Nebula Posted November 15, 2017 Posted November 15, 2017 Difficulty: 6/10 (Has max/all settings enabled)Language: .Net/C#Platform: WindowsOS Version: AllPacker/Protector: ConfuserEX Mod (Bed's Protector) Description: Unpack the tool and enter the correct string to display the messagebox. If you are successful I would like to know how you did it exactly, if you don't mind. Screenshot: UnpackMe.exe
Solution metar Posted November 20, 2017 Solution Posted November 20, 2017 (edited) Took me 2 minutes. How ? strings aren't protected in the memory. No need to unpack or patch anything... Edited November 20, 2017 by metar more details
Nebula Posted November 20, 2017 Author Posted November 20, 2017 5 hours ago, metar said: Took me 2 minutes. How ? strings aren't protected in the memory. No need to unpack or patch anything... So you just simply debug it?
metar Posted November 21, 2017 Posted November 21, 2017 9 hours ago, Nebula said: So you just simply debug it? Somehow, feel free to PM for details.
XenocodeRCE Posted November 23, 2017 Posted November 23, 2017 On 21/11/2017 at 12:05 AM, Nebula said: So you just simply debug it? Run the program, put any fake password, click on "Check password" wrong msg will be prompted, open up process hacker, right click on the file process -> properties -> net module -> strings -> scan/dump and then you have a .txt file with all strings extracted from memory. Seek for the wrong msg prompt text and nearby is the password. 5 4
Nebula Posted November 25, 2017 Author Posted November 25, 2017 On 11/23/2017 at 10:48 AM, XenocodeRCE said: Run the program, put any fake password, click on "Check password" wrong msg will be prompted, open up process hacker, right click on the file process -> properties -> net module -> strings -> scan/dump and then you have a .txt file with all strings extracted from memory. Seek for the wrong msg prompt text and nearby is the password. Thank you, but now fully unpacking it is the issue I have now.
Prab Posted April 28, 2020 Posted April 28, 2020 Steps : 1.) Dump 2.) Fix Dump 3.) Translate to x86 ( IL Only ) 4.) Constant Decrypter ( Thanks to CursedSheep ) 5.) Delegate Killer 6.) ProxyCall Fixer 1.2 7.) TheProxy CFlow Remover 8.) Bed 4.5 CFlow Remover 9.) De4dot File Unpacked : UnpackMe-Dump_fixed_noX86-ConstantDec_nodelegate_noProxy_CFlow-NoFlow-cleaned.exe
Ninjego1 Posted June 19, 2020 Posted June 19, 2020 On 4/28/2020 at 4:21 PM, Prab said: Steps : 1.) Dump 2.) Fix Dump 3.) Translate to x86 ( IL Only ) 4.) Constant Decrypter ( Thanks to CursedSheep ) 5.) Delegate Killer 6.) ProxyCall Fixer 1.2 7.) TheProxy CFlow Remover 8.) Bed 4.5 CFlow Remover 9.) De4dot File Unpacked : UnpackMe-Dump_fixed_noX86-ConstantDec_nodelegate_noProxy_CFlow-NoFlow-cleaned.exe Where can I get the Tools? (Been looking for Dump Fixer everywhere
Prab Posted June 20, 2020 Posted June 20, 2020 18 hours ago, Ninjego1 said: Where can I get the Tools? (Been looking for Dump Fixer everywhere Anti Dump Fixer.rar 1
little3388 Posted June 22, 2020 Posted June 22, 2020 On 4/28/2020 at 10:21 PM, Prab said: Steps : 1.) Dump 2.) Fix Dump 3.) Translate to x86 ( IL Only ) 4.) Constant Decrypter ( Thanks to CursedSheep ) 5.) Delegate Killer 6.) ProxyCall Fixer 1.2 7.) TheProxy CFlow Remover 8.) Bed 4.5 CFlow Remover 9.) De4dot File Unpacked : UnpackMe-Dump_fixed_noX86-ConstantDec_nodelegate_noProxy_CFlow-NoFlow-cleaned.exe Where can I get these tools? 3.) Translate to x86 ( IL Only ) 4.) Constant Decrypter ( Thanks to CursedSheep ) 7.) TheProxy CFlow Remover 8.) Bed 4.5 CFlow Remover
