cipsi Posted February 4, 2023 Share Posted February 4, 2023 View File ConfuserEx 1.6.0 Public key sample protected using ConfuserEx 1.6.0. https://github.com/mkaring/ConfuserEx/releases/tag/v1.6.0 Your challenge is to unpack and decompile the file. Submitter cipsi Submitted 02/04/2023 Category UnPackMe (.NET) 1 Link to comment Share on other sites More sharing options...
Solution BlackHat Posted February 4, 2023 Solution Share Posted February 4, 2023 Debug with dnSpy and Remove Anti-Tamper. NOP Anti-Tamper Call and Save. Search for "GCHandle.Free" and put BP. Debug the File and Save koi module from Memory. NOP Anti-Tamper Call after debugging in dnSpy. Clean Cflow as It is a basic "switch" one. Clean Proxy. Clean Constants. Rename using de4dot. WindowsFormsApp1_unpacked.exe 5 2 Link to comment Share on other sites More sharing options...
cipsi Posted February 4, 2023 Author Share Posted February 4, 2023 39 minutes ago, BlackHat said: Debug with dnSpy and Remove Anti-Tamper. NOP Anti-Tamper Call and Save. Search for "GCHandle.Free" and put BP. Debug the File and Save koi module from Memory. NOP Anti-Tamper Call after debugging in dnSpy. Clean Cflow as It is a basic "switch" one. Clean Proxy. Clean Constants. Rename using de4dot. WindowsFormsApp1_unpacked.exe 11.5 kB · 0 downloads Can you elaborate a bit on the part about cleaning the control flow? Link to comment Share on other sites More sharing options...
BlackHat Posted February 4, 2023 Share Posted February 4, 2023 12 hours ago, cipsi said: Can you elaborate a bit on the part about cleaning the control flow? 1. You don't need any tool to remove Anti Tamper. 2. Cflow/Proxy = Use Cawk Cfex Unpacker/ TheProxy Proxy Remover. 3. Contants = You have to make your own as Cawk Unpacker doesn't support newer version of Cfex Mods. 4. de4dot is available on Github. 1 Link to comment Share on other sites More sharing options...
Abdelrahman Mahrous Posted August 18, 2023 Share Posted August 18, 2023 On 2/4/2023 at 1:33 PM, BlackHat said: 1. You don't need any tool to remove Anti Tamper. 2. Cflow/Proxy = Use Cawk Cfex Unpacker/ TheProxy Proxy Remover. 3. Contants = You have to make your own as Cawk Unpacker doesn't support newer version of Cfex Mods. 4. de4dot is available on Github. i can't get tools can you upload it and some hint for use it . Thanks Link to comment Share on other sites More sharing options...
fireboxdev Posted August 21, 2023 Share Posted August 21, 2023 On 2/4/2023 at 3:16 PM, BlackHat said: Debug with dnSpy and Remove Anti-Tamper. NOP Anti-Tamper Call and Save. Search for "GCHandle.Free" and put BP. Debug the File and Save koi module from Memory. NOP Anti-Tamper Call after debugging in dnSpy. Clean Cflow as It is a basic "switch" one. Clean Proxy. Clean Constants. Rename using de4dot. WindowsFormsApp1_unpacked.exe 11.5 kB · 14 downloads can you explain or share your tools ? have a problem when unpack confuser.core same as above, cctor just have gchandle.free and i bp just have koi.exe no have entry point Link to comment Share on other sites More sharing options...
Abdelrahman Mahrous Posted August 25, 2023 Share Posted August 25, 2023 On 8/21/2023 at 9:08 AM, fireboxdev said: can you explain or share your tools ? have a problem when unpack confuser.core same as above, cctor just have gchandle.free and i bp just have koi.exe no have entry point upload the file to see it Link to comment Share on other sites More sharing options...
Recommended Posts
Create an account or sign in to comment
You need to be a member in order to leave a comment
Create an account
Sign up for a new account in our community. It's easy!
Register a new accountSign in
Already have an account? Sign in here.
Sign In Now