Jump to content
Tuts 4 You

ConfuserEx 1.6.0

cipsi

By cipsi
in UnPackMe (.NET)

 Share
Go to solution Solved by BlackHat,

Recommended Posts

  • Solution
BlackHat

BlackHat

Posted
  • Solution
Posted

2023-02-04_09-11-14.png.9c82d59d74cb20e62122f3a431253520.png

2023-02-04_09-10-56.png.2b023c2688d0df998054e0c7cbeead35.png

 

  • Debug with dnSpy and Remove Anti-Tamper.
  • NOP Anti-Tamper Call and Save.
  • Search for "GCHandle.Free" and put BP.
  • Debug the File and Save koi module from Memory.
  • NOP Anti-Tamper Call after debugging in dnSpy.
  • Clean Cflow as It is a basic "switch" one.
  • Clean Proxy.
  • Clean Constants.
  • Rename using de4dot.

 

WindowsFormsApp1_unpacked.exe

  • Like 5
  • Thanks 2
cipsi

cipsi

Posted
  • Author
Posted
39 minutes ago, BlackHat said:

2023-02-04_09-11-14.png.9c82d59d74cb20e62122f3a431253520.png

2023-02-04_09-10-56.png.2b023c2688d0df998054e0c7cbeead35.png

 

  • Debug with dnSpy and Remove Anti-Tamper.
  • NOP Anti-Tamper Call and Save.
  • Search for "GCHandle.Free" and put BP.
  • Debug the File and Save koi module from Memory.
  • NOP Anti-Tamper Call after debugging in dnSpy.
  • Clean Cflow as It is a basic "switch" one.
  • Clean Proxy.
  • Clean Constants.
  • Rename using de4dot.

 

WindowsFormsApp1_unpacked.exe 11.5 kB · 0 downloads

Can you elaborate a bit on the part about cleaning the control flow?

BlackHat

BlackHat

Posted
Posted
12 hours ago, cipsi said:

Can you elaborate a bit on the part about cleaning the control flow?

1. You don't need any tool to remove Anti Tamper.

2. Cflow/Proxy = Use Cawk Cfex Unpacker/ TheProxy Proxy Remover.

3. Contants = You have to make your own as Cawk Unpacker doesn't support newer version of Cfex Mods. 

4. de4dot is available on Github.

  • Like 1
  • 6 months later...
Abdelrahman Mahrous

Abdelrahman Mahrous

Posted
Posted
On 2/4/2023 at 1:33 PM, BlackHat said:

1. You don't need any tool to remove Anti Tamper.

2. Cflow/Proxy = Use Cawk Cfex Unpacker/ TheProxy Proxy Remover.

3. Contants = You have to make your own as Cawk Unpacker doesn't support newer version of Cfex Mods. 

4. de4dot is available on Github.

i can't get tools can you upload it and some hint for use it . Thanks

fireboxdev

fireboxdev

Posted
Posted
On 2/4/2023 at 3:16 PM, BlackHat said:

2023-02-04_09-11-14.png.9c82d59d74cb20e62122f3a431253520.png

2023-02-04_09-10-56.png.2b023c2688d0df998054e0c7cbeead35.png

 

  • Debug with dnSpy and Remove Anti-Tamper.
  • NOP Anti-Tamper Call and Save.
  • Search for "GCHandle.Free" and put BP.
  • Debug the File and Save koi module from Memory.
  • NOP Anti-Tamper Call after debugging in dnSpy.
  • Clean Cflow as It is a basic "switch" one.
  • Clean Proxy.
  • Clean Constants.
  • Rename using de4dot.

 

WindowsFormsApp1_unpacked.exe 11.5 kB · 14 downloads

can you explain or share your tools ? 
have a problem when unpack confuser.core same as above, cctor just have gchandle.free and i bp just have koi.exe no have entry point

Abdelrahman Mahrous

Abdelrahman Mahrous

Posted
Posted
On 8/21/2023 at 9:08 AM, fireboxdev said:

can you explain or share your tools ? 
have a problem when unpack confuser.core same as above, cctor just have gchandle.free and i bp just have koi.exe no have entry point

upload the file to see it

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
 Share
Go to topic listing
×
×
  • Create New...