Video Tutorial – Unpacking/Deobfuscation of Telerik Academy Anticheat Client – Confuser 1.9

Telerik Academy

Just two years ago I recorded this video tutorial to exercise my cracking skills. Until now it has not been placed on the web in order not be used to the detriment of Telerik Academy. Two years later the video was uploaded on YouTube and now you can watch it completely free 🙂

 

Video:

Info:

File version: 0.3.1281.0
Protection: Confuser, version: 1.9
Date: 20.02.2014

 

Everything you need:

  • Of course Telerik Academy Anticheat Client
  • Justdecompile or ILSpy
  • MegaDumper
  • Process Manager
  • Confuser methods decrypter
  • Module to Assembly
  • Cff explorer
  • de4dot
  • SAE (Simple Assembly Explorer)
  • DelegateKiller
  • StringDecrypt

 

And all steps:

1. Download the Telerik Academy Anticheat Client
2. Unrar it
3. Load into Justdecompile or ILSpy to check if it is obfuscated
4. Start MegaDumper
5. Don’t restore filename
6. Process Manager
7. Find right Module 01BD5248 or something with Mz – minimize
8. Dump All ….
9. Check for “___.netmodule” in tables -> modules
10. Rename to “___.netmodule” (copy to tools folder)
11. Confuser methods decrypter -> original and ___.netmodule
12. Module to Assembly
13. Original and decrypted ___.netmodule
14. Try to start decrypted.exe -> Cff explorer -> file header -> characteristics-> remove file is dll
15. Optional header -> subsystem = 0002 -> save and yes
16. Clean with de4dot -> cmd + de4dot +–keep-names d –keep-types+ file (assembly)
17. SAE -> Cleaned -> module ctor -> class2 smethod 0 -> get hex (185)
18. Cff explorer -> Tables class 289 (185 hex) get RVA
19. Cff explorer -> address converter -> RVA -> “1B30” -> change to062A” -> save, yes
20. DelegateKiller
21. StringDecrypt
22. Drag to de4dot to clean all
22. Check in ILSpy
23. Check does it run

 

Only for educational purposes only!

That’s all 🙂

Tweet about this on TwitterShare on Facebook0Share on Google+0Pin on Pinterest0

beBoss

Живота е като терена или ставаш силен, блокираш, сваляш и оцеляваш
или се отказваш, падаш и си заминаваш !

beBoss™