All Activity

After searching, the problem was solved by adding bcdedit /set testsigning on Thank you.

This is my version of unpacked. Just used fixed this github repo: https://github.com/colby57/VMP-Imports-Deobfuscator Here is my fixed version to unpack this file: https://github.com/pulpgit/Themida-Imports-Deobfuscator-main UnpackMe_cleaned.7z

DNGuard HVM v4.94 Hey, Dropping my second UnpackMe challenge, made just for fun. This one’s a bit tougher than my first, but still very doable. The goal is to unpack and analyze the binary and reach the success message. Cracking it is extra, not required. It’s a simple .NET WinForms app that asks for a password and shows “Access granted” when the condition is met. The UI is trivial, the focus is on what’s happening once protections kick in. Protected with DNGuard HVM Enterprise. Source code, compiler-generated code, constructors, strings, managed resources, and blob heaps are encrypted. HVM and HVM II are both enabled at level 5, with proxy methods and additional runtime protections. Metadata is obfuscated, name heaps are destroyed, automatic renaming and dynamic control flow obfuscation are enabled, and basic anti-dump and anti-static measures are in place. The password is not stored in plaintext. Verification is done against a SHA-256 hex hash (PasswordSha256Hex). If you want to reverse or bypass that, that’s the crack portion and optional. Screenshots show the app and protection settings used. File Information Submitter Visual Studio Submitted 12/13/2025 Category UnPackMe (.NET) View File

Custom Python Obfuscator (CM) Decryption doesn't involve modifying the Python interpreter; everything is done through code obfuscation. Password verification is performed via hash comparison—finding the correct hash to compare against counts as success. My custom obfuscator has just been released—come and give it a try! It includes techniques such as control-flow obfuscation, string encryption, virtualization, and C++ white-box implementation. File Information Submitter 1346 Submitted 12/13/2025 Category CrackMe View File

<font dir="auto" style="vertical-align: inherit;"><font dir="auto" style="vertical-align: inherit;">SEKeygen.rar</font></font>HWID hash: 83A5249484F096DB700F771CF0A5F51B Decoded value 8A357B71C2ECFA5F7FC3275B5DBF9F61D4F98CA089470FCF390DFC0BC125917C92D667ACA678A0D485F7566FBBA52233 Reg SOFTWARE\Classes\Interface\{19335D77-1E2D-1337-146B-19F5CABF57A8} KeySize: 1024 E: 65537 CPU MAC BIOS HDD HWID

https://limewire.com/d/ms51G#Mpzupr348q https://fileroy.com/M2BGwO2XGj40/file https://zippyshare.day/EbxBhxDZZZbrlIH/file

A huge thank you, I appreciate your many years of service, master. However, the link is broken; is there any chance you could re-upload it? I couldn't download it.

Very nice crackme Salin! Noticed couple of things and gave it a try,its using a recrusive function that looked like Fbonacci but with a twist - when n equals 8 it returns the first character of my input XORed with 0x78 instead of the normal Fibonacci value. Code computes fib(14) and compares it against specific values in a switch statement. I knew standard fib(14) is 377 which equals 0x179. Working backwards since fib(8) gets replaced with char[0] ^ 0x78 , i needed to figure out what value makes the sequance land on 377. Turns out fib(8) needs to be 21 for this to work. So char[0] ^ 0x78 = 21 which means char[0] = 21 ^ 0x78 = 0x6D = 'm' There's a loop that validates characters 3 through 9 using a table at byte_411BFC. The validation formula : fib(i+8) - fib(i+6) == byte_411BFC[i] ^ char[3+i] Just rearranged it to solve for each character and u get : a, m, b, i, q, u, e. Now characters 1 and 2 were trickier. Character 1 determines a value dl through another Fibonacci call and character 2 gets XORed with that. There's a secondary check involving fib(17) that needs to equal 1597. After some trial and error found that char[1] = 'o' gives the right Fibonacci value, and char[2] = 'z' satisfies the XOR constraint. And if we finally put it all together we get a valid serial for this amazing crackme which is : mozambique I ran it through checksum calculation and got 0x12D4. Some code where it compares : 0040134B | 893D 20434100 | mov dword ptr ds:[414320],edi | 00401351 | 81FF D4120000 | cmp edi,12D4 |

@CodeExplorer please check Private message.

Here we go, after the above step with slayer - Decrypt Methods unckecked; // Token: 0x0600081D RID: 2077 RVA: 0x0006E2E8 File Offset: 0x0006C4E8 [MethodImpl(MethodImplOptions.NoInlining)] internal unsafe static void qp1d5IbOJ() { Just fill at 006C4E8 with 062A so will change the body of method qp1d5IbOJ to a simple ret. after that we have a working file and we can deobfuscate with BabelDeobfuscator. Here is working unpacked file: https://workupload.com/file/3JqMck9ZtYR

Thank you for your interest. I need the working file, so I think I need to report this to Slayer. It seems like there's no other way to fix it. I'll report this to Slayer, but I don't think they're actively updating it.

You can post in the thread of target protector(eg. https://forum.tuts4you.com/topic/43240-netreactorslayer/ for your target) Rename it to 1.exe or test.exe to let people believe it's just a sample or demo rather than commercial software, and claim the unpacker doesn't work. Maybe they will update the unpacker to support your target.

Protected by Unregistered version of Reactor. It has file integrity check. First unpack by SMD_FOR_AGILE https://forum.tuts4you.com/topic/41297-smd-for-agile/page/16/#comment-228021 Then use this new sheet: for reactor: https://workupload.com/file/42W8w5WAUMj specify file to decrypt as SysEventServiceV298_msil.exe and as original file SysEventServiceV298.exe the unpacking works fine. Note however that file still doesn't run as Babel obfuscation is still there.

I'm sorry, I tried everything I had for Babel and Reactor but it was unsuccessful.

.NET Reactor + Babel.NET

Am looking for Maldev Academy: malware Development 2025 update .

@CreateAndInject Do you have a chance to deal with this?

@CodeExplorer https://gofile.io/d/5hzUgS Hello, do you have a solution for this? Because I've tried your other Slayer fix versions, the code isn't fully decoded, and unfortunately, the executable doesn't work.

I agree. He never explains step by step how he did it. Why is it approved?