Nebula Posted November 15, 2017 Share Posted November 15, 2017 Difficulty: 6/10 (Has max/all settings enabled)Language: .Net/C#Platform: WindowsOS Version: AllPacker/Protector: ConfuserEX Mod (Bed's Protector) Description: Unpack the tool and enter the correct string to display the messagebox. If you are successful I would like to know how you did it exactly, if you don't mind. Screenshot: UnpackMe.exe Link to comment Share on other sites More sharing options...
Solution metar Posted November 20, 2017 Solution Share Posted November 20, 2017 (edited) Took me 2 minutes. How ? strings aren't protected in the memory. No need to unpack or patch anything... Edited November 20, 2017 by metar more details Link to comment Share on other sites More sharing options...
Nebula Posted November 20, 2017 Author Share Posted November 20, 2017 5 hours ago, metar said: Took me 2 minutes. How ? strings aren't protected in the memory. No need to unpack or patch anything... So you just simply debug it? Link to comment Share on other sites More sharing options...
metar Posted November 21, 2017 Share Posted November 21, 2017 9 hours ago, Nebula said: So you just simply debug it? Somehow, feel free to PM for details. Link to comment Share on other sites More sharing options...
XenocodeRCE Posted November 23, 2017 Share Posted November 23, 2017 On 21/11/2017 at 12:05 AM, Nebula said: So you just simply debug it? Run the program, put any fake password, click on "Check password" wrong msg will be prompted, open up process hacker, right click on the file process -> properties -> net module -> strings -> scan/dump and then you have a .txt file with all strings extracted from memory. Seek for the wrong msg prompt text and nearby is the password. 5 4 Link to comment Share on other sites More sharing options...
Nebula Posted November 25, 2017 Author Share Posted November 25, 2017 On 11/23/2017 at 10:48 AM, XenocodeRCE said: Run the program, put any fake password, click on "Check password" wrong msg will be prompted, open up process hacker, right click on the file process -> properties -> net module -> strings -> scan/dump and then you have a .txt file with all strings extracted from memory. Seek for the wrong msg prompt text and nearby is the password. Thank you, but now fully unpacking it is the issue I have now. Link to comment Share on other sites More sharing options...
Prab Posted April 28, 2020 Share Posted April 28, 2020 Steps : 1.) Dump 2.) Fix Dump 3.) Translate to x86 ( IL Only ) 4.) Constant Decrypter ( Thanks to CursedSheep ) 5.) Delegate Killer 6.) ProxyCall Fixer 1.2 7.) TheProxy CFlow Remover 8.) Bed 4.5 CFlow Remover 9.) De4dot File Unpacked : UnpackMe-Dump_fixed_noX86-ConstantDec_nodelegate_noProxy_CFlow-NoFlow-cleaned.exe Link to comment Share on other sites More sharing options...
Ninjego1 Posted June 19, 2020 Share Posted June 19, 2020 On 4/28/2020 at 4:21 PM, Prab said: Steps : 1.) Dump 2.) Fix Dump 3.) Translate to x86 ( IL Only ) 4.) Constant Decrypter ( Thanks to CursedSheep ) 5.) Delegate Killer 6.) ProxyCall Fixer 1.2 7.) TheProxy CFlow Remover 8.) Bed 4.5 CFlow Remover 9.) De4dot File Unpacked : UnpackMe-Dump_fixed_noX86-ConstantDec_nodelegate_noProxy_CFlow-NoFlow-cleaned.exe Where can I get the Tools? (Been looking for Dump Fixer everywhere Link to comment Share on other sites More sharing options...
Prab Posted June 20, 2020 Share Posted June 20, 2020 18 hours ago, Ninjego1 said: Where can I get the Tools? (Been looking for Dump Fixer everywhere Anti Dump Fixer.rar 1 Link to comment Share on other sites More sharing options...
little3388 Posted June 22, 2020 Share Posted June 22, 2020 On 4/28/2020 at 10:21 PM, Prab said: Steps : 1.) Dump 2.) Fix Dump 3.) Translate to x86 ( IL Only ) 4.) Constant Decrypter ( Thanks to CursedSheep ) 5.) Delegate Killer 6.) ProxyCall Fixer 1.2 7.) TheProxy CFlow Remover 8.) Bed 4.5 CFlow Remover 9.) De4dot File Unpacked : UnpackMe-Dump_fixed_noX86-ConstantDec_nodelegate_noProxy_CFlow-NoFlow-cleaned.exe Where can I get these tools? 3.) Translate to x86 ( IL Only ) 4.) Constant Decrypter ( Thanks to CursedSheep ) 7.) TheProxy CFlow Remover 8.) Bed 4.5 CFlow Remover Link to comment Share on other sites More sharing options...
collins Posted June 22, 2020 Share Posted June 22, 2020 😀 Prab will say that are private tools. Link to comment Share on other sites More sharing options...
