Jump to content
View in the app

A better way to browse. Learn more.
Tuts 4 You

A full-screen app on your home screen with push notifications, badges and more.

To install this app on iOS and iPadOS
  1. Tap the Share icon in Safari
  2. Scroll the menu and tap Add to Home Screen.
  3. Tap Add in the top-right corner.
To install this app on Android
  1. Tap the 3-dot menu (⋮) in the top-right corner of the browser.
  2. Tap Add to Home screen or Install app.
  3. Confirm by tapping Install.

ConfuserEX Mod (Bed's Protector)

Nebula
Nebula
in UnPackMe (.NET)

Featured Replies

Posted

Difficulty: 6/10 (Has max/all settings enabled)
Language: .Net/C#
Platform: Windows
OS Version: All
Packer/Protector: ConfuserEX Mod (Bed's Protector)

Description:

Unpack the tool and enter the correct string to display the messagebox.

If you are successful I would like to know how you did it exactly, if you don't mind.

Screenshot: 

UnpackMe.jpeg.1049edad62e9cb522226d252afa73600.jpeg

UnpackMe.exe

Solved by metar

Go to solution
  • Solution

Took me 2 minutes.

image.png.498d7d55c36d45a2aa4047862387eb73.png

How ? strings aren't protected in the memory.

No need to unpack or patch anything...

Edited by metar
more details

  • Author
5 hours ago, metar said:

Took me 2 minutes.

image.png.498d7d55c36d45a2aa4047862387eb73.png

How ? strings aren't protected in the memory.

No need to unpack or patch anything...

So you just simply debug it?

9 hours ago, Nebula said:

So you just simply debug it?

Somehow, feel free to PM for details.

On 21/11/2017 at 12:05 AM, Nebula said:

So you just simply debug it?

Run the program, put any fake password, click on "Check password"

wrong msg will be prompted, open up process hacker, right click on the file process -> properties -> net module -> strings -> scan/dump

and then you have a .txt file with all strings extracted from memory. Seek for the wrong msg prompt text and nearby is the password.

    • Like 5
    • Haha 4
    • Author
    On 11/23/2017 at 10:48 AM, XenocodeRCE said:

    Run the program, put any fake password, click on "Check password"

    wrong msg will be prompted, open up process hacker, right click on the file process -> properties -> net module -> strings -> scan/dump

    and then you have a .txt file with all strings extracted from memory. Seek for the wrong msg prompt text and nearby is the password.

    Thank you, but now fully unpacking it is the issue I have now.

    • 2 years later...
    • 1 month later...
    On 4/28/2020 at 4:21 PM, Prab said:

    dnSpy-x86_B9j7lbP404.png.d0f6e2a7e9fd38372e0ae7ed9007e06f.png

    Steps :

    1.) Dump

    2.) Fix Dump

    3.) Translate to x86 ( IL Only )

    4.) Constant Decrypter ( Thanks to CursedSheep )

    5.) Delegate Killer

    6.) ProxyCall Fixer 1.2

    7.) TheProxy CFlow Remover

    8.) Bed 4.5 CFlow Remover

    9.) De4dot

    File Unpacked : UnpackMe-Dump_fixed_noX86-ConstantDec_nodelegate_noProxy_CFlow-NoFlow-cleaned.exe

    Where can I get the Tools? (Been looking for Dump Fixer everywhere

    18 hours ago, Ninjego1 said:

    Where can I get the Tools? (Been looking for Dump Fixer everywhere

    Anti Dump Fixer.rar

    • Like 1
    On 4/28/2020 at 10:21 PM, Prab said:

    dnSpy-x86_B9j7lbP404.png.d0f6e2a7e9fd38372e0ae7ed9007e06f.png

    Steps :

    1.) Dump

    2.) Fix Dump

    3.) Translate to x86 ( IL Only )

    4.) Constant Decrypter ( Thanks to CursedSheep )

    5.) Delegate Killer

    6.) ProxyCall Fixer 1.2

    7.) TheProxy CFlow Remover

    8.) Bed 4.5 CFlow Remover

    9.) De4dot

    File Unpacked : UnpackMe-Dump_fixed_noX86-ConstantDec_nodelegate_noProxy_CFlow-NoFlow-cleaned.exe


    Where can I get these tools?

