Posted March 19, 201510 yr The objective is to unpack the program completely ! List of people who have managed this challenge: ---- UnpackMe.rar
March 19, 201510 yr boxed app... PE: protector: Confuser(1.X)[-] PE: protector: DNGuard(-)[-] PE: protector: Dotfuscator(-)[-] PE: protector: Goliath(-)[-] PE: library: .NET(v4.0.30319)[-] PE: linker: Microsoft Linker(8.0)[EXE32]
March 19, 201510 yr Yep.BoxedApp packerDNGuardConfuserEx v0.4.0ConfuserEx v0.3.0-customObfuscatedByGoliathProtected By Ben Mhenni.dll That what i have extracted from the exe.Since is a Framework 4.5 i can't do much on XP just remove first layer.IMHO is just a silly way to protect a exe.
March 20, 201510 yr Packed : Boxed + dng + confuser ex + crypto + AppFuscator Can't do AppFuscator string for the cflow WindowsFormsApplication11_Unpacked.zip Edited March 20, 201510 yr by Death
March 20, 201510 yr We are in the role of rats who speed on the wheel again.The user test on us varoius ways of protecting his tools or maybe worse....
March 20, 201510 yr anyway user and pass : if (!(Class38.WindowsFormsApplication11.exe(-1636090519, "UnpackMeChallenge") & Class38.WindowsFormsApplication11.exe(this.WindowsFormsApplication11.exe.Text, "ProtectedLogin")) || true) { goto Label_0127; } Label_010C: MessageBox.Show("Good Job !"); Label_0117: MessageBox.Show("Fail"); Label_0127: switch ((0x28cef1b2 ^ 0x28cef1b3)) { case 0: case 2: case 3: case 4: goto Label_0117; case 5: goto Label_0127; case 6: goto Label_010C; } }Username : ProtectedLoginPassword : UnpackMeChallenge Edited March 20, 201510 yr by Death
March 26, 201510 yr Edited fixed br.s for else Just drink and feel alone and bored just do this by hand 100% completed Unpacked [2 hours] passed from borred . Just enjoy your challange #10000 cause i see you everyday make challange with lot useless obfucator . Your main exe size may be under kb . but click pack + obfucate + native make your littile exe size 2 mb . 20 byte to 2 mb [ By useless obc and packer ] well here it is 1 line code T H I S I S M A Y B E M Y L A S T P E R O R M A N C E in your unpackme attached WindowsFormsApplication11-cleaned_UnpackeD2_Fixed.zip Edited March 26, 201510 yr by Death
March 27, 201510 yr The user want to do some bad things and to implement a fool proof protection.That is why it put here to make us rats speening the wheel.I think that kind of challenges are just trash.
March 27, 201510 yr anyway we can learn something from here cflow encrypted by junk non reference with int null + [Lot junk non ref] . So i see reflector is a deobfucator for it [Not ilspy] cause we see obfucated decompile Ilspy 2 private void method_1() { ComponentResourceManager componentResourceManager = new ComponentResourceManager(typeof(GForm0)); this.button_0 = new Button(); this.textBox_0 = new TextBox(); this.textBox_1 = new TextBox(); this.pictureBox_0 = new PictureBox(); ISupportInitialize BeginInit() = this.pictureBox_0; base.SuspendLayout(); Control arg_A9_0 = this.button_0; //GForm0.int_0 = 2136656571; arg_A9_0.Location = new Point(135, 48); <Module>.object_3 = null; <Module>.int_7 = -1852116043; this.button_0.Name = "button1"; Control arg_103_0 = this.button_0; <Module>.object_6 = componentResourceManager; int arg_FE_0 = 133; int arg_FE_1 = 23; <Module>.int_3 = -1410905245; object arg_F9_0 = componentResourceManager; <Module>.int_2 = 1845842485; <Module>.object_2 = arg_F9_0; arg_103_0.Size = new Size(arg_FE_0, arg_FE_1); this.button_0.TabIndex = 0; this.button_0.Text = "Login"; <Module>.object_1 = null; ButtonBase arg_149_0 = this.button_0; bool arg_149_1 = true; GForm0.object_0 = componentResourceManager; <Module>.int_0 = 1057425350; arg_149_0.UseVisualStyleBackColor = arg_149_1; <Module>.object_6 = null; Control arg_176_0 = this.button_0; GForm0.object_0 = "502a9eda-92ad-40ce-a4ca-8422897be2bb981bff38-7df7-4cf6-ba23-c6d38d807d6ecf7fd485-35af-"; <Module>.object_3 = null; arg_176_0.Click += new EventHandler(this.method_0); Control arg_1A4_0 = this.textBox_0; int arg_19F_0 = 204; <Module>.int_0 = -1411494653; int arg_19F_1 = 22; <Module>.int_0 = 1308380089; arg_1A4_0.Location = new Point(arg_19F_0, arg_19F_1); this.textBox_0.Name = "textBox1"; Control arg_1F6_0 = this.textBox_0; <Module>.int_2 = 1657774894; int arg_1DD_0 = 100; int arg_1DD_1 = 20; <Module>.int_4 = -1557401652; Size arg_1F6_1 = new Size(arg_1DD_0, arg_1DD_1); <Module>.int_7 = 744302617; <Module>.int_6 = 1203310366; arg_1F6_0.Size = arg_1F6_1; GClass0.object_1 = componentResourceManager; this.textBox_0.TabIndex = 1; this.textBox_1.Location = new Point(98, 22); this.textBox_1.Name = "textBox2"; GForm0.int_0 = -2051646939; this.textBox_1.Size = new Size(100, 20); Control arg_274_0 = this.textBox_1; int arg_274_1 = 1; GForm0.object_0 = "a3fe5bec-6707-4087-8a36-3cf33fad326bfd"; arg_274_0.TabIndex = arg_274_1; PictureBox arg_295_0 = this.pictureBox_0; ResourceManager arg_28B_0 = componentResourceManager; <Module>.object_0 = componentResourceManager; arg_295_0.Image = (Image)arg_28B_0.GetObject("pictureBox1.Image"); object arg_2AE_0 = 1876936332; <Module>.int_5 = -1040838703; GClass0.object_1 = arg_2AE_0; this.pictureBox_0.Location = new Point(32, 77); Control arg_2DE_0 = this.pictureBox_0; string arg_2DE_1 = "pictureBox1"; GForm0.object_0 = componentResourceManager; arg_2DE_0.Name = arg_2DE_1; this.pictureBox_0.Size = new Size(374, 66); <Module>.object_3 = null; GForm0.int_0 = -1978466511; this.pictureBox_0.TabIndex = 2; <Module>.object_4 = 1957620381; this.pictureBox_0.TabStop = false; <Module>.int_5 = -1932913121; <Module>.int_8 = 2097519326; float arg_36B_0 = 6f; <Module>.object_0 = null; GForm0.object_0 = "821c82af-1da0-44a7-8898-f9f35ba00f15fca2528e-bf73-4"; base.AutoScaleDimensions = new SizeF(arg_36B_0, 13f); base.AutoScaleMode = AutoScaleMode.Font; object arg_38B_0 = componentResourceManager; <Module>.int_7 = -1950879357; <Module>.object_2 = arg_38B_0; <Module>.object_0 = componentResourceManager; base.ClientSize = new Size(440, 159); <Module>.int_0 = 1503776956; <Module>.object_6 = componentResourceManager; GClass0.object_1 = null; base.Controls.Add(this.pictureBox_0); <Module>.object_6 = null; Control.ControlCollection arg_403_0 = base.Controls; object arg_3E9_0 = componentResourceManager; <Module>.int_8 = 1809257038; GClass0.object_0 = arg_3E9_0; Control arg_403_1 = this.textBox_1; GClass0.object_1 = 1952428595; arg_403_0.Add(arg_403_1); <Module>.int_0 = -563903361; Control.ControlCollection arg_428_0 = base.Controls; <Module>.int_2 = -1529522494; arg_428_0.Add(this.textBox_0); <Module>.object_4 = 1818084011; base.Controls.Add(this.button_0); base.Name = "Form1"; <Module>.int_2 = 1987339265; this.Text = "UnpackMe Challenge !! ~"; <Module>.object_0 = null; ((ISupportInitialize)this.pictureBox_0).EndInit(); base.ResumeLayout(false); int arg_4A2_0 = 796469985; <Module>.int_6 = 1335196033; <Module>.int_8 = -1051365525; <Module>.int_4 = arg_4A2_0; GForm0.int_0 = -1980982856; base.PerformLayout(); <Module>.object_5 = componentResourceManager; GClass0.object_0 = componentResourceManager; } Deobucated decompile By Reflector its not calculated code its non ref junk code which reflector can deobfucate it . Our codecracker can create static junk resolver for it for people i think need who want rip code WindowsFormsApplication11_Rebuild.zip Edited March 27, 201510 yr by Death
March 27, 201510 yr @ ghostfish today may be i am ok @ GIV yes i see But i still post because i see appfucator all people like to use because it never make crash exe and dng and crypto is also same they wont make crash after multi obfucation . GForm0.object_0 = "Foolish"; Edited March 27, 201510 yr by Death
Create an account or sign in to comment