Prab Posted June 22, 2020 Share Posted June 22, 2020 8 hours ago, little3388 said: Where can I get these tools? 3.) Translate to x86 ( IL Only ) 4.) Constant Decrypter ( Thanks to CursedSheep ) 7.) TheProxy CFlow Remover 8.) Bed 4.5 CFlow Remover Bed_ControlFlow_Remover.rar x86_Retranslater.rar I can't give you the rest of em ( i don't have permission to share them, hope you understand me). 3 Link to comment Share on other sites More sharing options...
illuZion Posted June 22, 2020 Share Posted June 22, 2020 On 4/28/2020 at 4:21 PM, Prab said: Steps : 1.) Dump 2.) Fix Dump 3.) Translate to x86 ( IL Only ) 4.) Constant Decrypter ( Thanks to CursedSheep ) 5.) Delegate Killer 6.) ProxyCall Fixer 1.2 7.) TheProxy CFlow Remover 8.) Bed 4.5 CFlow Remover 9.) De4dot File Unpacked : UnpackMe-Dump_fixed_noX86-ConstantDec_nodelegate_noProxy_CFlow-NoFlow-cleaned.exe Your post doesn't explain how to do any of the steps, and doesn't even provide the tools you probably used. What you've done should be reproducible from your message, but it is not! I don't understand how such answers can still be accepted. This is not a look-at-me-i-did-it forum! Link to comment Share on other sites More sharing options...
little3388 Posted June 22, 2020 Share Posted June 22, 2020 5 hours ago, Prab said: Bed_ControlFlow_Remover.rar 483.9 kB · 8 downloads x86_Retranslater.rar 325.33 kB · 8 downloads I can't give you the rest of em ( i don't have permission to share them, hope you understand me). Can understand you, see the unpacking video you posted on youtube, let me learn a lot, thank you Link to comment Share on other sites More sharing options...
collins Posted June 22, 2020 Share Posted June 22, 2020 @illuZion you can see Prab tutorial on youtube: Link to comment Share on other sites More sharing options...
Prab Posted June 23, 2020 Share Posted June 23, 2020 15 hours ago, illuZion said: Your post doesn't explain how to do any of the steps, and doesn't even provide the tools you probably used. What you've done should be reproducible from your message, but it is not! I don't understand how such answers can still be accepted. This is not a look-at-me-i-did-it forum! Yes, this was acutally my bad that i hadn't explained all details at the first place. If i'm not lazy, i would explain specific details and provide these tools. Link to comment Share on other sites More sharing options...
shadow.Walker Posted June 24, 2020 Share Posted June 24, 2020 On 11/20/2017 at 7:33 PM, metar said: Took me 2 minutes. How ? strings aren't protected in the memory. No need to unpack or patch anything... after 3 years i had to ask you think there's a way to protect strings in memory!!? Link to comment Share on other sites More sharing options...
popkoko818 Posted August 28, 2020 Share Posted August 28, 2020 On 6/22/2020 at 5:45 PM, little3388 said: Can you share these tools? Constant Decrypter ProxyCall Fixer 1.2 TheProxy CFlow Remover Link to comment Share on other sites More sharing options...
Kronos Posted September 5, 2020 Share Posted September 5, 2020 Common Prab share those tools !!!We are all waiting for those tools long time now!! Link to comment Share on other sites More sharing options...
Kronos Posted September 6, 2020 Share Posted September 6, 2020 i think the ProxyCall Fixer 1.2 is this one! ConfuserExProxyCallFixer1_2.zip 1 Link to comment Share on other sites More sharing options...
Junk Posted October 6, 2020 Share Posted October 6, 2020 (edited) I've got constant decrypter we just need someone to buy @TheProxy RE's cflow remover and give it to us Constants Decrypter.zip Edited October 6, 2020 by Cakey 2 Link to comment Share on other sites More sharing options...
Devilsupreme Posted June 22, 2021 Share Posted June 22, 2021 where can i get 5.) Delegate Killer from ? Link to comment Share on other sites More sharing options...
goro1988 Posted August 16, 2021 Share Posted August 16, 2021 @Prab I would be so kind to upload the bedsConstantDec tool that you show in the video tutorial, since I couldn't find it ... thanks in advance Link to comment Share on other sites More sharing options...
Accede Posted April 27, 2022 Share Posted April 27, 2022 Only the tool from TheProxy RE is missing all orther tools i found online can some one share the tool from the TheProxy RE Link to comment Share on other sites More sharing options...
steak Posted November 19, 2022 Share Posted November 19, 2022 Can you guys share me the tool TheProxy CFlow Remover Link to comment Share on other sites More sharing options...
Recommended Posts
Create an account or sign in to comment
You need to be a member in order to leave a comment
Create an account
Sign up for a new account in our community. It's easy!
Register a new accountSign in
Already have an account? Sign in here.
Sign In Now