A walkthrough to deobfuscating a ConfuserEx v1.0.0-4 g3fd0d55 protected .NET application

In this blog post, I will show you how to deobfuscated a ConfuserEx protected .NET application.

Unfortunately, there is a lot of videos on YouTube about how to deobfuscate such programs but these videos are so complicated and the instructions are either convoluted or do not yield a good result.

Let’s get started.

Step 1 – Inspecting the binary

You will need to get the dnSpy tool from here: https://github.com/0xd4d/dnSpy/releases

Open the program with dnSpy (or drag and drop it):

At first inspection, we can tell there’s obfuscation due to the name of the entrypoint at line 4 (being so cryptic). Additionally, if you click on the “ConfusedTest.exe” node, you will see more attributes and the obfuscator name (ConfuserEx v1.0.0-4-g3fd0d55):

Continue reading “A walkthrough to deobfuscating a ConfuserEx v1.0.0-4 g3fd0d55 protected .NET application”

BOSE: Noise masking sleepbuds

I bought myself the noise masking sleepbuds from BOSE to combat loisy upstairs neighbors who stomp all the time at night and early morning:

I tried them for two nights and I like the technology, unfortunately, I did not keep them because they were not comfortable for side sleepers.

The sleepbuds fit well in the ear and produce soothing music (you have a big selection from the phone app), however I found that any external speakers that can generate white noise can do the same effect.


You might also like:

15 Useful Batch files programming recipes

In the Batchography book, I cover basic to advanced Batch files programming topics. Since the book was published in 2016, I kept blogging about Batch programming language.

Here’s a collection of some useful recipes:

  1. Check if the script is running as an Administrator
  2. String substitution
  3. Number counting
  4. Batch files and Unicode
  5. Read from a text file, one line at a time
  6. Switch/case in Batch files
  7. Auto reinterpret/compile changed files
  8. Reading from a file
  9. Tokenizing command output
  10. Polyglot: Python and Batch files
  11. Polyglot: Batch file + self compiling C++
  12. Embedding binaries inside Batch files
  13. Interactive Batch files
  14. Writing a game – The Hangman
  15. Batchography: Parsing INI files from a Batch file

 

flower separator
batchography-good-resDo you want to master Batch Files programming? Look no further, the Batchography is the right book for you.

Available in print or e-book editions from Amazon.

flower separator


flower separator

You might also like:

Can you solve this puzzle?

I got this silly puzzle via chain mail:

Can you solve it?

Maybe you will be able to, but don’t beat yourself up if you don’t get it right.

You might also like:

When it comes to keyboards, I am super picky!

When I got my first computer, I got attached to its keyboard (The Honeywell 101WN model). In fact, I kept the keyboard until I bought a new computer with no PS/2 ports on it.

It was a sad moment when I realized that I have to move on and find a new keyboard.

While I could have bought a PS/2 adapter, I needed the “Windows” key which is available on newer keyboards.

I think a big majority of programmers love their keyboards and their layout, just like me.

I am very picky when it comes to keyboards. If I don’t like the keyboard, I might not like the whole laptop for instance.

It took me a while to get used to the old MacBook Pro’s keyboards but just after I started liking their keyboards, Apple changed the mechanism to the butterfly mechanism and made the keyboards repulsing in my opinion. I won’t buy a new MacBook because of their keyboards. The same goes for Microsoft Surface laptops. I did not like their toy-like keyboards and therefore won’t buy, endorse or use a Microsoft Surface book or laptop . The most pleasant keyboards so far are the IBM / Lenovo keyboards. That’s why all of my PC laptops are a Lenovo X or T series.

You might also like:

Batchography: Detect Windows Language

To detect the Windows Operating system language, it is enough to query the registry. We use the “reg query” command and then parse the output.

@echo off

setlocal

:: https://docs.microsoft.com/en-us/previous-versions/office/developer/speech-technologies/hh361638(v=office.14)

for /F "usebackq tokens=3" %%a IN (`reg query "hklm\system\controlset001\control\nls\language" /v Installlanguage`) DO (
  set lang_id=%%a
)
:: 0409 English ; 0407 German ; 040C French ; 0C0A Spanish

if "%lang_id%"=="0409" (
  echo English detected
) else if "%lang_id%" == "040C" (
  echo French detected
) else (
  echo Note: Unknown language ID %lang_id%!
)

echo LangID=%lang_id%

You can learn about advanced Batch scripting techniques in the Batchography book.
flower separator
batchography-good-resDo you want to master Batch Files programming? Look no further, the Batchography is the best book on the topic and the most up to date!

Available in print or e-book editions from Amazon.

 


You might also like:

Batchography: what happens when you redirect ‘cls’ to a file?

Let’s assume you have a Batch file (test.bat) with the following contents:

@echo off
echo 1
cls
echo 2

And then you run this Batch file and redirect its output to a text file called “out.txt”:

C:>test.bat >out.txt

What do you think the output would be?

