Posted April 5, 201510 yr The objective is to unpack and crack this application and make it rune whithout error. Crack me_enigma.rar
April 5, 201510 yr my windows xp is not running , I do not have the tools Reverse Engineering I test run on windows 7 64bit program is running
April 6, 201510 yr The original assembly crash after load the nag with best obfuscation etc.Here it is Enigma removed.Is Enigma 3.70Furthermore i see is more obfuscation there. Crack me_protected_1.rar - 1.2 MB
April 6, 201510 yr Its not protected by you , Your app just a line code with timer which remove fake splash screen "Net shield res encrypted " until open exe. Here is right order .Net protection :1. Codecracker net shield (Splash screen) string inside res 2. crypto Tut to unpack1. Have remove enigma fake native by netdumper with different name .2. trace the exe use cff to patch and make exe runable 3. if u success to run the exe you can decrypt string from resource [all string restored in crypto encrypted res checkbox mark , use res manger to add crypto encrypted resource or sae Make sure dump exe must need to run for decrypt string can also usede4dot --strtype delegate --strtyp emulate because latest crypto de4dot not support . Original exe size under 8 kb Edited April 6, 201510 yr by Death
April 6, 201510 yr Just a simple 3 kb exe used random protection and again uses "Protected or crack me by Ben mehni" u can use right order is "Unpackme protected as private obfucator" Anyway i gave a old tut for unpack this so can use search button the tut only can be works if you success to decrypt crypto resource first then can follow the old tut i provided . same clan https://forum.tuts4you.com/topic/36601-unpackme-simple-net-unpack-me/ Edited April 6, 201510 yr by Death
April 6, 201510 yr Author Its not protected by you , Your app just a line code with timer which remove fake splash screen "Net shield res encrypted " until open exe. Here is right order .Net protection : 1. Codecracker net shield (Splash screen) string inside res 2. crypto Tut to unpack 1. Have remove enigma fake native by netdumper with different name . 2. trace the exe use cff to patch and make exe runable 3. if u success to run the exe you can decrypt string from resource [all string restored in crypto encrypted res checkbox mark , use res manger to add crypto encrypted resource or sae Make sure dump exe must need to run for decrypt string can also use de4dot --strtype delegate --strtyp emulate because latest crypto de4dot not support . Original exe size under 8 kb Can you upload your unpacked file ?
April 6, 201510 yr @CodeNatifNo because as said before check your old thread . and original packed file not run , reason " Too much obfucation in a little exe " . Provided tuts in tuts4you try unpack your self .The exe looks like winzip password .
April 6, 201510 yr Author @CodeNatif No because as said before check your old thread . and original packed file not run , reason " Too much obfucation in a little exe " . Provided tuts in tuts4you try unpack your self . The exe looks like winzip password . The file run perfectly for me, i'm on windows 8 X64
April 7, 201510 yr Sorry I have to admit but this thread is a joke Protection is not made by you You can't even obfuscate a .NET file properly, and 'Death' pointed out why it crashes : " Too much obfucation in a little exe " Your useless nickname on the Form's tittle tends to tell us that you did the protection but you did not This section is a mess, it's worst than the Trash section. A good crack-me does not need to be OVER-UB3R-Obfuscated ! Look at LoLLo90's old crackme, the source code was readable for human eye, and yet only a few people succeeded. This is nowaday's crackme in this section : This is how they "protect" their dummy app, by using these tool in this exact order : SmartAssembly SmartAssemby (using it two times will make it ob-obfuscated which is even harder to crack than just obfuscated) ConfuserEX (MAX settings! + claiming its modded only because they compiled it themself ) Appfuscator Themida (same reason as before) .NET Reactor DNGuard VMProtect SmartAssembly (We want to make it a REAL challenge!) Enigma
April 7, 201510 yr Author Work on windows 7 64bits: Work on windows 8 64bits: If crackme does not launch for you, check the programs run on your PC, close any program to reverse and also update your framework.
