The objective is to unpack the program completely !

 

 

List of people who have managed this challenge:

 

-

-

-

-

 

 

UnpackMe.rar

boxed app...

PE: protector: Confuser(1.X)[-]

PE: protector: DNGuard(-)[-]

PE: protector: Dotfuscator(-)[-]

PE: protector: Goliath(-)[-]

PE: library: .NET(v4.0.30319)[-]

PE: linker: Microsoft Linker(8.0)[EXE32]

 

Yep.

BoxedApp packer

DNGuard
ConfuserEx v0.4.0
ConfuserEx v0.3.0-custom
ObfuscatedByGoliath
Protected By Ben Mhenni.dll

 

That what i have extracted from the exe.

Since is a Framework 4.5 i can't do much on XP just remove first layer.

IMHO is just a silly way to protect a exe.

Packed : Boxed + dng + confuser ex + crypto + AppFuscator

 

Can't do AppFuscator string for the cflow 

WindowsFormsApplication11_Unpacked.zip

Edited March 20, 201510 yr by Death

We are in the role of rats who speed on the wheel again.

The user test on us varoius ways of protecting his tools or maybe worse....

anyway user and pass :

  if (!(Class38.WindowsFormsApplication11.exe(-1636090519, "UnpackMeChallenge") & Class38.WindowsFormsApplication11.exe(this.WindowsFormsApplication11.exe.Text, "ProtectedLogin")) || true)

   {

       goto Label_0127;

   }

Label_010C:

   MessageBox.Show("Good Job !");

Label_0117:

   MessageBox.Show("Fail");

Label_0127:

   switch ((0x28cef1b2 ^ 0x28cef1b3))

   {

       case 0:

       case 2:

       case 3:

       case 4:

           goto Label_0117;

 

       case 5:

           goto Label_0127;

 

       case 6:

           goto Label_010C;

   }

}

Username : ProtectedLogin

Password : UnpackMeChallenge

Edited March 20, 201510 yr by Death

Edited fixed

 

br.s for else

 

Just drink and feel alone and bored just do this by hand 

100% completed Unpacked [2 hours] passed from borred .

 

Just enjoy your challange #10000 

cause i see you everyday make challange with lot useless obfucator .

Your main exe size may be under kb . but click pack + obfucate + native make your littile exe size 2 mb .

20 byte to 2 mb [ By useless obc and packer ]

 

 

well here it is 1 line code 

 

 

 

 

 

T H I S     I S   M A Y    B E   M Y  L A S T    P E R O R M A N C E  in your unpackme

 

attached 

WindowsFormsApplication11-cleaned_UnpackeD2_Fixed.zip

Edited March 26, 201510 yr by Death

The user want to do some bad things and to implement a fool proof protection.

That is why it put here to make us rats speening the wheel.

I think that kind of challenges are just trash.

"Just drink and feel alone and bored just do this by hand"

   

anyway we can learn something from here 

 

cflow encrypted by junk non reference with int null + [Lot junk non ref]  .

 

So i see reflector is a deobfucator for it [Not ilspy]

 

cause we see obfucated

 

decompile Ilspy 2

private void method_1()

{

   ComponentResourceManager componentResourceManager = new ComponentResourceManager(typeof(GForm0));

   this.button_0 = new Button();

   this.textBox_0 = new TextBox();

   this.textBox_1 = new TextBox();

   this.pictureBox_0 = new PictureBox();

   ISupportInitialize BeginInit() = this.pictureBox_0;

   base.SuspendLayout();

   Control arg_A9_0 = this.button_0;

   //GForm0.int_0 = 2136656571;

   arg_A9_0.Location = new Point(135, 48);

   <Module>.object_3 = null;

   <Module>.int_7 = -1852116043;

   this.button_0.Name = "button1";

   Control arg_103_0 = this.button_0;

   <Module>.object_6 = componentResourceManager;

   int arg_FE_0 = 133;

   int arg_FE_1 = 23;

   <Module>.int_3 = -1410905245;

   object arg_F9_0 = componentResourceManager;

   <Module>.int_2 = 1845842485;

   <Module>.object_2 = arg_F9_0;

   arg_103_0.Size = new Size(arg_FE_0, arg_FE_1);

   this.button_0.TabIndex = 0;

   this.button_0.Text = "Login";

   <Module>.object_1 = null;

   ButtonBase arg_149_0 = this.button_0;

   bool arg_149_1 = true;

   GForm0.object_0 = componentResourceManager;

   <Module>.int_0 = 1057425350;

   arg_149_0.UseVisualStyleBackColor = arg_149_1;

   <Module>.object_6 = null;

   Control arg_176_0 = this.button_0;

   GForm0.object_0 = "502a9eda-92ad-40ce-a4ca-8422897be2bb981bff38-7df7-4cf6-ba23-c6d38d807d6ecf7fd485-35af-";

   <Module>.object_3 = null;

   arg_176_0.Click += new EventHandler(this.method_0);

   Control arg_1A4_0 = this.textBox_0;

   int arg_19F_0 = 204;

