Nebula Posted November 15, 2017 Posted November 15, 2017 Difficulty: 6/10 (Has max/all settings enabled)Language: .Net/C#Platform: WindowsOS Version: AllPacker/Protector: ConfuserEX Mod (Bed's Protector) Description: Unpack the tool and enter the correct string to display the messagebox. If you are successful I would like to know how you did it exactly, if you don't mind. Screenshot: UnpackMe.exeFetching info...
Solution metar Posted November 20, 2017 Solution Posted November 20, 2017 (edited) Took me 2 minutes. How ? strings aren't protected in the memory. No need to unpack or patch anything... Edited November 20, 2017 by metar more details
Nebula Posted November 20, 2017 Author Posted November 20, 2017 On 11/20/2017 at 5:33 PM, metar said: Took me 2 minutes. How ? strings aren't protected in the memory. No need to unpack or patch anything... Expand So you just simply debug it?
metar Posted November 21, 2017 Posted November 21, 2017 On 11/20/2017 at 11:05 PM, Nebula said: So you just simply debug it? Expand Somehow, feel free to PM for details.
XenocodeRCE Posted November 23, 2017 Posted November 23, 2017 On 11/20/2017 at 11:05 PM, Nebula said: So you just simply debug it? Expand Run the program, put any fake password, click on "Check password" wrong msg will be prompted, open up process hacker, right click on the file process -> properties -> net module -> strings -> scan/dump and then you have a .txt file with all strings extracted from memory. Seek for the wrong msg prompt text and nearby is the password. 5 4
Nebula Posted November 25, 2017 Author Posted November 25, 2017 On 11/23/2017 at 3:48 PM, XenocodeRCE said: Run the program, put any fake password, click on "Check password" wrong msg will be prompted, open up process hacker, right click on the file process -> properties -> net module -> strings -> scan/dump and then you have a .txt file with all strings extracted from memory. Seek for the wrong msg prompt text and nearby is the password. Expand Thank you, but now fully unpacking it is the issue I have now.
Prab Posted April 28, 2020 Posted April 28, 2020 Steps : 1.) Dump 2.) Fix Dump 3.) Translate to x86 ( IL Only ) 4.) Constant Decrypter ( Thanks to CursedSheep ) 5.) Delegate Killer 6.) ProxyCall Fixer 1.2 7.) TheProxy CFlow Remover 8.) Bed 4.5 CFlow Remover 9.) De4dot File Unpacked : UnpackMe-Dump_fixed_noX86-ConstantDec_nodelegate_noProxy_CFlow-NoFlow-cleaned.exe
Ninjego1 Posted June 19, 2020 Posted June 19, 2020 On 4/28/2020 at 2:21 PM, Prab said: Steps : 1.) Dump 2.) Fix Dump 3.) Translate to x86 ( IL Only ) 4.) Constant Decrypter ( Thanks to CursedSheep ) 5.) Delegate Killer 6.) ProxyCall Fixer 1.2 7.) TheProxy CFlow Remover 8.) Bed 4.5 CFlow Remover 9.) De4dot File Unpacked : UnpackMe-Dump_fixed_noX86-ConstantDec_nodelegate_noProxy_CFlow-NoFlow-cleaned.exe Expand Where can I get the Tools? (Been looking for Dump Fixer everywhere
Prab Posted June 20, 2020 Posted June 20, 2020 On 6/19/2020 at 2:42 PM, Ninjego1 said: Where can I get the Tools? (Been looking for Dump Fixer everywhere Expand Anti Dump Fixer.rarFetching info... 1
little3388 Posted June 22, 2020 Posted June 22, 2020 On 4/28/2020 at 2:21 PM, Prab said: Steps : 1.) Dump 2.) Fix Dump 3.) Translate to x86 ( IL Only ) 4.) Constant Decrypter ( Thanks to CursedSheep ) 5.) Delegate Killer 6.) ProxyCall Fixer 1.2 7.) TheProxy CFlow Remover 8.) Bed 4.5 CFlow Remover 9.) De4dot File Unpacked : UnpackMe-Dump_fixed_noX86-ConstantDec_nodelegate_noProxy_CFlow-NoFlow-cleaned.exe Expand Where can I get these tools? 3.) Translate to x86 ( IL Only ) 4.) Constant Decrypter ( Thanks to CursedSheep ) 7.) TheProxy CFlow Remover 8.) Bed 4.5 CFlow Remover
