Jump to content
Sign in to follow this  
Anonymous

Need help [Confuser]

Recommended Posts

I know password, but i want to crack.

 

Alredy tried with NoFuser. Not working...

 

SAFmCIA.png

Share this post


Link to post

No .NET module used so it is easy!

 

For decrypting methods use:

Confuser_Methods_Decryptor.zip (attached)

 

After that use:

DelegateKiller for Confuser
http://board.b-at-s.info/index.php?showtopic=9048&hl=

 

Unpacking Confuser:

http://board.b-at-s.info/index.php?showtopic=9072

I don't know yet how to decrypt strings!

 

Confuser_Methods_Decryptor.zip

  • Upvote 2

Share this post


Link to post

No .NET module used so it is easy!

 

For decrypting methods use:

Confuser_Methods_Decryptor.zip (attached)

 

After that use:

DelegateKiller for Confuser

http://board.b-at-s.info/index.php?showtopic=9048&hl=

 

Unpacking Confuser:

http://board.b-at-s.info/index.php?showtopic=9072

I don't know yet how to decrypt strings!

 

 

This method not working for this! Already tried....

Share this post


Link to post

This method not working for this! Already tried....

This protected file don't use the .NET module trick, you just have to decrypt method body, restore delegates and decrypt strings:

For decrypting strings with Confuser String Decryptor you just have to patch a bit the string decryption method:

 

/* private scope */ static T smethod_0(uint a, ulong b)

{

    object obj2;

    StackFrame frame = new StackFrame(1);

    if (!(frame.GetMethod().DeclaringType.Assembly == typeof(Class5).Assembly))

    {

        Environment.FailFast(null);  // nop this call so won't fail!

    }

 

Unpacked file:

http://www.multiupload.nl/NPWOIY1O3U

  • Upvote 1

Share this post


Link to post

An open-source protector seems to be doing better than most expensive ones !

 

well done yck

  • Upvote 4

Share this post


Link to post

This protected file don't use the .NET module trick, you just have to decrypt method body, restore delegates and decrypt strings:

For decrypting strings with Confuser String Decryptor you just have to patch a bit the string decryption method:

 

/* private scope */ static T smethod_0<T>(uint a, ulong b)

{

    object obj2;

    StackFrame frame = new StackFrame(1);

    if (!(frame.GetMethod().DeclaringType.Assembly == typeof(Class5).Assembly))

    {

        Environment.FailFast(null);  // nop this call so won't fail!

    }

 

Unpacked file:

http://www.multiupload.nl/NPWOIY1O3U

 

 

Thanks you! You really helped me!!!

Share this post


Link to post

This protected file don't use the .NET module trick, you just have to decrypt method body, restore delegates and decrypt strings:

For decrypting strings with Confuser String Decryptor you just have to patch a bit the string decryption method:

 

/* private scope */ static T smethod_0<T>(uint a, ulong b)

{

    object obj2;

    StackFrame frame = new StackFrame(1);

    if (!(frame.GetMethod().DeclaringType.Assembly == typeof(Class5).Assembly))

    {

        Environment.FailFast(null);  // nop this call so won't fail!

    }

 

Unpacked file:

http://www.multiupload.nl/NPWOIY1O3U

 

 

How to patch the string decryption method?

Share this post


Link to post

Method T smethod_0 is the string decryption method

 

/* private scope */ static T smethod_0(uint a, ulong b)
{
    object obj2;
    StackFrame frame = new StackFrame(1);
    if (!(frame.GetMethod().DeclaringType.Assembly == typeof(Class5).Assembly))
    {
        Environment.FailFast(null);
    }

 
This is under IL:

