Detect Confuser 1.9 r75725 methods encrypter
This commit is contained in:
parent
f998afd74e
commit
9d386c528c
|
@ -41,6 +41,7 @@ namespace de4dot.code.deobfuscators.Confuser {
|
|||
// Removed in Confuser 1.7 r73404 and restored in Confuser 1.7 r73605
|
||||
v17_r73605,
|
||||
v18_r75288,
|
||||
v19_r75725,
|
||||
}
|
||||
|
||||
public MemoryMethodsDecrypter(ModuleDefinition module, ISimpleDeobfuscator simpleDeobfuscator)
|
||||
|
@ -91,8 +92,10 @@ namespace de4dot.code.deobfuscators.Confuser {
|
|||
}
|
||||
else if (DotNetUtils.callsMethod(decryptMethod, "System.Security.Cryptography.Rijndael System.Security.Cryptography.Rijndael::Create()"))
|
||||
version = ConfuserVersion.v17_r73605;
|
||||
else
|
||||
else if (DotNetUtils.hasString(initMethod, "<Unknown>"))
|
||||
version = ConfuserVersion.v18_r75288;
|
||||
else
|
||||
version = ConfuserVersion.v19_r75725;
|
||||
|
||||
return true;
|
||||
}
|
||||
|
@ -136,6 +139,7 @@ namespace de4dot.code.deobfuscators.Confuser {
|
|||
|
||||
case ConfuserVersion.v17_r73605:
|
||||
case ConfuserVersion.v18_r75288:
|
||||
case ConfuserVersion.v19_r75725:
|
||||
return initializeKeys_v17_r73605();
|
||||
|
||||
default:
|
||||
|
@ -290,6 +294,7 @@ namespace de4dot.code.deobfuscators.Confuser {
|
|||
case ConfuserVersion.v17_r72989: return decrypt_v16_r71742(peImage, fileData);
|
||||
case ConfuserVersion.v17_r73605: return decrypt_v17_r73605(peImage, fileData);
|
||||
case ConfuserVersion.v18_r75288: return decrypt_v17_r73605(peImage, fileData);
|
||||
case ConfuserVersion.v19_r75725: return decrypt_v17_r73605(peImage, fileData);
|
||||
default: throw new ApplicationException("Unknown version");
|
||||
}
|
||||
}
|
||||
|
@ -449,6 +454,11 @@ namespace de4dot.code.deobfuscators.Confuser {
|
|||
|
||||
case ConfuserVersion.v18_r75288:
|
||||
minRev = 75288;
|
||||
maxRev = 75720;
|
||||
return true;
|
||||
|
||||
case ConfuserVersion.v19_r75725:
|
||||
minRev = 75725;
|
||||
maxRev = int.MaxValue;
|
||||
return true;
|
||||
|
||||
|
|
Loading…
Reference in New Issue
Block a user