Leaderboard

Here we go, after the above step with slayer - Decrypt Methods unckecked; // Token: 0x0600081D RID: 2077 RVA: 0x0006E2E8 File Offset: 0x0006C4E8 [MethodImpl(MethodImplOptions.NoInlining)] internal unsafe static void qp1d5IbOJ() { Just fill at 006C4E8 with 062A so will change the body of method qp1d5IbOJ to a simple ret. after that we have a working file and we can deobfuscate with BabelDeobfuscator. Here is working unpacked file: https://workupload.com/file/3JqMck9ZtYR

Here is unpacked folder, all tools included. https://limewire.com/d/PWsfv#C32mVemS40 https://fileroy.com/2WVGr1E9zkx7/file https://zippyshare.day/YPGm89uDHMSpeoC/file Final unpacked exe is called drr_msil_Slayed2cleaned_.exe

Basically it works like this,your input gets hased and compared to stored hashed thats inside crackme. Stored hash is : 97328946466865e882e741277903962e7f1ca9cbb4e71948d740bbd38f702f3c <- crackmes hash. To patch application put bp on MessageBoxW and check the call stack. The address in my case is the second one on the call stack: 097044E3 - 8B CE - mov ecx,esi From this address scroll up and you will see : 097044A7 - 74 10 - je 097044B9 097044A9 - C6 05 744ED005 01 - mov byte ptr [05D04E74],01 { (0),1 } 097044B0 - 8B CE - mov ecx,esi 097044B2 - E8 CDE96500 - call 09D62E84 097044B7 - EB 2A - jmp 097044E3 097044B9 - C6 05 744ED005 00 - mov byte ptr [05D04E74],00 { (0),0 } Patch the first one 097044A7 - 74 10 - je 097044B9 to jne 097044B9 and that should be it.

Language : C/C++ Platform : Windows x32 OS Version : ( Windows 7,10) Packer / Protector : None Description : Goal : Find correct key. Enter key in textbox and click OK button then you see result . Screenshot : crackme_release.exe

Very nice crackme Salin! Noticed couple of things and gave it a try,its using a recrusive function that looked like Fbonacci but with a twist - when n equals 8 it returns the first character of my input XORed with 0x78 instead of the normal Fibonacci value. Code computes fib(14) and compares it against specific values in a switch statement. I knew standard fib(14) is 377 which equals 0x179. Working backwards since fib(8) gets replaced with char[0] ^ 0x78 , i needed to figure out what value makes the sequance land on 377. Turns out fib(8) needs to be 21 for this to work. So char[0] ^ 0x78 = 21 which means char[0] = 21 ^ 0x78 = 0x6D = 'm' There's a loop that validates characters 3 through 9 using a table at byte_411BFC. The validation formula : fib(i+8) - fib(i+6) == byte_411BFC[i] ^ char[3+i] Just rearranged it to solve for each character and u get : a, m, b, i, q, u, e. Now characters 1 and 2 were trickier. Character 1 determines a value dl through another Fibonacci call and character 2 gets XORed with that. There's a secondary check involving fib(17) that needs to equal 1597. After some trial and error found that char[1] = 'o' gives the right Fibonacci value, and char[2] = 'z' satisfies the XOR constraint. And if we finally put it all together we get a valid serial for this amazing crackme which is : mozambique I ran it through checksum calculation and got 0x12D4. Some code where it compares : 0040134B | 893D 20434100 | mov dword ptr ds:[414320],edi | 00401351 | 81FF D4120000 | cmp edi,12D4 |

@CodeExplorer Hello master, I followed your instructions for the new version of this application, but the code doesn't fully open and the executable still doesn't work. Could you please review it again? Your knowledge regarding this version of Reactor is very valuable to me. https://gofile.io/d/c1jG6d

It was interesting 😅 UnpackMe.Dumped.exe UnpackMe.Unpacked.exe

https://limewire.com/d/ms51G#Mpzupr348q https://fileroy.com/M2BGwO2XGj40/file https://zippyshare.day/EbxBhxDZZZbrlIH/file

😀😁 UnpackMe.Dumped.exe UnpackMe.Unpacked.exe

@Teddy Rogers It is seen to be wider and smoother. Many thanks. Regards. sean.