Jump to content
View in the app

A better way to browse. Learn more.
Tuts 4 You

A full-screen app on your home screen with push notifications, badges and more.

To install this app on iOS and iPadOS
  1. Tap the Share icon in Safari
  2. Scroll the menu and tap Add to Home Screen.
  3. Tap Add in the top-right corner.
To install this app on Android
  1. Tap the 3-dot menu (⋮) in the top-right corner of the browser.
  2. Tap Add to Home screen or Install app.
  3. Confirm by tapping Install.

ConfuserEx 1.6.0

cipsi
cipsi
in UnPackMe (.NET)

Featured Replies

Solved by BlackHat

Go to solution
  • Solution

2023-02-04_09-11-14.png.9c82d59d74cb20e62122f3a431253520.png

2023-02-04_09-10-56.png.2b023c2688d0df998054e0c7cbeead35.png

 

  • Debug with dnSpy and Remove Anti-Tamper.
  • NOP Anti-Tamper Call and Save.
  • Search for "GCHandle.Free" and put BP.
  • Debug the File and Save koi module from Memory.
  • NOP Anti-Tamper Call after debugging in dnSpy.
  • Clean Cflow as It is a basic "switch" one.
  • Clean Proxy.
  • Clean Constants.
  • Rename using de4dot.

 

WindowsFormsApp1_unpacked.exe

    •
    • Like 6
    • Thanks 2
    • Author
    39 minutes ago, BlackHat said:

    2023-02-04_09-11-14.png.9c82d59d74cb20e62122f3a431253520.png

    2023-02-04_09-10-56.png.2b023c2688d0df998054e0c7cbeead35.png

     

    • Debug with dnSpy and Remove Anti-Tamper.
    • NOP Anti-Tamper Call and Save.
    • Search for "GCHandle.Free" and put BP.
    • Debug the File and Save koi module from Memory.
    • NOP Anti-Tamper Call after debugging in dnSpy.
    • Clean Cflow as It is a basic "switch" one.
    • Clean Proxy.
    • Clean Constants.
    • Rename using de4dot.

     

    WindowsFormsApp1_unpacked.exe 11.5 kB · 0 downloads

    Can you elaborate a bit on the part about cleaning the control flow?

    12 hours ago, cipsi said:

    Can you elaborate a bit on the part about cleaning the control flow?

    1. You don't need any tool to remove Anti Tamper.

    2. Cflow/Proxy = Use Cawk Cfex Unpacker/ TheProxy Proxy Remover.

    3. Contants = You have to make your own as Cawk Unpacker doesn't support newer version of Cfex Mods. 

    4. de4dot is available on Github.

    • Like 1
    • 6 months later...
    On 2/4/2023 at 1:33 PM, BlackHat said:

    1. You don't need any tool to remove Anti Tamper.

    2. Cflow/Proxy = Use Cawk Cfex Unpacker/ TheProxy Proxy Remover.

    3. Contants = You have to make your own as Cawk Unpacker doesn't support newer version of Cfex Mods. 

    4. de4dot is available on Github.

    i can't get tools can you upload it and some hint for use it . Thanks

    On 2/4/2023 at 3:16 PM, BlackHat said:

    2023-02-04_09-11-14.png.9c82d59d74cb20e62122f3a431253520.png

    2023-02-04_09-10-56.png.2b023c2688d0df998054e0c7cbeead35.png

     

    • Debug with dnSpy and Remove Anti-Tamper.
    • NOP Anti-Tamper Call and Save.
    • Search for "GCHandle.Free" and put BP.
    • Debug the File and Save koi module from Memory.
    • NOP Anti-Tamper Call after debugging in dnSpy.
    • Clean Cflow as It is a basic "switch" one.
    • Clean Proxy.
    • Clean Constants.
    • Rename using de4dot.

     

    WindowsFormsApp1_unpacked.exe 11.5 kB · 14 downloads

    can you explain or share your tools ? 
    have a problem when unpack confuser.core same as above, cctor just have gchandle.free and i bp just have koi.exe no have entry point

    On 8/21/2023 at 9:08 AM, fireboxdev said:

    can you explain or share your tools ? 
    have a problem when unpack confuser.core same as above, cctor just have gchandle.free and i bp just have koi.exe no have entry point

    upload the file to see it

    • 1 year later...

    i have file ConfuserEx 1.6.0 . but it not exe only  file .dll . how to do dubug

    • Like 1

    you can't debug dll

    find exe that runs you dll

     

    no create an assembly loader to load the dll and then use dnspy and the rest

     

    loader not enough

    you need to call dll API

     

    yes you call it inside a assembly loader app

    image.png.1fd5774b8743cd77bec1a9267f324555.png

    this is .dll file it has all the functions of .exe .exe file just call up and written in c++ to call .dll file to run

    image.png.f65bf3953c306ed70e79c01c4e0989a6.png

     

    @kenvevn

    did u try @

    forum.tuts4you.com/topic/45360-confuseexdantitamper/#findComment-224077

    ?

    • 4 months later...
    On 8/21/2023 at 9:08 PM, fireboxdev said:

    can you explain or share your tools ? 
    have a problem when unpack confuser.core same as above, cctor just have gchandle.free and i bp just have koi.exe no have entry point

    fixxing entry point?

    Write Click on Koi Press Alt + Enter Click on Managed & Click on empty Box then select your Entry point. Press ok....

    Edited by .hloire

    • Like 1

    Create an account or sign in to comment

    Go to topic listing

    Configure browser push notifications
    Chrome (Android)
    1. Tap the lock icon next to the address bar.
    2. Tap Permissions → Notifications.
    3. Adjust your preference.
    Chrome (Desktop)
    1. Click the padlock icon in the address bar.
    2. Select Site settings.
    3. Find Notifications and adjust your preference.