Prab Posted June 22, 2020 Posted June 22, 2020 8 hours ago, little3388 said: Where can I get these tools? 3.) Translate to x86 ( IL Only ) 4.) Constant Decrypter ( Thanks to CursedSheep ) 7.) TheProxy CFlow Remover 8.) Bed 4.5 CFlow Remover Bed_ControlFlow_Remover.rar x86_Retranslater.rar I can't give you the rest of em ( i don't have permission to share them, hope you understand me). 3
illuZion Posted June 22, 2020 Posted June 22, 2020 On 4/28/2020 at 4:21 PM, Prab said: Steps : 1.) Dump 2.) Fix Dump 3.) Translate to x86 ( IL Only ) 4.) Constant Decrypter ( Thanks to CursedSheep ) 5.) Delegate Killer 6.) ProxyCall Fixer 1.2 7.) TheProxy CFlow Remover 8.) Bed 4.5 CFlow Remover 9.) De4dot File Unpacked : UnpackMe-Dump_fixed_noX86-ConstantDec_nodelegate_noProxy_CFlow-NoFlow-cleaned.exe Your post doesn't explain how to do any of the steps, and doesn't even provide the tools you probably used. What you've done should be reproducible from your message, but it is not! I don't understand how such answers can still be accepted. This is not a look-at-me-i-did-it forum!
little3388 Posted June 22, 2020 Posted June 22, 2020 5 hours ago, Prab said: Bed_ControlFlow_Remover.rar 483.9 kB · 8 downloads x86_Retranslater.rar 325.33 kB · 8 downloads I can't give you the rest of em ( i don't have permission to share them, hope you understand me). Can understand you, see the unpacking video you posted on youtube, let me learn a lot, thank you
Prab Posted June 23, 2020 Posted June 23, 2020 15 hours ago, illuZion said: Your post doesn't explain how to do any of the steps, and doesn't even provide the tools you probably used. What you've done should be reproducible from your message, but it is not! I don't understand how such answers can still be accepted. This is not a look-at-me-i-did-it forum! Yes, this was acutally my bad that i hadn't explained all details at the first place. If i'm not lazy, i would explain specific details and provide these tools.
shadow.Walker Posted June 24, 2020 Posted June 24, 2020 On 11/20/2017 at 7:33 PM, metar said: Took me 2 minutes. How ? strings aren't protected in the memory. No need to unpack or patch anything... after 3 years i had to ask you think there's a way to protect strings in memory!!?
popkoko818 Posted August 28, 2020 Posted August 28, 2020 On 6/22/2020 at 5:45 PM, little3388 said: Can you share these tools? Constant Decrypter ProxyCall Fixer 1.2 TheProxy CFlow Remover
Kronos Posted September 5, 2020 Posted September 5, 2020 Common Prab share those tools !!!We are all waiting for those tools long time now!!
Kronos Posted September 6, 2020 Posted September 6, 2020 i think the ProxyCall Fixer 1.2 is this one! ConfuserExProxyCallFixer1_2.zip 1
Junk Posted October 6, 2020 Posted October 6, 2020 (edited) I've got constant decrypter we just need someone to buy @TheProxy RE's cflow remover and give it to us Constants Decrypter.zip Edited October 6, 2020 by Cakey 2
goro1988 Posted August 16, 2021 Posted August 16, 2021 @Prab I would be so kind to upload the bedsConstantDec tool that you show in the video tutorial, since I couldn't find it ... thanks in advance
Accede Posted April 27, 2022 Posted April 27, 2022 Only the tool from TheProxy RE is missing all orther tools i found online can some one share the tool from the TheProxy RE
steak Posted November 19, 2022 Posted November 19, 2022 Can you guys share me the tool TheProxy CFlow Remover
Recommended Posts
Create an account or sign in to comment
You need to be a member in order to leave a comment
Create an account
Sign up for a new account in our community. It's easy!
Register a new accountSign in
Already have an account? Sign in here.
Sign In Now