CodeNatif Posted April 5, 2015 Posted April 5, 2015 The objective is to unpack and crack this application and make it rune whithout error. Crack me_enigma.rar
CodeEnding Posted April 5, 2015 Posted April 5, 2015 (edited) i can not open Edited April 5, 2015 by CodeEnding
ιvancιтooz Posted April 5, 2015 Posted April 5, 2015 On 4/5/2015 at 9:22 PM, CodeEnding said: i can not open close megadumper or another dumper or debugger
CodeNatif Posted April 5, 2015 Author Posted April 5, 2015 On 4/5/2015 at 9:22 PM, CodeEnding said: i can not open Close all reverse engineering tools.
CodeEnding Posted April 5, 2015 Posted April 5, 2015 my windows xp is not running , I do not have the tools Reverse Engineering I test run on windows 7 64bit program is running
GIV Posted April 6, 2015 Posted April 6, 2015 The original assembly crash after load the nag with best obfuscation etc.Here it is Enigma removed.Is Enigma 3.70Furthermore i see is more obfuscation there. Crack me_protected_1.rar - 1.2 MB
Hadits follower Posted April 6, 2015 Posted April 6, 2015 (edited) Its not protected by you , Your app just a line code with timer which remove fake splash screen "Net shield res encrypted " until open exe. Here is right order .Net protection :1. Codecracker net shield (Splash screen) string inside res 2. crypto Tut to unpack1. Have remove enigma fake native by netdumper with different name .2. trace the exe use cff to patch and make exe runable 3. if u success to run the exe you can decrypt string from resource [all string restored in crypto encrypted res checkbox mark , use res manger to add crypto encrypted resource or sae Make sure dump exe must need to run for decrypt string can also usede4dot --strtype delegate --strtyp emulate because latest crypto de4dot not support . Original exe size under 8 kb Edited April 6, 2015 by Death 2
Hadits follower Posted April 6, 2015 Posted April 6, 2015 (edited) Just a simple 3 kb exe used random protection and again uses "Protected or crack me by Ben mehni" u can use right order is "Unpackme protected as private obfucator" Anyway i gave a old tut for unpack this so can use search button the tut only can be works if you success to decrypt crypto resource first then can follow the old tut i provided . same clan https://forum.tuts4you.com/topic/36601-unpackme-simple-net-unpack-me/ Edited April 6, 2015 by Death 3
CodeNatif Posted April 6, 2015 Author Posted April 6, 2015 On 4/6/2015 at 8:00 AM, Death said: Its not protected by you , Your app just a line code with timer which remove fake splash screen "Net shield res encrypted " until open exe. Here is right order .Net protection : 1. Codecracker net shield (Splash screen) string inside res 2. crypto Tut to unpack 1. Have remove enigma fake native by netdumper with different name . 2. trace the exe use cff to patch and make exe runable 3. if u success to run the exe you can decrypt string from resource [all string restored in crypto encrypted res checkbox mark , use res manger to add crypto encrypted resource or sae Make sure dump exe must need to run for decrypt string can also use de4dot --strtype delegate --strtyp emulate because latest crypto de4dot not support . Original exe size under 8 kb Can you upload your unpacked file ?
Hadits follower Posted April 6, 2015 Posted April 6, 2015 @CodeNatifNo because as said before check your old thread . and original packed file not run , reason " Too much obfucation in a little exe " . Provided tuts in tuts4you try unpack your self .The exe looks like winzip password . 1
CodeNatif Posted April 6, 2015 Author Posted April 6, 2015 On 4/6/2015 at 3:54 PM, Death said: @CodeNatif No because as said before check your old thread . and original packed file not run , reason " Too much obfucation in a little exe " . Provided tuts in tuts4you try unpack your self . The exe looks like winzip password . The file run perfectly for me, i'm on windows 8 X64
XenocodeRCE Posted April 7, 2015 Posted April 7, 2015 Sorry I have to admit but this thread is a joke Protection is not made by you You can't even obfuscate a .NET file properly, and 'Death' pointed out why it crashes : " Too much obfucation in a little exe " Your useless nickname on the Form's tittle tends to tell us that you did the protection but you did not This section is a mess, it's worst than the Trash section. A good crack-me does not need to be OVER-UB3R-Obfuscated ! Look at LoLLo90's old crackme, the source code was readable for human eye, and yet only a few people succeeded. This is nowaday's crackme in this section : This is how they "protect" their dummy app, by using these tool in this exact order : SmartAssembly SmartAssemby (using it two times will make it ob-obfuscated which is even harder to crack than just obfuscated) ConfuserEX (MAX settings! + claiming its modded only because they compiled it themself ) Appfuscator Themida (same reason as before) .NET Reactor DNGuard VMProtect SmartAssembly (We want to make it a REAL challenge!) Enigma 5
CodeNatif Posted April 7, 2015 Author Posted April 7, 2015 Work on windows 7 64bits: Work on windows 8 64bits: If crackme does not launch for you, check the programs run on your PC, close any program to reverse and also update your framework.
