Difficulty : 8
Language : VB.NET (.NET)
Platform : Windows
OS Version : Windows 7, Windows 8, Windows 10
Packer / Protector : Agile.net ( Full Version with Virtualization )

Description :

if u click on the "try" button the tool will check if the entered text in the textbox is correct. What u need to do is unpack the tool and get the password.

Screenshot :

Secured.rar

Secured.rar

Edited June 18, 20187 yr by MulaB

 

Didn't need to unpack, simply grabbed key from memory. This still should pretty easy to unpack though...

Well, I was working on it too and unpacked it but did nto have time to clean it well enough to my liking.

However, as you can see from my screenshot below, its unpacked and clean enough to give us the solution :

 

 

Best Regards :)

 

14 hours ago, disterso said:

 

Didn't need to unpack, simply grabbed key from memory. This still should pretty easy to unpack though...

How did u grab it from memory? Trough megadumper and then that exe?

1 hour ago, MulaB said:

How did u grab it from memory? Trough megadumper and then that exe?

 

You can dump strings from Process Hacker 2 

3 hours ago, MulaB said:

How did u grab it from memory? Trough megadumper and then that exe?

I attached cheat engine to it and viewed the memory and searched for the fail message. then found the key above...

I also have semi unpacked this using jit and SAE

I also found the key without unpacking it.  Would be nice to have a better target.  It is interesting that some people who must be very new to this would try to unpack before phishing the obvious answer out of memory.  Of course afterwards for the challenge

Does someone of you guys know a Eazfuscator Unpacker/Deobfuscator, or maybe could help me with unpacking something? Would be really appreciated :)

6 hours ago, hellxsuicide said:

Does someone of you guys know a Eazfuscator Unpacker/Deobfuscator, or maybe could help me with unpacking something? Would be really appreciated

I can help you crack something but sadly not unpack yet (eaz)

On 8/11/2019 at 11:57 PM, TobitoFatito said:

I can help you crack something but sadly not unpack yet (eaz)

So do you have discord or something, i was actually able to unpack some things, but I think there needs to be done some string decryption. And sorry for the late response.

On 8/17/2019 at 11:32 PM, hellxsuicide said:

So do you have discord or something, i was actually able to unpack some things, but I think there needs to be done some string decryption. And sorry for the late response.

I Released a way of patching these vm's, here https://github.com/TobitoFatitoNulled/Venturi77CallHijacker but you'll need to manually inject agile for now (will try to fix the issue asap tho.

Edited October 10, 20195 yr by TobitoFatito

1. Understand the Method Encryption routine of Agile.NET to decrypt Method Bodies. Dynamic Routine is not so preferrable as you have to build your unpacker for diff. frameworks and I personally do not like this. Agile have few "off-the-route" routines for few protected files which you have to handle while you are dealing with static decryption. You can analyze the respective DLL responsible for this. You can make your own Static Unpacker 
or Use

JIT Dumper - https://github.com/Anonym0ose/JitDumper or
SMD for Agile - 

 

2. You can update de4dot or make your own unpacker for fixing Strings/Cflow and other stuff.
or Use

https://github.com/ribthegreat99OrN0P/Agile.NET-Deobfuscator-Latest or
https://github.com/NotPrab/AgileStringDecryptor
https://github.com/waynebonc/AgileDotNet-StringDeobfuscator
 

3. For VM, You can simply check the de4dot how it used to devirtualize older version of Agile.NET and you can follow same strategy to update for newer version though if de4dot unable to handle few opcodes you have to add your custom codes. For this version, You can update CSVM Handlers info containing file to restore the Data from Virtualized part.

Regards
(Clique) CLQ

 

Quote

I think after Unpack, The source code looks 99.9% or nearly 100% close to Original. 

 

Testing Agile_unpacked.exe