Jump to content
Tuts 4 You

ConfuserEX Mod (Bed's Protector)


Go to solution Solved by metar,

Recommended Posts

Posted

Difficulty: 6/10 (Has max/all settings enabled)
Language: .Net/C#
Platform: Windows
OS Version: All
Packer/Protector: ConfuserEX Mod (Bed's Protector)

Description:

Unpack the tool and enter the correct string to display the messagebox.

If you are successful I would like to know how you did it exactly, if you don't mind.

Screenshot: 

UnpackMe.jpeg.1049edad62e9cb522226d252afa73600.jpeg

UnpackMe.exeFetching info...

  • Solution
Posted (edited)

Took me 2 minutes.

image.png.498d7d55c36d45a2aa4047862387eb73.png

How ? strings aren't protected in the memory.

No need to unpack or patch anything...

Edited by metar
more details
Posted
  On 11/20/2017 at 5:33 PM, metar said:

Took me 2 minutes.

image.png.498d7d55c36d45a2aa4047862387eb73.png

How ? strings aren't protected in the memory.

No need to unpack or patch anything...

Expand  

So you just simply debug it?

Posted
  On 11/20/2017 at 11:05 PM, Nebula said:

So you just simply debug it?

Expand  

Somehow, feel free to PM for details.

Posted
  On 11/20/2017 at 11:05 PM, Nebula said:

So you just simply debug it?

Expand  

Run the program, put any fake password, click on "Check password"

wrong msg will be prompted, open up process hacker, right click on the file process -> properties -> net module -> strings -> scan/dump

and then you have a .txt file with all strings extracted from memory. Seek for the wrong msg prompt text and nearby is the password.

  • Like 5
  • Haha 4
Posted
  On 11/23/2017 at 3:48 PM, XenocodeRCE said:

Run the program, put any fake password, click on "Check password"

wrong msg will be prompted, open up process hacker, right click on the file process -> properties -> net module -> strings -> scan/dump

and then you have a .txt file with all strings extracted from memory. Seek for the wrong msg prompt text and nearby is the password.

Expand  

Thank you, but now fully unpacking it is the issue I have now.

  • 2 years later...
  • 1 month later...
Posted
  On 4/28/2020 at 2:21 PM, Prab said:

dnSpy-x86_B9j7lbP404.png.d0f6e2a7e9fd38372e0ae7ed9007e06f.png

Steps :

1.) Dump

2.) Fix Dump

3.) Translate to x86 ( IL Only )

4.) Constant Decrypter ( Thanks to CursedSheep )

5.) Delegate Killer

6.) ProxyCall Fixer 1.2

7.) TheProxy CFlow Remover

8.) Bed 4.5 CFlow Remover

9.) De4dot

File Unpacked : UnpackMe-Dump_fixed_noX86-ConstantDec_nodelegate_noProxy_CFlow-NoFlow-cleaned.exe

Expand  

Where can I get the Tools? (Been looking for Dump Fixer everywhere

Posted
  On 4/28/2020 at 2:21 PM, Prab said:

dnSpy-x86_B9j7lbP404.png.d0f6e2a7e9fd38372e0ae7ed9007e06f.png

Steps :

1.) Dump

2.) Fix Dump

3.) Translate to x86 ( IL Only )

4.) Constant Decrypter ( Thanks to CursedSheep )

5.) Delegate Killer

6.) ProxyCall Fixer 1.2

7.) TheProxy CFlow Remover

8.) Bed 4.5 CFlow Remover

9.) De4dot

File Unpacked : UnpackMe-Dump_fixed_noX86-ConstantDec_nodelegate_noProxy_CFlow-NoFlow-cleaned.exe

Expand  


Where can I get these tools?

3.) Translate to x86 ( IL Only )

4.) Constant Decrypter ( Thanks to CursedSheep )

7.) TheProxy CFlow Remover

8.) Bed 4.5 CFlow Remover

Posted

😀    Prab will  say that are private tools.

Posted
  On 4/28/2020 at 2:21 PM, Prab said:

dnSpy-x86_B9j7lbP404.png.d0f6e2a7e9fd38372e0ae7ed9007e06f.png

Steps :

1.) Dump

2.) Fix Dump

3.) Translate to x86 ( IL Only )

4.) Constant Decrypter ( Thanks to CursedSheep )

5.) Delegate Killer

6.) ProxyCall Fixer 1.2

7.) TheProxy CFlow Remover

8.) Bed 4.5 CFlow Remover

9.) De4dot

File Unpacked : UnpackMe-Dump_fixed_noX86-ConstantDec_nodelegate_noProxy_CFlow-NoFlow-cleaned.exe

Expand  

Your post doesn't explain how to do any of the steps, and doesn't even provide the tools you probably used. What you've done should be reproducible from your message, but it is not! I don't understand how such answers can still be accepted. This is not a look-at-me-i-did-it forum!

Posted

@illuZion   you can see Prab tutorial on youtube: 

 

  • Thanks 1
Posted
  On 6/22/2020 at 10:27 AM, illuZion said:

Your post doesn't explain how to do any of the steps, and doesn't even provide the tools you probably used. What you've done should be reproducible from your message, but it is not! I don't understand how such answers can still be accepted. This is not a look-at-me-i-did-it forum!

Expand  

Yes, this was acutally my bad that i hadn't explained all details at the first place.

If i'm not lazy, i would explain specific details and provide these tools.

shadow.Walker
Posted
  On 11/20/2017 at 5:33 PM, metar said:

Took me 2 minutes.

image.png.498d7d55c36d45a2aa4047862387eb73.png

How ? strings aren't protected in the memory.

No need to unpack or patch anything...

Expand  

after 3 years i had to ask

you think there's a way to protect strings in memory!!?

  • 2 months later...
Posted
  On 6/22/2020 at 3:45 PM, little3388 said:

Can you share these tools?
Constant Decrypter
ProxyCall Fixer 1.2
TheProxy CFlow Remover

Expand  

 

Posted

Common Prab share those tools !!!We are all waiting for those tools long time now!!

  • 1 month later...
  • 8 months later...
Devilsupreme
Posted

where can i get 5.) Delegate Killer from ?

  • 1 month later...
Posted

@Prab I would be so kind to upload the bedsConstantDec tool that you show in the video tutorial, since I couldn't find it ... thanks in advance

  • 8 months later...
Posted

Only the tool from TheProxy RE is missing all orther tools i found online can some one share the tool from the TheProxy RE

 

  • 6 months later...
Posted

Can you guys share me the tool TheProxy CFlow Remover

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
×
×
  • Create New...