Derberux Posted April 7, 2015 Posted April 7, 2015 (edited) i agree with my buddy spoonstudio protection used is: 1. Crypto Obfuscator (probably without strings encryption option) 2. Appfuscator 3. Confuser ex 4. Net Shield by codecracker 5. Engima the password is: Good Job Death weird password i guess, anyway here's my unpacked version, not full but is almost deobfuscated @Death you don't need to run the file to get the net shield packed assembly Crack me_protected_Deob.rar Edited April 7, 2015 by Alcatraz3222 2
Hadits follower Posted April 7, 2015 Posted April 7, 2015 (edited) @Alcatraz3222without run exe can't see the main form . there is 2 exe one splash screen and another is run time executable . can you say more how did you fix the bsjb pointer ? Bit more explain about offline mode . here is main dumped file run time olly dbg. # can't find stream hex cause all debugger crash trace time . and i don't care what protection just keep dig _05FE0000_.zip Edited April 7, 2015 by Death
n0th!ng Posted April 7, 2015 Posted April 7, 2015 (edited) another unpacked file to fix the file from enigma , and restore data of CodeCracker packerdump the file and pass it to de4dot go to original file and and start copy hex from this offset E3400 till the eof and past it in the eof dump file it should run Unpacked.rar Edited April 7, 2015 by n0th!ng 1
CodeNatif Posted April 7, 2015 Author Posted April 7, 2015 On 4/7/2015 at 6:55 PM, n0th!ng said: another unpacked file to fix the file from enigma , and restore data of CodeCracker packer dump the file and pass it to de4dot go to original file and and start copy hex from this offset E3400 till the eof and past it in the eof dump file it should run Good Job.
Derberux Posted April 8, 2015 Posted April 8, 2015 On 4/7/2015 at 3:26 PM, Death said: @Alcatraz3222 without run exe can't see the main form . there is 2 exe one splash screen and another is run time executable . can you say more how did you fix the bsjb pointer ? Bit more explain about offline mode . here is main dumped file run time olly dbg. # can't find stream hex cause all debugger crash trace time . and i don't care what protection just keep dig https://forum.tuts4you.com/topic/37001-net-unpacking-codecrackers-net-shield-10/ 1
Hadits follower Posted April 8, 2015 Posted April 8, 2015 (edited) @Alcatraz3222provided tut is direct pack codecracker obfucator unpack which is easy to do .because there embed assembly exist. but here embed is not exist can you say about this pls . / https://forum.tuts4you.com/topic/36996-crackme/#entry173607Unpack enigma and run original file .i am confused about your unpack . can u please post the dump assembly without use de4dot . here 7zip dump file not have msdos. anyway i am on win 10 , Edited April 8, 2015 by Death
Derberux Posted April 8, 2015 Posted April 8, 2015 On 4/8/2015 at 2:01 AM, Death said: @Alcatraz3222 provided tut is direct pack codecracker obfucator unpack which is easy to do . because there embed assembly exist. but here embed is not exist can you say about this pls . / https://forum.tuts4you.com/topic/36996-crackme/#entry173607 Unpack enigma and run original file . i am confused about your unpack . can u please post the dump assembly without use de4dot . here 7zip dump file not have msdos. anyway i am on win 10 , don't worry i made a little video of 2 minutes where i explain how to get the packed assembly inside the crackme with enigmaUnpackNetShieldWithEnigma.rar 2
Hadits follower Posted April 8, 2015 Posted April 8, 2015 (edited) On 4/8/2015 at 8:06 AM, Alcatraz3222 said: don't worry i made a little video of 2 minutes where i explain how to get the packed assembly inside the crackme with enigma ops , Thank you for the right solution , my problem was => the 7zip only works in windows 7 which i not had . win 10 or xp 7zip the original file achievement can't open .it need windows 7 os . Edited April 8, 2015 by Death 1
GIV Posted April 8, 2015 Posted April 8, 2015 You can setup TitanHide under Win 10 and unpack via OllyDbg or X32dbg by eXoDia in combination with ScyllaHide. 1
Hadits follower Posted April 8, 2015 Posted April 8, 2015 (edited) Thanks edited Tut to Unpack this 1. Just download latest 7zip alpha [Other wise it won't works] http://sourceforge.net/p/sevenzip/discussion/45797/thread/fd1f6344/ and his video tut #20 Post : Alcatraz3222 Next rest other junk unpack => 2. use de4dot -un 3. cff place entrypoint and then exe will run 3 . confuserex codecracker decryptor tools , for appfucator use atoms tuts and sae , Attached just cracked file Crack me-cleaned_Cracked.zip Edited April 8, 2015 by Death 3
Recommended Posts
Create an account or sign in to comment
You need to be a member in order to leave a comment
Create an account
Sign up for a new account in our community. It's easy!
Register a new accountSign in
Already have an account? Sign in here.
Sign In Now