   <Module>.int_0 = -1411494653;

   int arg_19F_1 = 22;

   <Module>.int_0 = 1308380089;

   arg_1A4_0.Location = new Point(arg_19F_0, arg_19F_1);

   this.textBox_0.Name = "textBox1";

   Control arg_1F6_0 = this.textBox_0;

   <Module>.int_2 = 1657774894;

   int arg_1DD_0 = 100;

   int arg_1DD_1 = 20;

   <Module>.int_4 = -1557401652;

   Size arg_1F6_1 = new Size(arg_1DD_0, arg_1DD_1);

   <Module>.int_7 = 744302617;

   <Module>.int_6 = 1203310366;

   arg_1F6_0.Size = arg_1F6_1;

   GClass0.object_1 = componentResourceManager;

   this.textBox_0.TabIndex = 1;

   this.textBox_1.Location = new Point(98, 22);

   this.textBox_1.Name = "textBox2";

   GForm0.int_0 = -2051646939;

   this.textBox_1.Size = new Size(100, 20);

   Control arg_274_0 = this.textBox_1;

   int arg_274_1 = 1;

   GForm0.object_0 = "a3fe5bec-6707-4087-8a36-3cf33fad326bfd";

   arg_274_0.TabIndex = arg_274_1;

   PictureBox arg_295_0 = this.pictureBox_0;

   ResourceManager arg_28B_0 = componentResourceManager;

   <Module>.object_0 = componentResourceManager;

   arg_295_0.Image = (Image)arg_28B_0.GetObject("pictureBox1.Image");

   object arg_2AE_0 = 1876936332;

   <Module>.int_5 = -1040838703;

   GClass0.object_1 = arg_2AE_0;

   this.pictureBox_0.Location = new Point(32, 77);

   Control arg_2DE_0 = this.pictureBox_0;

   string arg_2DE_1 = "pictureBox1";

   GForm0.object_0 = componentResourceManager;

   arg_2DE_0.Name = arg_2DE_1;

   this.pictureBox_0.Size = new Size(374, 66);

   <Module>.object_3 = null;

   GForm0.int_0 = -1978466511;

   this.pictureBox_0.TabIndex = 2;

   <Module>.object_4 = 1957620381;

   this.pictureBox_0.TabStop = false;

   <Module>.int_5 = -1932913121;

   <Module>.int_8 = 2097519326;

   float arg_36B_0 = 6f;

   <Module>.object_0 = null;

   GForm0.object_0 = "821c82af-1da0-44a7-8898-f9f35ba00f15fca2528e-bf73-4";

   base.AutoScaleDimensions = new SizeF(arg_36B_0, 13f);

   base.AutoScaleMode = AutoScaleMode.Font;

   object arg_38B_0 = componentResourceManager;

   <Module>.int_7 = -1950879357;

   <Module>.object_2 = arg_38B_0;

   <Module>.object_0 = componentResourceManager;

   base.ClientSize = new Size(440, 159);

   <Module>.int_0 = 1503776956;

   <Module>.object_6 = componentResourceManager;

   GClass0.object_1 = null;

   base.Controls.Add(this.pictureBox_0);

   <Module>.object_6 = null;

   Control.ControlCollection arg_403_0 = base.Controls;

   object arg_3E9_0 = componentResourceManager;

   <Module>.int_8 = 1809257038;

   GClass0.object_0 = arg_3E9_0;

   Control arg_403_1 = this.textBox_1;

   GClass0.object_1 = 1952428595;

   arg_403_0.Add(arg_403_1);

   <Module>.int_0 = -563903361;

   Control.ControlCollection arg_428_0 = base.Controls;

   <Module>.int_2 = -1529522494;

   arg_428_0.Add(this.textBox_0);

   <Module>.object_4 = 1818084011;

   base.Controls.Add(this.button_0);

   base.Name = "Form1";

   <Module>.int_2 = 1987339265;

   this.Text = "UnpackMe Challenge !! ~";

   <Module>.object_0 = null;

   ((ISupportInitialize)this.pictureBox_0).EndInit();

   base.ResumeLayout(false);

   int arg_4A2_0 = 796469985;

   <Module>.int_6 = 1335196033;

   <Module>.int_8 = -1051365525;

   <Module>.int_4 = arg_4A2_0;

   GForm0.int_0 = -1980982856;

   base.PerformLayout();

   <Module>.object_5 = componentResourceManager;

   GClass0.object_0 = componentResourceManager;

}

 

Deobucated decompile By Reflector

 

its not calculated code its non ref junk code

 

which reflector can deobfucate it .

 

Our codecracker can create static junk resolver for it for people i think need who want rip code

WindowsFormsApplication11_Rebuild.zip

Edited March 27, 201510 yr by Death

@

ghostfish

today may be i am ok 

 

@

GIV

yes i see But i still post because i see appfucator all people like to use because it never make crash exe and dng and crypto is also same they wont make crash after multi obfucation  .

GForm0.object_0 = "Foolish";

Edited March 27, 201510 yr by Death