Closed ghost closed 9 years ago
XenocodeRCE
commented
9 years ago Eazfuscator is supported by de4dot so it's kinda useless.
In my humble opinion if your 'security checks' are simple If statements then the issue is not ConfuserEX but you (no offence).
There are still crackme program which are not obfuscated and which are not solved yet, so you can see how obfuscation should not be your number one on priority !
ghost
commented
9 years ago Hi, no offence taken. I see how you can think that with the incomplete explaination I have given. :) Afaik de4dot can not unpack virtualized code, which is what I'm using for my application. I don't only use ifs, in fact I have a quite elaborate structure of downloading code from a webserver that the program requires. All transfers use ssl, and are additionally "end to end" encrypted.
I would really like to see a crackme that is not obfuscated and still not solved. How would that work?
XenocodeRCE
commented
9 years ago Well my bad so, it looks like you put efforts on the security of your application.
Deo4Dot fully support Eazfuscator, and if Virtualisation still remains, you could use JITDumper 3.
If you want your application to not be decompilable forgot about .NET programming languages; even with an Uber-ultra mega obfuscator, people will still be able to clean metadata, and analyse the file to code a static deobfuscator
ghost
commented
9 years ago JitDumper has no effect on eazfuscators virtualization. I think what you mean is method body encryption, where the obfuscator injects code to hook the jit and dump the code after it has been decrypted and jitted. Virtualization is something entirely different. It never decrypts the code and adds a VM / an interpreter to "run" the virtualized code. JITDumper will not help at all against that.
I know that .NET is not the most secure, but it depends on what you're doing with it. I'm more concerned with real world applications here, not what if, and theory. :( Lets be honest, there are very few people who can crack all of confuserEx protections without help.
You are right ofc, people will be able to do it. But are they really willing to invest so much time to actually do it? They won't; not if the expected reward is too small.
Btw, If you're up to the job, I don't mind who does it as long as it gets done :)
XenocodeRCE
commented
9 years ago Github should not be confused with a freelance board; confuserEX is open source and you can easily make it suit your wishes
ghost
commented
9 years ago I see, I'm very sorry. I might have the required skill to add that, but certainly not the time. Also I tried freelance websites but nobody seems to be able to do it. That is why I thought I should ask people who actually know what they are doing regarding obfuscation (like here). Again, sorry for the thread, but I don't see any other way :/
XenocodeRCE
commented
9 years ago Check my repo I've made a modded version of ConfuserEX (I don't do any support for it), though of course if people WANT your file to be cracked, it WILL be cracked.
yck1509
Hi, I have some software that's getting cracked by people. I'm already using eazfuscator and virtualize important functions. I also transfer data from my authentication server the program needs to run (some small dll). ConfuserEx is nice but even more people seem to be able to crack its protection.
Would you (yck1509) be interested in a deal since I have no time to do it myself? I'd need some private protections, strong virtualization of methods, maybe also some additional stuff you can come up with. Ofc I'd be willing to pay quite some money for that!! Let me know if you're interested.