If you’re interested in the work I do on this blog, and have a general interest in programming and/or reverse engineering you should check out a forum I’m a part of over at RTN-Team forum. It focuses on questions/help/releases related to reverse engineering but there a lot of experienced coders available to help out too.
It’s a small community right now and we want to keep it rather small, but with high quality content and members. Quality over quantity, you know. So please consider going over there and signup and hopefully join the community.
I’ve seen a lot of people lately having issues deobfuscating this protection, mostly because it can’t be done automatically be drag&dropping the file onto de4dot. So I’m gonna show you how to do it manually with WinDbg and De4dot in this paper.
As you might know I’ve written several papers covering the different protections of Confuser 1.9. Now that Yck1509 (author of Confuser) started working on a successor project I’m really excited to keep up the papers for the new ConfuserEx! It has far more complex obfuscation routines, and also introduces the use of native methods inside the .NET assembly, so hopefully I’ll learn some more x86 writing these. 🙂 So far I’ve covered 2 protections. I’ll try to continue whenever new features are added to the project. I’ll keep updating this blog entry whenever I release new papers. In the meantime, feel free to read through the list of finished ones:
A while ago I wrote a small series of papers on the different protections of the .NET obfuscator Confuser, specifically version 1.9 which is the latest public release. The links to these papers are scattered a bit all over, so I thought I might as well compile a list of them and post them here.