Jump to content
Sign in to follow this  
WhiteForge

Confuser Unpack

Recommended Posts

Xceed.Wpf.Toolkit.dll (missing dll) can be downloaded from http://wpftoolkit.codeplex.com/releases/view/99072

 

DelegateKiller for Confuser and ConfuserStringDecryptor works like a charm!

Where you have problem on unpacking it?

 

Exception messages:
   Strong name validation failed. (Exception from HRESULT: 0x8013141A)
   Could not load file or assembly 'Expression.Samples.PathListBoxUtils, Version=4.0.0.0, Culture=neutral, PublicKeyToken=76319f7ba805fb35' or one of its dependencies. Strong name validation failed. (Exception from HRESULT: 0x8013141A)
 

More files strong name fails! The question is why?

Share this post


Link to post

@WhiteForge: Here are unpacked files:

http://www.multiupload.nl/ATTQVLQ610

 

For
3 Proxy Grabber:
create a file:
"C:\\ConfuserU\\Config\\confGr.ini"

Still crashes:
5 Email GrabbeR
9 EMail ReGeR
10 Proxy Settings

 

This is because of this method:

BANANA.ZXECOWETHMYVUQNUTIQXGA.HYWQUUTQUYLHESRYCNDPP() : Void

 

 

private void HYWQUUTQUYLHESRYCNDPP()
{
    try
    {
        string oYJYNZDGIVYXONCJULPNNZ = HardwareId.Proccesor.GetProcessorFullInfo() + HardwareId.Bios.GetFullBiosInfo() + HardwareId.GetRAMMemoryInfo() + HardwareId.VideoCards.GetVideoAdapterRAM() + HardwareId.VideoCards.GetVideoProcessor();
        string s = "";
        for (int i = 0; i         {
            s = s + Convert.ToChar((int) (Convert.ToInt32(oYJYNZDGIVYXONCJULPNNZ) + 0x42));
        }
        oYJYNZDGIVYXONCJULPNNZ = string.Empty;
        foreach (byte num2 in new MD5CryptoServiceProvider().ComputeHash(Encoding.Unicode.GetBytes(s)))
        {
            oYJYNZDGIVYXONCJULPNNZ = oYJYNZDGIVYXONCJULPNNZ + string.Format("{0:x2}", num2);
        }
        string str3 = null;
        string str4 = DateTime.Now.ToString("dd/MM/yyyy").Replace(".", "") + DateTime.Now.ToString("HH:mm:ss").Replace(":", "");
        string str5 = (((((((((((("Activation   " + oYJYNZDGIVYXONCJULPNNZ + "\r\n") + "Info number id " + str4 + "\r\n") + HardwareId.Proccesor.GetProcessorFullInfo().Replace("\n", "")) + "Info number id " + str4 + "\r\n") + HardwareId.VideoCards.GetVideoFullInfo()) + "Info number id " + str4 + "\r\n") + HardwareId.WindowsInfo.FullWindowsInfo()) + "Info number id " + str4 + "\r\n") + HardwareId.Bios.GetFullBiosInfo()) + "Info number id " + str4 + "\r\n") + HardwareId.GetHardDiskDriveInfo()) + "Info number id " + str4 + "\r\n") + HardwareId.GetSoundCardInfo();
        string requestUriString = null;
        string str7 = null;
        if (this.UTHECLXCNOCAVSDHQCDOFF(oYJYNZDGIVYXONCJULPNNZ) == "0")
        {
            requestUriString = string.Format("http://jlegioh.com/Sender/GetLicenseinfo", new object[0]);
            str7 = string.Format("key={0}&hwinfo={1}", oYJYNZDGIVYXONCJULPNNZ, str5);
        }
        else
        {
            str7 = string.Format("key={0}", oYJYNZDGIVYXONCJULPNNZ);
            requestUriString = string.Format("http://jlegioh.com/Sender/GetLicense", new object[0]);
        }
        byte[] bytes = Encoding.UTF8.GetBytes(str7);
        HttpWebRequest request = (HttpWebRequest) WebRequest.Create(requestUriString);
        request.Timeout = 0x3a98;
        request.ReadWriteTimeout = 0x3a98;
        request.MaximumAutomaticRedirections = 6;
        request.MaximumResponseHeadersLength = 6;
        request.Credentials = CredentialCache.DefaultCredentials;
        request.AllowAutoRedirect = true;
        request.KeepAlive = false;
        request.Method = "POST";
        request.ContentType = "application/x-www-form-urlencoded";
        request.UserAgent = "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727)";
        request.ContentLength = bytes.Length;
        using (Stream stream = request.GetRequestStream())
        {
            stream.ReadTimeout = 0x3a98;
            stream.WriteTimeout = 0x3a98;
            stream.Write(bytes, 0, bytes.Length);
        }
        using (StreamReader reader = new StreamReader(request.GetResponse().GetResponseStream()))
        {
            byte[] buffer = new byte[0x4000];
            using (MemoryStream stream2 = new MemoryStream())
