search

XenocodeRCE / neo-ConfuserEx

Updated ConfuserEX, an open-source, free obfuscator for .NET applications
http://yck1509.github.io/ConfuserEx/
Other
751 stars 88 forks source link

Counter public tools #1

Closed LuanDevecchi closed 6 years ago

LuanDevecchi commented 6 years ago

Counter ConfuserEx Constants decryptor by CodeCracker and ConfuserEx Static decryptor by Cawk credits goes to MindSystem.

As both tools checks for 'ldc.i4' before the call, just add an br.s which goes to the call after the ldc.i4.

It will insert a br.s between ldc.i4 and the call, making br.s the instruction before the call.

CodeCracker tool uses Invoke, just add a check to see if the assembly that is executing the code is the same as main assembly.

So to patch it, go to Runtime and add the check.


if (Assembly.GetExecutingAssembly() == Assembly.GetCallingAssembly())
{

//code

}
return default(T);
XenocodeRCE commented 6 years ago

Correct, thank you.

However :

• anti invoke can be patched (reverse branch, NOP etc,.) • added opcode too can be patched.

I'll apply your pull request while I'm workin on a native protection of the constant protection feature.