Jump to content
View in the app

A better way to browse. Learn more.
Tuts 4 You

A full-screen app on your home screen with push notifications, badges and more.

To install this app on iOS and iPadOS
  1. Tap the Share icon in Safari
  2. Scroll the menu and tap Add to Home Screen.
  3. Tap Add in the top-right corner.
To install this app on Android
  1. Tap the 3-dot menu (⋮) in the top-right corner of the browser.
  2. Tap Add to Home screen or Install app.
  3. Confirm by tapping Install.

[UnpackMe] Fort UnpackMe

Gladiator
Gladiator
in UnPackMe (.NET)

Featured Replies

Posted

Please Unpack and Crack it

Options :

[+] Method Obfuscation

[+] String Enryption

[+] Resource Protection

[+] anti Patch Protection

Best Regards

Magician

Hi,

so why do you use NetFrameWork now?Ok so with NetFrameW.... I have not much and less to do so I have to quit this time. :)

greetz

  • Author

I am just trying some methods and commercial protectors in .net and there is no idea to make some thing stronger

Thanks Dear LCF-AT wub.png

Edited by Magician

The protection seems to be CodeFort .NET.

The protection scheme is really simply, they used name and string obfuscation and also a flow obfuscation based on delegates calls.

All the calls in this app are redirected to delegates, in the .cctor() of these delegates there is another call to a method that receives an integer, this integer indexes the real method that need to be executed.

The body method is obtained by reflection from a resource file.

The key of the crackme is: HF738HVHXHCIHQ2873H8273HFIUSHF7238HF2F

Removing all the delegates will require me a little bit of programming, perhaps mono.cecil is a good option.

    •
    • Like 2
    • Author

    @jacano:

    What about unpacking ? in this case we have so simple target and i think finding password was not so hard but what we can do in complex targets ?

    At entry point:

    Assembly assembly = delegate034.m0000ad(delegate034.f000084);

    Stream stream = delegate035.m0000ae(assembly, "_", delegate035.f000085);

    is infact:

    Assembly assembly = Assembly.GetExecutingAssembly();

    Stream stream = Assembly.GetManifestResourceStream(assembly, "_");

    quite easy to deprotect using reflection/mono.cecil

    @LCF-AT:

    Seems that "Magician" test all posible comercial .NET protection

    in order to use them for "his" next .NET protector.

    Unpacked file:
    />http://www.multiupload.com/148JCQE44H

    Next ?

    • Author

    @LCF-AT:

    Seems that "Magician" test all posible comercial .NET protection

    in order to use them for "his" next .NET protector.

    Unpacked file:

    http://www.multiupload.com/148JCQE44H

    Next ?

    No , i just test them for learning some thing and don't want to use them.Thanks.
    No , i just test them for learning some thing and don't want to use them.Thanks.

    I've heard something else ...

    So you stopped at CodeFort .NET for "your" protector.

    •
    • Like 1

    Create an account or sign in to comment

    Go to topic listing

    Configure browser push notifications
    Chrome (Android)
    1. Tap the lock icon next to the address bar.
    2. Tap Permissions → Notifications.
    3. Adjust your preference.
    Chrome (Desktop)
    1. Click the padlock icon in the address bar.
    2. Select Site settings.
    3. Find Notifications and adjust your preference.