Help me for identify and unpack .net programm

[ranadharm]

hi all,
Help me how to unpack the file.
here is a dumped file.
RDG Packer detected "Confuser" but i can't unpack it, even though i can't load it in dnspy. de4dot is also not working on it. Reflector, SAE also fails to load the file.

http://www.mediafire.com/file/7w1cbkupspovq8v/ARETOUCH%20PRO4.rar

password : 1!2@3#4$5%

[sendersu]

Quote:

Originally Posted by ranadharm

hi all,
Help me how to unpack the file.
here is a dumped file.
RDG Packer detected "Confuser" but i can't unpack it, even though i can't load it in dnspy. de4dot is also not working on it. Reflector, SAE also fails to load the file.

http://www.mediafire.com/file/7w1cbkupspovq8v/ARETOUCH%20PRO4.rar

password : 1!2@3#4$5%

what is the error dnSpy saying?
have you used the latest rls build?

Refl/SAE/ILSpy will definitely fail on confuser, but dnSPy shall show all hte stuff

[ranadharm]

dnSpy showing only header. not any coding is there.

unconfuserex says SYSTEM.BADIMAGEFORMATEXCEPTION

[ranadharm]

I found this line "ConfuserEx v1.0.0-17-g2046c23" in the file. Means its packed with ConfuserEx v1.0.0
Is there any unpacker available for this version??? Or any trick how to unpack ???

[sendersu]

There are no "push the button - make me happy" tool for it

there are some tid-bits (part of big process) tools but you need to have a knowledge ...

[ranadharm]

@sebdersu
Thanks for your intrest.
Can you please explain me the process to unpack this file????

[tecnmarl]

Quote:

Originally Posted by ranadharm

@sebdersu
Thanks for your intrest.
Can you please explain me the process to unpack this file????

Following the instructions alone, is the worst thing for learning.
Packers behave in a similar way, so there are some general rules. Conceptually, you follow a procedure, remembering that a specific packer could vary drastically in how it's trying to accomplish the same result.

You should start with simple packers and check these three things:
- What are the things that different packers share?
- How can we identify the packer? (you won't find strings all the time)
- How do we unpack it?

A beautiful teaching experience is building your own packer and defeat it. It probably won't be a strong packer or a good one, but you will be a step closer to possess knowledge.

The core of reverse engineering is our work being facilitated by the right tools. We should know how to do it without them, relying on them as a shortcut not as the only way.

If you don't plan to learn this way, then try searching "confuserex unpack", after the first results from YouTube, you will find something...

[ranadharm]

thanks tecnmarl
i tried to unpack with "confuserex unpack" but nothing happen. i can't load in in any degugger like dnspy, SA, reflector.....

[tecnmarl]

Not everything can be loaded directly in a debugger.
Other than a "live" analysis there could be the need of a "cold" one.
The technical term is "static analysis".
Debuggers need to do some operations that could reveal them. For this reason, an anti reverse engineering technique is to detect a debugger and do some operations to obstruct them.
Sometimes we need to do some actions without executing the software.

In your specific case, the problem is not the packer, the problem is the exe. Check the sections and you will find something that is not right.

[silver]

you may want to load it with IDA and see IL code first.

And I agree with tecnmarl. This certain program is kinda difficult for newbies, lol.

[taos]

Ummm, you give us a dumped file that is corrupted. To help you, upload original packed file. Dumped file is useless because is not a valid dumped file, if it will be ok you got it unpacked. The best is share valid install-setup file.

[ranadharm]

here it is. Original setup x86 and x64
http://www.mediafire.com/file/cg61on...l/anurag_4.rar

if ask for password: 1!2@3#4$5%