April 7, 201510 yr i agree with my buddy spoonstudio protection used is: 1. Crypto Obfuscator (probably without strings encryption option) 2. Appfuscator 3. Confuser ex 4. Net Shield by codecracker 5. Engima the password is: Good Job Death weird password i guess, anyway here's my unpacked version, not full but is almost deobfuscated @Death you don't need to run the file to get the net shield packed assembly Crack me_protected_Deob.rar Edited April 7, 201510 yr by Alcatraz3222
April 7, 201510 yr @Alcatraz3222without run exe can't see the main form . there is 2 exe one splash screen and another is run time executable . can you say more how did you fix the bsjb pointer ? Bit more explain about offline mode . here is main dumped file run time olly dbg. # can't find stream hex cause all debugger crash trace time . and i don't care what protection just keep dig _05FE0000_.zip Edited April 7, 201510 yr by Death
April 7, 201510 yr another unpacked file to fix the file from enigma , and restore data of CodeCracker packerdump the file and pass it to de4dot go to original file and and start copy hex from this offset E3400 till the eof and past it in the eof dump file it should run Unpacked.rar Edited April 7, 201510 yr by n0th!ng
April 7, 201510 yr Author another unpacked file to fix the file from enigma , and restore data of CodeCracker packer dump the file and pass it to de4dot go to original file and and start copy hex from this offset E3400 till the eof and past it in the eof dump file it should run Good Job.
April 8, 201510 yr @Alcatraz3222 without run exe can't see the main form . there is 2 exe one splash screen and another is run time executable . can you say more how did you fix the bsjb pointer ? Bit more explain about offline mode . here is main dumped file run time olly dbg. # can't find stream hex cause all debugger crash trace time . and i don't care what protection just keep dig https://forum.tuts4you.com/topic/37001-net-unpacking-codecrackers-net-shield-10/
April 8, 201510 yr @Alcatraz3222provided tut is direct pack codecracker obfucator unpack which is easy to do .because there embed assembly exist. but here embed is not exist can you say about this pls . / https://forum.tuts4you.com/topic/36996-crackme/#entry173607Unpack enigma and run original file .i am confused about your unpack . can u please post the dump assembly without use de4dot . here 7zip dump file not have msdos. anyway i am on win 10 , Edited April 8, 201510 yr by Death
April 8, 201510 yr @Alcatraz3222 provided tut is direct pack codecracker obfucator unpack which is easy to do . because there embed assembly exist. but here embed is not exist can you say about this pls . / https://forum.tuts4you.com/topic/36996-crackme/#entry173607 Unpack enigma and run original file . i am confused about your unpack . can u please post the dump assembly without use de4dot . here 7zip dump file not have msdos. anyway i am on win 10 , don't worry i made a little video of 2 minutes where i explain how to get the packed assembly inside the crackme with enigmaUnpackNetShieldWithEnigma.rar
April 8, 201510 yr don't worry i made a little video of 2 minutes where i explain how to get the packed assembly inside the crackme with enigma ops , Thank you for the right solution , my problem was => the 7zip only works in windows 7 which i not had . win 10 or xp 7zip the original file achievement can't open .it need windows 7 os . Edited April 8, 201510 yr by Death
April 8, 201510 yr You can setup TitanHide under Win 10 and unpack via OllyDbg or X32dbg by eXoDia in combination with ScyllaHide.
April 8, 201510 yr Thanks edited Tut to Unpack this 1. Just download latest 7zip alpha [Other wise it won't works] http://sourceforge.net/p/sevenzip/discussion/45797/thread/fd1f6344/ and his video tut #20 Post : Alcatraz3222 Next rest other junk unpack => 2. use de4dot -un 3. cff place entrypoint and then exe will run 3 . confuserex codecracker decryptor tools , for appfucator use atoms tuts and sae , Attached just cracked file Crack me-cleaned_Cracked.zip Edited April 8, 201510 yr by Death
Create an account or sign in to comment