Skip to content
This repository has been archived by the owner. It is now read-only.

Protection is completely broken #498

Closed
Symbai opened this issue Jun 3, 2016 · 1 comment

Comments

Projects
None yet
2 participants
@Symbai
Copy link

commented Jun 3, 2016

The tool AMegaDumper from SND can drop any confuserex (even custom version of confuserex) protected assembly and the source code of the dropped (un)protected assembly is fully revealed.

The tool AMegaDumper is not protected. It starts by a readprocessmemory on the protected process and then drop all .NET modules including the fully unprotected original assembly. Any ideas for protection against this method?

@rolandh

This comment has been minimized.

Copy link

commented Mar 19, 2017

It is not broken. All obfuscators and packers can be dumped all it does is make it more time consuming. It is a cat and mouse game before someone releases and automated dumper.

Confuserex is good for renaming and stripping meta data, the rest of the items are just a good way to get your program flagged as a virus and I would not use them.

Amegadumper or de4dot will not undo a rename operation as it is a lossy process. Hence protection is not completely broken.

@Symbai Symbai closed this Dec 6, 2018

Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
You can’t perform that action at this time.