.method privatescope hidebysig static !!T smethod_0(uint32 a, uint64 b) cil managed
{
    // real token: 06000067
    // token: 06000067
    .maxstack 5
    .locals init (
        [0] object obj2,
        [1] uint32 num,
        [2] uint8[] buffer,
        [3] !!T[] localArray,
        [4] class [mscorlib]System.Reflection.MethodBase base2,
        [5] uint8[] buffer2,
        [6] !!T local,
        [7] uint64 num2,
        [8] uint64 num3,
        [9] uint64 num4,
        [10] class [mscorlib]System.Diagnostics.StackFrame frame,
        [11] class [mscorlib]System.Collections.Generic.Dictionary`2 dictionary,
        [12] uint32 num5,
        [13] int32 num6,
        [14] uint64 num7,
        [15] uint64 num8,
        [16] uint32 num9,
        [17] int32 num10)
    L_0000: ldc.i4.1  // 17
    L_0001: newobj instance void [mscorlib]System.Diagnostics.StackFrame::.ctor(int32) // 73A700000A
    L_0006: stloc.s frame // 130A
    L_0008: ldloc.s frame // 110A
    L_000a: callvirt instance class [mscorlib]System.Reflection.MethodBase [mscorlib]System.Diagnostics.StackFrame::GetMethod() // 6FA900000A
    L_000f: callvirt instance class [mscorlib]System.Type [mscorlib]System.Reflection.MemberInfo::get_DeclaringType() // 6F6400000A
    L_0014: callvirt instance class [mscorlib]System.Reflection.Assembly [mscorlib]System.Type::get_Assembly() // 6F1E00000A
    L_0019: ldtoken Class5 // D016000002
    L_001e: call class [mscorlib]System.Type [mscorlib]System.Type::GetTypeFromHandle(valuetype [mscorlib]System.RuntimeTypeHandle) // 281700000A
    L_0023: callvirt instance class [mscorlib]System.Reflection.Assembly [mscorlib]System.Type::get_Assembly() // 6F1E00000A
    L_0028: ceq  // FE01
    L_002a: brtrue.s L_0032 // 2D06
    L_002c: ldnull  // 14                         // change this to 00
    L_002d: call void [mscorlib]System.Environment::FailFast(string) // 28AA00000A  // change this to 0000000000

    L_0032: ldtoken Class5 // D016000002

 After that decrypt strings with ConfuserStringDecryptor!

  • Upvote 1

Share this post


Link to post

Method T smethod_0 is the string decryption method

 

/* private scope */ static T smethod_0<T>(uint a, ulong b)

{

    object obj2;

    StackFrame frame = new StackFrame(1);

    if (!(frame.GetMethod().DeclaringType.Assembly == typeof(Class5).Assembly))

    {

        Environment.FailFast(null);

    }

 

 

This is under IL:

.method privatescope hidebysig static !!T smethod_0<T>(uint32 a, uint64 b) cil managed

{

    // real token: 06000067

    // token: 06000067

    .maxstack 5

    .locals init (

        [0] object obj2,

        [1] uint32 num,

        [2] uint8[] buffer,

        [3] !!T[] localArray,

        [4] class [mscorlib]System.Reflection.MethodBase base2,

        [5] uint8[] buffer2,

        [6] !!T local,

        [7] uint64 num2,

        [8] uint64 num3,

        [9] uint64 num4,

        [10] class [mscorlib]System.Diagnostics.StackFrame frame,

        [11] class [mscorlib]System.Collections.Generic.Dictionary`2<uint32, object> dictionary,

        [12] uint32 num5,

        [13] int32 num6,

        [14] uint64 num7,

        [15] uint64 num8,

        [16] uint32 num9,

        [17] int32 num10)

    L_0000: ldc.i4.1  // 17

    L_0001: newobj instance void [mscorlib]System.Diagnostics.StackFrame::.ctor(int32) // 73A700000A

    L_0006: stloc.s frame // 130A

    L_0008: ldloc.s frame // 110A

    L_000a: callvirt instance class [mscorlib]System.Reflection.MethodBase [mscorlib]System.Diagnostics.StackFrame::GetMethod() // 6FA900000A

    L_000f: callvirt instance class [mscorlib]System.Type [mscorlib]System.Reflection.MemberInfo::get_DeclaringType() // 6F6400000A

    L_0014: callvirt instance class [mscorlib]System.Reflection.Assembly [mscorlib]System.Type::get_Assembly() // 6F1E00000A

    L_0019: ldtoken Class5 // D016000002

    L_001e: call class [mscorlib]System.Type [mscorlib]System.Type::GetTypeFromHandle(valuetype [mscorlib]System.RuntimeTypeHandle) // 281700000A

    L_0023: callvirt instance class [mscorlib]System.Reflection.Assembly [mscorlib]System.Type::get_Assembly() // 6F1E00000A

    L_0028: ceq  // FE01

    L_002a: brtrue.s L_0032 // 2D06

    L_002c: ldnull  // 14                         // change this to 00

    L_002d: call void [mscorlib]System.Environment::FailFast(string) // 28AA00000A  // change this to 0000000000

    L_0032: ldtoken Class5 // D016000002

 

 After that decrypt strings with ConfuserStringDecryptor!

Thanks you for help. I unpacked with NoFuser. I just installed .NET Framework 4.5

Share this post


Link to post

Please sign in to comment

You will be able to leave a comment after signing in



Sign In Now
Sign in to follow this  

×
×
  • Create New...