Prab Posted June 22, 2020 Posted June 22, 2020 On 6/22/2020 at 1:51 AM, little3388 said: Where can I get these tools? 3.) Translate to x86 ( IL Only ) 4.) Constant Decrypter ( Thanks to CursedSheep ) 7.) TheProxy CFlow Remover 8.) Bed 4.5 CFlow Remover Expand Bed_ControlFlow_Remover.rarFetching info... x86_Retranslater.rarFetching info... I can't give you the rest of em ( i don't have permission to share them, hope you understand me). 3
illuZion Posted June 22, 2020 Posted June 22, 2020 On 4/28/2020 at 2:21 PM, Prab said: Steps : 1.) Dump 2.) Fix Dump 3.) Translate to x86 ( IL Only ) 4.) Constant Decrypter ( Thanks to CursedSheep ) 5.) Delegate Killer 6.) ProxyCall Fixer 1.2 7.) TheProxy CFlow Remover 8.) Bed 4.5 CFlow Remover 9.) De4dot File Unpacked : UnpackMe-Dump_fixed_noX86-ConstantDec_nodelegate_noProxy_CFlow-NoFlow-cleaned.exe Expand Your post doesn't explain how to do any of the steps, and doesn't even provide the tools you probably used. What you've done should be reproducible from your message, but it is not! I don't understand how such answers can still be accepted. This is not a look-at-me-i-did-it forum!
little3388 Posted June 22, 2020 Posted June 22, 2020 On 6/22/2020 at 9:58 AM, Prab said: Bed_ControlFlow_Remover.rar 483.9 kB · 8 downloads x86_Retranslater.rar 325.33 kB · 8 downloads I can't give you the rest of em ( i don't have permission to share them, hope you understand me). Expand Can understand you, see the unpacking video you posted on youtube, let me learn a lot, thank you
Prab Posted June 23, 2020 Posted June 23, 2020 On 6/22/2020 at 10:27 AM, illuZion said: Your post doesn't explain how to do any of the steps, and doesn't even provide the tools you probably used. What you've done should be reproducible from your message, but it is not! I don't understand how such answers can still be accepted. This is not a look-at-me-i-did-it forum! Expand Yes, this was acutally my bad that i hadn't explained all details at the first place. If i'm not lazy, i would explain specific details and provide these tools.
shadow.Walker Posted June 24, 2020 Posted June 24, 2020 On 11/20/2017 at 5:33 PM, metar said: Took me 2 minutes. How ? strings aren't protected in the memory. No need to unpack or patch anything... Expand after 3 years i had to ask you think there's a way to protect strings in memory!!?
popkoko818 Posted August 28, 2020 Posted August 28, 2020 On 6/22/2020 at 3:45 PM, little3388 said: Can you share these tools? Constant Decrypter ProxyCall Fixer 1.2 TheProxy CFlow Remover Expand
Kronos Posted September 5, 2020 Posted September 5, 2020 Common Prab share those tools !!!We are all waiting for those tools long time now!!
Kronos Posted September 6, 2020 Posted September 6, 2020 i think the ProxyCall Fixer 1.2 is this one! ConfuserExProxyCallFixer1_2.zipFetching info... 1
Junk Posted October 6, 2020 Posted October 6, 2020 (edited) I've got constant decrypter we just need someone to buy @TheProxy RE's cflow remover and give it to us Constants Decrypter.zipFetching info... Edited October 6, 2020 by Cakey 2
goro1988 Posted August 16, 2021 Posted August 16, 2021 @Prab I would be so kind to upload the bedsConstantDec tool that you show in the video tutorial, since I couldn't find it ... thanks in advance
Accede Posted April 27, 2022 Posted April 27, 2022 Only the tool from TheProxy RE is missing all orther tools i found online can some one share the tool from the TheProxy RE
steak Posted November 19, 2022 Posted November 19, 2022 Can you guys share me the tool TheProxy CFlow Remover
Recommended Posts
Create an account or sign in to comment
You need to be a member in order to leave a comment
Create an account
Sign up for a new account in our community. It's easy!
Register a new accountSign in
Already have an account? Sign in here.
Sign In Now