022 (edited) filepath -c corruptFile filepath -c vv filepath -c dd -c corruptFile will make nop cflow but file will not run , because i am new; -c vv will show u the process -c dd [manual :: Class removing process disable ] use only -vv will de4dot args as usual NSCL restored fixed or simple just drop this target 2015Unpacker.zip 2015UnpackerM.zip Edited November 14, 2022 by Only_Islams_The_Rifht_Path fixed bugs and remove chain M Link to comment Share on other sites More sharing options...
Recommended Posts
Create an account or sign in to comment
You need to be a member in order to leave a comment
Create an account
Sign up for a new account in our community. It's easy!
Register a new accountSign in
Already have an account? Sign in here.
Sign In Now