Jump to content
KingMaker

how to unpack ConfuserEx v0.6.0??? please help i am newbie

Recommended Posts

KingMaker

Any one please help me for I don't know how to unpack ConfuserEx v0.6.0 

-=[ ProtectionID v0.6.8.0 OCTOBER]=-
(c) 2003-2016 CDKiLLER & TippeX
Build 31/10/16-19:01:54
Ready...

File Type : 32-Bit Exe (Subsystem : Win GUI / 2), Size : 3825152 (03A5E00h) Byte(s) | Machine: 0x14C (I386)
Compilation TimeStamp : 0x58FE54FD -> Mon 24th Apr 2017 19:41:49 (GMT)
[TimeStamp] 0x58FE54FD -> Mon 24th Apr 2017 19:41:49 (GMT) | PE Header | - | Offset: 0x00000088 | VA: 0x00400088 | -
[File Heuristics] -> Flag #1 : 00000000000001001101000000110001 (0x0004D031)
[Entrypoint Section Entropy] : 2.22 (section #4) "        " | Size : 0x10 (16) byte(s)
[DllCharacteristics] -> Flag : (0x8540) -> ASLR | DEP | NOSEH | TSA
[SectionCount] 5 (0x5) | ImageSize 0x3AE000 (3858432) byte(s)
[VersionInfo] Company Name : Phoenix Innovations
[VersionInfo] Product Name : CSPPlayout
[VersionInfo] Product Version : 1.0.0.0
[VersionInfo] File Description : CSPPlayout
[VersionInfo] File Version : 1.0.0.0
[VersionInfo] Original FileName : CSPPlayout.exe
[VersionInfo] Internal Name : CSPPlayout.exe
[VersionInfo] Version Comments : C 
[VersionInfo] Legal Copyrights : Copyright ©  2014
[ModuleReport] [IAT] Modules -> mscoree.dll
[.] .net @ FileOffset 0x2DF62C | MetaData->Version 1.1 (struct version) -> v2.0.50727 (net version required)
[.] Flags : 0x0 | Streams : 0x9 (9) unusual (its usually 5) -> #~ | #Strings | #US | #GUID | #Blob | #GUID | #Strings | #Blob | #Schema
[!] [.net scan core] ConfuserEx v0.6.0 detected!
[COR20] MajorRuntimeVersion 0x2 (2) | MinorRuntimeVersion 0x2 (2) -> 0x2.2 (2.2)
[COR20] Flags 0x3
[COR20 Flags] [x] IL_ONLY [x] 32BITREQUIRED [ ] IL_LIBRARY
[COR20 Flags] [ ] STRONGNAME [ ] NATIVE_EP [ ] TRACKDEBUGDATA
[COR20 Flags] [ ] 32BITPREFERRED | 0x0 UNKNOWN
[COR20 Flags] Assembly is NOT strong name signed
[CdKeySerial] found "Trial period" @ VA: 0x003A1445 / Offset: 0x0039F045
- Scan Took : 3.365 Second(s) [000000E33h (3635) tick(s)] [504 of 577 scan(s) done]
 

Edited by KingMaker

Share this post


Link to post
Share on other sites
ashr

You could give de4dot a go (https://github.com/0xd4d/de4dot). As far as i know, confuser does not compress/encrypt but just obfuscates code. De4dot makes function/variable/class names readable and strips some low level IL shenanigans.

Share this post


Link to post
Share on other sites
nobody

tools:

dnspy

codecracker's string decryptor/switch killer

confuserex proxy killer

de4dot

 

with that you can produce a very readable file

Share this post


Link to post
Share on other sites
0X0101
On 07/06/2017 at 5:15 AM, nobody said:

tools:

dnspy

codecracker's string decryptor/switch killer

confuserex proxy killer

de4dot

 

with that you can produce a very readable file

Could  you  please post link to codecracker's string decryptor/switch killer

Share this post


Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now

×

Important Information

Guidelines