Open digocesar opened 2 years ago
This is no joke.
I have tried to disable all protections (to then enable them one at a time) and have failed every time.
Here is the .csproj
file:
<project outputDir="Confused\" baseDir="d:\project1\bin\Release\" xmlns="http://confuser.codeplex.com">
<module path="project1.dll">
<rule pattern="true" inherit="false">
<protection id="anti debug" action="remove" />
<protection id="anti dump" action="remove" />
<protection id="anti ildasm" action="remove" />
<protection id="anti tamper" action="remove" />
<protection id="constants" action="remove" />
<protection id="ctrl flow" action="remove" />
<protection id="harden" action="remove" />
<protection id="invalid metadata" action="remove" />
<protection id="ref proxy" action="remove" />
<protection id="resources" action="remove" />
<protection id="typescramble" action="remove" />
<protection id="rename" action="remove" />
<protection id="watermark" action="remove" />
</rule>
</module>
</project>
And here is the output:
[INFO] Confuser.Core 1.6.0+447341964f Copyright © 2014 Ki, 2018 - 2022 Martin Karing
[INFO] Running on Microsoft Windows NT 6.2.9200.0, .NET Framework v4.0.30319.42000, 64 bits
[DEBUG] Discovering plugins...
[INFO] Discovered 13 protections, 1 packers.
[DEBUG] Resolving component dependency...
[INFO] Loading input modules...
[INFO] Loading 'project1.dll'...
[INFO] Initializing...
[DEBUG] Building pipeline...
[DEBUG] Executing 'Type scanner' phase...
[INFO] Resolving dependencies...
[DEBUG] Checking Strong Name...
[DEBUG] Creating global .cctors...
[DEBUG] Executing 'Name analysis' phase...
[DEBUG] Building VTables & identifier list...
[DEBUG] Analyzing...
[DEBUG] WinForms found, enabling compatibility.
[INFO] Processing module 'project1.dll'...
[DEBUG] Executing 'Invalid metadata addition' phase...
[DEBUG] Executing 'Renaming' phase...
[DEBUG] Renaming...
[DEBUG] Executing 'Anti-tamper module writer preparation' phase...
[DEBUG] Executing 'Anti-debug injection' phase...
[DEBUG] Executing 'Anti-dump injection' phase...
[DEBUG] Executing 'Anti-ILDasm marking' phase...
[DEBUG] Executing 'Encoding reference proxies' phase...
[DEBUG] Executing 'Constant encryption helpers injection' phase...
[DEBUG] Executing 'Resource encryption helpers injection' phase...
[DEBUG] Executing 'Type scrambler' phase...
[DEBUG] Executing 'Constants encoding' phase...
[DEBUG] Executing 'Hardening Phase' phase...
[DEBUG] Executing 'Anti-tamper helpers injection' phase...
[DEBUG] Executing 'Control flow mangling' phase...
[DEBUG] Executing 'Post-renaming' phase...
[DEBUG] Executing 'Anti-tamper metadata preparation' phase...
[DEBUG] Executing 'Apply watermark' phase...
[DEBUG] Watermarking...
[DEBUG] Executing 'Packer info extraction' phase...
[INFO] Writing module 'project1.dll'...
[DEBUG] Encrypting resources...
[INFO] Finalizing...
[DEBUG] Saving to 'd:\project1\bin\Release\Confused\project1.dll'...
[DEBUG] Executing 'Export symbol map' phase...
[INFO] Done.
Finished at 6:12 PM, 0:00 elapsed.
ILSpy
confirms all kinds of shenanigans have taken place.
It's nuts.
Same happening for me, no preset.
Here is the file:
<project outputDir="out\" baseDir="" xmlns="http://confuser.codeplex.com">
<rule pattern="true" preset="none" inherit="false">
<protection id="watermark" action="remove" />
<protection id="anti dump" />
<protection id="anti ildasm" />
<protection id="harden" />
<protection id="constants" />
<protection id="anti debug">
<argument name="mode" value="antinet" />
</protection>
<protection id="ctrl flow">
<argument name="predicate" value="expression" />
<argument name="junk" value="true" />
</protection>
<protection id="ref proxy">
<argument name="mode" value="strong" />
<argument name="internal" value="true" />
<argument name="typeErasure" value="true" />
</protection>
<protection id="rename">
<argument name="renEnum" value="true" />
<argument name="preserveGenericParams" value="false" />
<argument name="renPublic" value="true" />
</protection>
<protection id="resources" />
</rule>
<module path="client.exe" />
</project>
And in the logs for some reason I see this:
[DEBUG] Executing 'Type scrambler' phase...
But I haven't enabled it!
@LaraSQP @digocesar, it seems like it would say that is executes all phases even if it doesn't. No changes were made, only the ones that you have specifically "asked" for.
I have checked with ILSpy.
Some protections are always executed (like naming or resources) even when they are all explicitly removed.
I have checked with ILSpy.
Some protections are always executed (like naming or resources) even when they are all explicitly removed.
Was not the case for me. Used dnSpy, no modifications were made.
Appreciate it. Will double-check again tomorrow.
In my case the disabled protections were not executed. Only output that is showing wrong message.
Found the problem.
Even if all protections are disabled, the output exe/dll is not identical to the source.
Found the problem.
Even if all protections are disabled, the output exe/dll is not identical to the source.
Probably some minor changes that are very hard to pin-point. Do a bindiff, probably not the code.
Found the problem. Even if all protections are disabled, the output exe/dll is not identical to the source.
Probably some minor changes that are very hard to pin-point. Do a bindiff, probably not the code.
Well, some assemblies now contain stuff like this:
Again, all protections disabled as shown above.
I'm trying to understand what protections are being applied to my program, but from what I've noticed the output shows step of all protections, even if I disable all protections! This is the log of a disabled protection, implying that all protections have been applied:
Another possibility would be at the beginning of the log of each file to say which protections will be applied...