    3.) Translate to x86 ( IL Only )

    4.) Constant Decrypter ( Thanks to CursedSheep )

    7.) TheProxy CFlow Remover

    8.) Bed 4.5 CFlow Remover

    😀    Prab will  say that are private tools.

    8 hours ago, little3388 said:


    Where can I get these tools?

    3.) Translate to x86 ( IL Only )

    4.) Constant Decrypter ( Thanks to CursedSheep )

    7.) TheProxy CFlow Remover

    8.) Bed 4.5 CFlow Remover

    Bed_ControlFlow_Remover.rar

    x86_Retranslater.rar

    I can't give you the rest of em ( i don't have permission to share them, hope you understand me).

    • Like 3
    On 4/28/2020 at 4:21 PM, Prab said:

    dnSpy-x86_B9j7lbP404.png.d0f6e2a7e9fd38372e0ae7ed9007e06f.png

    Steps :

    1.) Dump

    2.) Fix Dump

    3.) Translate to x86 ( IL Only )

    4.) Constant Decrypter ( Thanks to CursedSheep )

    5.) Delegate Killer

    6.) ProxyCall Fixer 1.2

    7.) TheProxy CFlow Remover

    8.) Bed 4.5 CFlow Remover

    9.) De4dot

    File Unpacked : UnpackMe-Dump_fixed_noX86-ConstantDec_nodelegate_noProxy_CFlow-NoFlow-cleaned.exe

    Your post doesn't explain how to do any of the steps, and doesn't even provide the tools you probably used. What you've done should be reproducible from your message, but it is not! I don't understand how such answers can still be accepted. This is not a look-at-me-i-did-it forum!

    @illuZion   you can see Prab tutorial on youtube: 

     

    • Thanks 1
    15 hours ago, illuZion said:

    Your post doesn't explain how to do any of the steps, and doesn't even provide the tools you probably used. What you've done should be reproducible from your message, but it is not! I don't understand how such answers can still be accepted. This is not a look-at-me-i-did-it forum!

    Yes, this was acutally my bad that i hadn't explained all details at the first place.

    If i'm not lazy, i would explain specific details and provide these tools.

    On 11/20/2017 at 7:33 PM, metar said:

    Took me 2 minutes.

    image.png.498d7d55c36d45a2aa4047862387eb73.png

    How ? strings aren't protected in the memory.

    No need to unpack or patch anything...

    after 3 years i had to ask

    you think there's a way to protect strings in memory!!?

    • 2 months later...
    On 6/22/2020 at 5:45 PM, little3388 said:

    Can you share these tools?
    Constant Decrypter
    ProxyCall Fixer 1.2
    TheProxy CFlow Remover

     

    Common Prab share those tools !!!We are all waiting for those tools long time now!!

    • 1 month later...

    I've got constant decrypter  we just need someone to buy @TheProxy RE's cflow remover and give it to us

    Constants Decrypter.zip

    Edited by Cakey

    • Like 2
    • 8 months later...

    where can i get 5.) Delegate Killer from ?

    • 1 month later...

    @Prab I would be so kind to upload the bedsConstantDec tool that you show in the video tutorial, since I couldn't find it ... thanks in advance

    • 8 months later...

    Only the tool from TheProxy RE is missing all orther tools i found online can some one share the tool from the TheProxy RE

     

    • 6 months later...

    Can you guys share me the tool TheProxy CFlow Remover

    Create an account or sign in to comment

    Go to topic listing

    Configure browser push notifications
    Chrome (Android)
    1. Tap the lock icon next to the address bar.
    2. Tap Permissions → Notifications.
    3. Adjust your preference.
    Chrome (Desktop)
    1. Click the padlock icon in the address bar.
    2. Select Site settings.
    3. Find Notifications and adjust your preference.