At first, I thought it would be:

1
2

But little did I know that when ‘cls’ is invoked in a context where stdout is redirect to a file, then a form feed character (0xC) is emitted instead:

I was curious, so I disassembled ‘cmd.exe’ to verify my findings. Lo and behold, indeed, ‘cmd.exe’ does that:

int __stdcall eCls(struct cmdnode *a1)
{
  HANDLE hStdOut;
  HANDLE v2;
  SMALL_RECT ScrollRectangle; 
  COORD dwDestinationOrigin;
  CHAR_INFO Fill;
  struct _CONSOLE_SCREEN_BUFFER_INFO ConsoleScreenBufferInfo;

  if ( FileIsDevice((char *)1) )
  {
    hStdOut = GetStdHandle(STD_OUTPUT_HANDLE);
    if ( GetConsoleScreenBufferInfo(hStdOut, &ConsoleScreenBufferInfo) )
    {
      dwDestinationOrigin.Y = -ConsoleScreenBufferInfo.dwSize.Y;
      dwDestinationOrigin.X = 0;
      *(_DWORD *)&ScrollRectangle.Left = 0;
      ScrollRectangle.Bottom = ConsoleScreenBufferInfo.dwSize.Y;
      ScrollRectangle.Right = ConsoleScreenBufferInfo.dwSize.X;
      Fill.Char.UnicodeChar = 32;
      Fill.Attributes = ConsoleScreenBufferInfo.wAttributes;
      ScrollConsoleScreenBufferW(hStdOut, &ScrollRectangle, 0, dwDestinationOrigin, &Fill);
      ConsoleScreenBufferInfo.dwCursorPosition = 0;
      v2 = GetStdHandle(0xFFFFFFF5);
      SetConsoleCursorPosition(v2, 0);
    }
    else
    {
      cmd_printf(page_feed);
    }
  }
  else
  {
    cmd_printf(page_feed);
  }
  return 0;
}

(Lines 29 and 34 are of interest)

In conclusion, be aware if you redirect a Batch file to another file and compare the result. If the Batch file uses CLS, you have to account for the form feed character showing up!
flower separator
batchography-good-resDo you want to master Batch Files programming? Look no further, the Batchography is the best book on the topic and the most up to date!

Available in print or e-book editions from Amazon.

 


You might also like:

 

Apple’s Measure App

If you have iOS 12+ then you should try Apple’s Measure app. It is really handy.

You can measure:

  • Bookshelves
  • Picture frames
  • Window sizes
  • Door sizes
  • etc…


You might also like:

Riddle: How many brothers and sisters are there in this family? Z3 Theorem prover

The other day, I ran into a riddle:

A brother said to his sister: “I have as many sisters as brothers”
His sister replied: “I have twice as many brothers as I have sisters”

How many brothers and sisters exist in this family?

I figured that it’s a nice exercise for the Z3 theorem prover. All I had to do is express the riddle in a series of constraints and ask Z3 to try to find a solution.

The following is a Z3Py program that expresses the riddle:

import z3

# Create a solver instance
s = z3.Solver()

# Create two variables representing the total number of males and females (m and f)
m, f = z3.Ints('m f')

# The brother said: I have as many brothers as sisters
s.add(m - 1 == f)

# The sister said: I have twice as much brothers as I have sisters
s.add(2 * (f - 1) == m)

# Check for the solution
if s.check() == z3.sat:
  sol = s.model()
  print "Brothers: %d, Sisters: %d" % (sol[m].as_long(), sol[f].as_long())

When we run the solver, we get the following solution: 4 males, 3 females.

If you prefer the good old systems of equations, we can solve it like this:

The brother said:
m - 1 = f          (1)

The sister said:
2 * (f - 1) = m    (2)


So we have 2 equations, let's do some substitution:

-> f = m - 1        (1)
-> 2f - 2 = m       (2)

--> m = 2f - 2      (2)
--> f = 2f - 2 - 1  (1)
--> f = 2f - 3
--> f - 2f = -3
--> -f = -3
--> f = 3

--> m = 2f - 2
--> m = 2*3 - 2
--> m = 6 - 2
--> m = 4

 

You might also like:

Batchography: Batch script to automatically recompile or run a script interpreter

Hello,

In a previous blog post, I showed you how to write a polyglot Batch file that is both a Batch script and a C++ source file. When the Batch file is executed, it compiles itself (as C++).  In this blog post I am going to show you how to write a Batch file script that polls the file system periodically to see if a given input file is changed and if so, it will invoke the compiler or interpreter of your choice.

This concept is similar to what the Compiler Explorer does actually.

I am going to write a small script that keeps running your Python script automatically in a separate console window the moment you save the script in your editor. Check the script in action:

Continue reading “Batchography: Batch script to automatically recompile or run a script interpreter”