Posted November 15, 20177 yr Difficulty: 6/10 (Has max/all settings enabled)Language: .Net/C#Platform: WindowsOS Version: AllPacker/Protector: ConfuserEX Mod (Bed's Protector) Description: Unpack the tool and enter the correct string to display the messagebox. If you are successful I would like to know how you did it exactly, if you don't mind. Screenshot: UnpackMe.exe
November 20, 20177 yr Solution Took me 2 minutes. How ? strings aren't protected in the memory. No need to unpack or patch anything... Edited November 20, 20177 yr by metar more details
November 20, 20177 yr Author 5 hours ago, metar said: Took me 2 minutes. How ? strings aren't protected in the memory. No need to unpack or patch anything... So you just simply debug it?
November 21, 20177 yr 9 hours ago, Nebula said: So you just simply debug it? Somehow, feel free to PM for details.
November 23, 20177 yr On 21/11/2017 at 12:05 AM, Nebula said: So you just simply debug it? Run the program, put any fake password, click on "Check password" wrong msg will be prompted, open up process hacker, right click on the file process -> properties -> net module -> strings -> scan/dump and then you have a .txt file with all strings extracted from memory. Seek for the wrong msg prompt text and nearby is the password.
November 25, 20177 yr Author On 11/23/2017 at 10:48 AM, XenocodeRCE said: Run the program, put any fake password, click on "Check password" wrong msg will be prompted, open up process hacker, right click on the file process -> properties -> net module -> strings -> scan/dump and then you have a .txt file with all strings extracted from memory. Seek for the wrong msg prompt text and nearby is the password. Thank you, but now fully unpacking it is the issue I have now.
April 28, 20205 yr Steps : 1.) Dump 2.) Fix Dump 3.) Translate to x86 ( IL Only ) 4.) Constant Decrypter ( Thanks to CursedSheep ) 5.) Delegate Killer 6.) ProxyCall Fixer 1.2 7.) TheProxy CFlow Remover 8.) Bed 4.5 CFlow Remover 9.) De4dot File Unpacked : UnpackMe-Dump_fixed_noX86-ConstantDec_nodelegate_noProxy_CFlow-NoFlow-cleaned.exe
June 19, 20205 yr On 4/28/2020 at 4:21 PM, Prab said: Steps : 1.) Dump 2.) Fix Dump 3.) Translate to x86 ( IL Only ) 4.) Constant Decrypter ( Thanks to CursedSheep ) 5.) Delegate Killer 6.) ProxyCall Fixer 1.2 7.) TheProxy CFlow Remover 8.) Bed 4.5 CFlow Remover 9.) De4dot File Unpacked : UnpackMe-Dump_fixed_noX86-ConstantDec_nodelegate_noProxy_CFlow-NoFlow-cleaned.exe Where can I get the Tools? (Been looking for Dump Fixer everywhere
June 20, 20205 yr 18 hours ago, Ninjego1 said: Where can I get the Tools? (Been looking for Dump Fixer everywhere Anti Dump Fixer.rar
June 22, 20205 yr On 4/28/2020 at 10:21 PM, Prab said: Steps : 1.) Dump 2.) Fix Dump 3.) Translate to x86 ( IL Only ) 4.) Constant Decrypter ( Thanks to CursedSheep ) 5.) Delegate Killer 6.) ProxyCall Fixer 1.2 7.) TheProxy CFlow Remover 8.) Bed 4.5 CFlow Remover 9.) De4dot File Unpacked : UnpackMe-Dump_fixed_noX86-ConstantDec_nodelegate_noProxy_CFlow-NoFlow-cleaned.exe Where can I get these tools? 3.) Translate to x86 ( IL Only ) 4.) Constant Decrypter ( Thanks to CursedSheep ) 7.) TheProxy CFlow Remover 8.) Bed 4.5 CFlow Remover
June 22, 20205 yr 8 hours ago, little3388 said: Where can I get these tools? 3.) Translate to x86 ( IL Only ) 4.) Constant Decrypter ( Thanks to CursedSheep ) 7.) TheProxy CFlow Remover 8.) Bed 4.5 CFlow Remover Bed_ControlFlow_Remover.rar x86_Retranslater.rar I can't give you the rest of em ( i don't have permission to share them, hope you understand me).
June 22, 20205 yr On 4/28/2020 at 4:21 PM, Prab said: Steps : 1.) Dump 2.) Fix Dump 3.) Translate to x86 ( IL Only ) 4.) Constant Decrypter ( Thanks to CursedSheep ) 5.) Delegate Killer 6.) ProxyCall Fixer 1.2 7.) TheProxy CFlow Remover 8.) Bed 4.5 CFlow Remover 9.) De4dot File Unpacked : UnpackMe-Dump_fixed_noX86-ConstantDec_nodelegate_noProxy_CFlow-NoFlow-cleaned.exe Your post doesn't explain how to do any of the steps, and doesn't even provide the tools you probably used. What you've done should be reproducible from your message, but it is not! I don't understand how such answers can still be accepted. This is not a look-at-me-i-did-it forum!
June 22, 20205 yr 5 hours ago, Prab said: Bed_ControlFlow_Remover.rar 483.9 kB · 8 downloads x86_Retranslater.rar 325.33 kB · 8 downloads I can't give you the rest of em ( i don't have permission to share them, hope you understand me). Can understand you, see the unpacking video you posted on youtube, let me learn a lot, thank you
June 23, 20205 yr 15 hours ago, illuZion said: Your post doesn't explain how to do any of the steps, and doesn't even provide the tools you probably used. What you've done should be reproducible from your message, but it is not! I don't understand how such answers can still be accepted. This is not a look-at-me-i-did-it forum! Yes, this was acutally my bad that i hadn't explained all details at the first place. If i'm not lazy, i would explain specific details and provide these tools.
June 24, 20205 yr On 11/20/2017 at 7:33 PM, metar said: Took me 2 minutes. How ? strings aren't protected in the memory. No need to unpack or patch anything... after 3 years i had to ask you think there's a way to protect strings in memory!!?
August 28, 20205 yr On 6/22/2020 at 5:45 PM, little3388 said: Can you share these tools? Constant Decrypter ProxyCall Fixer 1.2 TheProxy CFlow Remover
September 5, 20204 yr Common Prab share those tools !!!We are all waiting for those tools long time now!!
October 6, 20204 yr I've got constant decrypter we just need someone to buy @TheProxy RE's cflow remover and give it to us Constants Decrypter.zip Edited October 6, 20204 yr by Cakey
August 16, 20214 yr @Prab I would be so kind to upload the bedsConstantDec tool that you show in the video tutorial, since I couldn't find it ... thanks in advance
April 27, 20223 yr Only the tool from TheProxy RE is missing all orther tools i found online can some one share the tool from the TheProxy RE
Create an account or sign in to comment