Thread Rating:
  • 0 Vote(s) - 0 Average
  • 1
  • 2
  • 3
  • 4
  • 5
Unpacking ConfuserEx v0.5.0
#1
Today I will be teaching you how to dump
Reply
#2
Can't you just use de4dot? I've never had any problems with it.
Reply
#3
Yeah works but not really a fast way to do it. Just open it in dnSpy and go View->Modules and theres the module unpacked. Also essentially what your "unpacking" is still obfuscated and mangled. The packer for confuser is just there to pack the file and reduce the size not to stop you from unraveling it lol
Reply
#4
This will work for the standard confuser compressor, there are better ways of manually unpacking confuserex and it's other protections. Besides that, there is a tool called NoFuserEx, which will completely unpack files packed with the original confuserex.
Reply
#5
Quote: Originally Posted by A200K This will work for the standard confuser compressor, there are better ways of manually unpacking confuserex and it's other protections. Besides that, there is a tool called NoFuserEx, which will completely unpack files packed with the original confuserex. Isn't NoFuserEx for older versions of ConfuserEx not the latest one? Quote: Originally Posted by phoenixdoom Can't you just use de4dot? I've never had any problems with it. de4dot is outdated afaik and I prefer to do stuff manually anyway Tongue.
Reply
#6
Quote: Originally Posted by iPatientZero Isn't NoFuserEx for older versions of ConfuserEx not the latest one? Hm, yea, sorry I didn't noitce the latest confuserex version is 0.6.0. However, you should take a look at .net debugging in general, windbg some .net extensions are quite handy when it comes to .net unpacking.
Reply
#7
confuser is open source, if you plan to use it for security then at least customize it a bit. even if you just change the region names so tools cant auto detect them. that being said, .net cant truly be secured.
Reply
#8
Quote: Originally Posted by cra0 Yeah works but not really a fast way to do it. Just open it in dnSpy and go View->Modules and theres the module unpacked. Also essentially what your "unpacking" is still obfuscated and mangled. The packer for confuser is just there to pack the file and reduce the size not to stop you from unraveling it lol Hello, there is a .dll that ı want to change some codes, so ı used "dbSpy" as you recommend, ı can see many functions but some of them remains obfuscated. I tried to change the code and save it but when ı save it it gives an error like ; Code: Writing C : \Users\Ahmet\Desktop\MyBot - 4.2 . 3 MODS #5\lib\MBRfunctions1.dll... Error calculating max stack value . If the method 's obfuscated, set CilBody.KeepOldMaxStack or MetaDataOptions.Flags (KeepOldMaxStack, global option) to ignore this error. Otherwise fix your generated CIL code so it conforms to the ECMA standard. Operand is not a local
Reply




Users browsing this thread: 1 Guest(s)