cipsi Posted February 4, 2023 Posted February 4, 2023 View File ConfuserEx 1.6.0 Public key sample protected using ConfuserEx 1.6.0. https://github.com/mkaring/ConfuserEx/releases/tag/v1.6.0 Your challenge is to unpack and decompile the file. Submitter cipsi Submitted 02/04/2023 Category UnPackMe (.NET) 1
Solution BlackHat Posted February 4, 2023 Solution Posted February 4, 2023 Debug with dnSpy and Remove Anti-Tamper. NOP Anti-Tamper Call and Save. Search for "GCHandle.Free" and put BP. Debug the File and Save koi module from Memory. NOP Anti-Tamper Call after debugging in dnSpy. Clean Cflow as It is a basic "switch" one. Clean Proxy. Clean Constants. Rename using de4dot. WindowsFormsApp1_unpacked.exe 5 2
cipsi Posted February 4, 2023 Author Posted February 4, 2023 39 minutes ago, BlackHat said: Debug with dnSpy and Remove Anti-Tamper. NOP Anti-Tamper Call and Save. Search for "GCHandle.Free" and put BP. Debug the File and Save koi module from Memory. NOP Anti-Tamper Call after debugging in dnSpy. Clean Cflow as It is a basic "switch" one. Clean Proxy. Clean Constants. Rename using de4dot. WindowsFormsApp1_unpacked.exe 11.5 kB · 0 downloads Can you elaborate a bit on the part about cleaning the control flow?
BlackHat Posted February 4, 2023 Posted February 4, 2023 12 hours ago, cipsi said: Can you elaborate a bit on the part about cleaning the control flow? 1. You don't need any tool to remove Anti Tamper. 2. Cflow/Proxy = Use Cawk Cfex Unpacker/ TheProxy Proxy Remover. 3. Contants = You have to make your own as Cawk Unpacker doesn't support newer version of Cfex Mods. 4. de4dot is available on Github. 1
Abdelrahman Mahrous Posted August 18, 2023 Posted August 18, 2023 On 2/4/2023 at 1:33 PM, BlackHat said: 1. You don't need any tool to remove Anti Tamper. 2. Cflow/Proxy = Use Cawk Cfex Unpacker/ TheProxy Proxy Remover. 3. Contants = You have to make your own as Cawk Unpacker doesn't support newer version of Cfex Mods. 4. de4dot is available on Github. i can't get tools can you upload it and some hint for use it . Thanks
fireboxdev Posted August 21, 2023 Posted August 21, 2023 On 2/4/2023 at 3:16 PM, BlackHat said: Debug with dnSpy and Remove Anti-Tamper. NOP Anti-Tamper Call and Save. Search for "GCHandle.Free" and put BP. Debug the File and Save koi module from Memory. NOP Anti-Tamper Call after debugging in dnSpy. Clean Cflow as It is a basic "switch" one. Clean Proxy. Clean Constants. Rename using de4dot. WindowsFormsApp1_unpacked.exe 11.5 kB · 14 downloads can you explain or share your tools ? have a problem when unpack confuser.core same as above, cctor just have gchandle.free and i bp just have koi.exe no have entry point
Abdelrahman Mahrous Posted August 25, 2023 Posted August 25, 2023 On 8/21/2023 at 9:08 AM, fireboxdev said: can you explain or share your tools ? have a problem when unpack confuser.core same as above, cctor just have gchandle.free and i bp just have koi.exe no have entry point upload the file to see it
kenvevn Posted yesterday at 05:34 AM Posted yesterday at 05:34 AM i have file ConfuserEx 1.6.0 . but it not exe only file .dll . how to do dubug 1
jackyjask Posted yesterday at 08:54 AM Posted yesterday at 08:54 AM you can't debug dll find exe that runs you dll
modz50 Posted yesterday at 09:33 AM Posted yesterday at 09:33 AM no create an assembly loader to load the dll and then use dnspy and the rest
jackyjask Posted yesterday at 10:44 AM Posted yesterday at 10:44 AM loader not enough you need to call dll API
.thumb.png.fc7142b29c3dd4df273255241ae1f4be.png)
Recommended Posts
Create an account or sign in to comment
You need to be a member in order to leave a comment
Create an account
Sign up for a new account in our community. It's easy!
Register a new accountSign in
Already have an account? Sign in here.
Sign In Now