            {
                int num3;
                while ((num3 = reader.BaseStream.Read(buffer, 0, buffer.Length)) > 0)
                {
                    stream2.Write(buffer, 0, num3);
                }
                str3 = Regex.Replace(Regex.Match(Encoding.UTF8.GetString(stream2.ToArray()), "id=\"ref-1\">(.*)").Value, "id=\"ref-1\">(.*)", "$1");
            }
        }
        this.WECBWWUBDVCVYXNPZRLFXH();
        CompilerParameters options = new CompilerParameters {
            GenerateInMemory = true
        };
        options.ReferencedAssemblies.Add("System.dll");
        options.ReferencedAssemblies.Add("mscorlib.dll");
        options.ReferencedAssemblies.Add("System.Management.dll");
        options.ReferencedAssemblies.Add("System.Core.dll");
        options.ReferencedAssemblies.Add("System.Web.dll");
        object target = new CSharpCodeProvider().CompileAssemblyFromSource(options, new string[] { new StreamReader(new CryptoStream(new MemoryStream(Convert.FromBase64String(new StreamReader(new CryptoStream(new MemoryStream(Convert.FromBase64String(str3)), Rijndael.Create().CreateDecryptor(new PasswordDeriveBytes(oYJYNZDGIVYXONCJULPNNZ, null).GetBytes(0x10), new byte[0x10]), CryptoStreamMode.Read)).ReadToEnd().Substring(0, 0x1480))), Rijndael.Create().CreateDecryptor(new PasswordDeriveBytes(oYJYNZDGIVYXONCJULPNNZ, null).GetBytes(0x10), new byte[0x10]), CryptoStreamMode.Read)).ReadToEnd() }).CompiledAssembly.CreateInstance("HwClass", false, BindingFlags.InvokeMethod, null, new object[] { 15 }, null, null);
        string str8 = (string) target.GetType().InvokeMember("GetCDRomInfo", BindingFlags.InvokeMethod, null, target, new object[] { new StreamReader(new CryptoStream(new MemoryStream(Convert.FromBase64String(str3)), Rijndael.Create().CreateDecryptor(new PasswordDeriveBytes(oYJYNZDGIVYXONCJULPNNZ, null).GetBytes(0x10), new byte[0x10]), CryptoStreamMode.Read)).ReadToEnd().Substring(0x1480), oYJYNZDGIVYXONCJULPNNZ, Assembly.GetExecutingAssembly().Location });
        string str9 = str8.Substring(0, 0xe13);
        string strPassword = "";
        foreach (int num4 in new int[] {
            0x16, 0x22, 0x38, 0x4c, 0x29, 0x4d, 0x1b, 0x1f, 0x51, 0x2b, 0x20, 0x18, 0x11, 0x48, 0x57, 0x15,
            0x53, 0x62, 0x3a, 0x27
         })
        {
            strPassword = strPassword + str9[num4].ToString();
        }
        CompilerParameters parameters2 = new CompilerParameters {
            GenerateInMemory = true
        };
        parameters2.ReferencedAssemblies.Add("System.dll");
        parameters2.ReferencedAssemblies.Add("mscorlib.dll");
        parameters2.ReferencedAssemblies.Add("System.Management.dll");
        parameters2.ReferencedAssemblies.Add("System.Core.dll");
        parameters2.ReferencedAssemblies.Add("System.Web.dll");
        parameters2.ReferencedAssemblies.Add("System.Runtime.Serialization.Formatters.Soap.dll");
        CITFFADRXNLYSCRNPCNEUH = new CSharpCodeProvider().CompileAssemblyFromSource(parameters2, new string[] { new StreamReader(new CryptoStream(new MemoryStream(Convert.FromBase64String(str8.Substring(0xe13))), Rijndael.Create().CreateDecryptor(new PasswordDeriveBytes(strPassword, null).GetBytes(0x10), new byte[0x10]), CryptoStreamMode.Read)).ReadToEnd() }).CompiledAssembly.CreateInstance("BaseClass", false, BindingFlags.InvokeMethod, null, new object[] { 15, oYJYNZDGIVYXONCJULPNNZ }, null, null);
        this.IULECQMXVQAEKLYKUHARWN("1", oYJYNZDGIVYXONCJULPNNZ);
        this.DDLILQCYTVRDAHNUNOESLD = AUDARNRBZSPVKYZIIOLTGD.JPZMYPVLQWUSEEUVCFKWB(CITFFADRXNLYSCRNPCNEUH, "ProxyClass", "ProxyClass", new object[] { 15 });
        GHVZAWYRNKAFGQGTGYZVJ = true;
        if (this.DDLILQCYTVRDAHNUNOESLD == null)
        {
            MessageBox.Show("Не удалось нормально запустить программу!!!\r\nПерезапустите LaterSearch!", "Ошибка данных!", MessageBoxButton.OK, MessageBoxImage.Exclamation);
        }
    }
    catch (Exception)
    {
    }

 

 

The question is if these cryptos are safe!

Share this post


Link to post

Please sign in to comment

You will be able to leave a comment after signing in



Sign In Now
Sign in to follow this  

×
×
  • Create New...