In this blog post, I will show you how to deobfuscated a ConfuserEx protected .NET application.
Unfortunately, there is a lot of videos on YouTube about how to deobfuscate such programs but these videos are so complicated and the instructions are either convoluted or do not yield a good result.
Let’s get started.
Step 1 – Inspecting the binary
You will need to get the dnSpy tool from here: https://github.com/0xd4d/dnSpy/releases
Open the program with dnSpy (or drag and drop it):
At first inspection, we can tell there’s obfuscation due to the name of the entrypoint at line 4 (being so cryptic). Additionally, if you click on the “ConfusedTest.exe” node, you will see more attributes and the obfuscator name (ConfuserEx v1.0.0-4-g3fd0d55):