Posted June 18, 20187 yr Difficulty : 8 Language : VB.NET (.NET) Platform : Windows OS Version : Windows 7, Windows 8, Windows 10 Packer / Protector : Agile.net ( Full Version with Virtualization ) Description : if u click on the "try" button the tool will check if the entered text in the textbox is correct. What u need to do is unpack the tool and get the password. Screenshot : Secured.rar Secured.rar Edited June 18, 20187 yr by MulaB
June 24, 20187 yr Didn't need to unpack, simply grabbed key from memory. This still should pretty easy to unpack though...
June 24, 20187 yr Well, I was working on it too and unpacked it but did nto have time to clean it well enough to my liking. However, as you can see from my screenshot below, its unpacked and clean enough to give us the solution : Best Regards :)
June 24, 20187 yr Author 14 hours ago, disterso said: Didn't need to unpack, simply grabbed key from memory. This still should pretty easy to unpack though... How did u grab it from memory? Trough megadumper and then that exe?
June 24, 20187 yr 1 hour ago, MulaB said: How did u grab it from memory? Trough megadumper and then that exe? You can dump strings from Process Hacker 2
June 24, 20187 yr 3 hours ago, MulaB said: How did u grab it from memory? Trough megadumper and then that exe? I attached cheat engine to it and viewed the memory and searched for the fail message. then found the key above... I also have semi unpacked this using jit and SAE
August 26, 20187 yr I also found the key without unpacking it. Would be nice to have a better target. It is interesting that some people who must be very new to this would try to unpack before phishing the obvious answer out of memory. Of course afterwards for the challenge
August 11, 20196 yr Does someone of you guys know a Eazfuscator Unpacker/Deobfuscator, or maybe could help me with unpacking something? Would be really appreciated :)
August 11, 20196 yr 6 hours ago, hellxsuicide said: Does someone of you guys know a Eazfuscator Unpacker/Deobfuscator, or maybe could help me with unpacking something? Would be really appreciated I can help you crack something but sadly not unpack yet (eaz)
August 17, 20196 yr On 8/11/2019 at 11:57 PM, TobitoFatito said: I can help you crack something but sadly not unpack yet (eaz) So do you have discord or something, i was actually able to unpack some things, but I think there needs to be done some string decryption. And sorry for the late response.
August 18, 20196 yr On 8/17/2019 at 11:32 PM, hellxsuicide said: So do you have discord or something, i was actually able to unpack some things, but I think there needs to be done some string decryption. And sorry for the late response. I Released a way of patching these vm's, here https://github.com/TobitoFatitoNulled/Venturi77CallHijacker but you'll need to manually inject agile for now (will try to fix the issue asap tho. Edited October 10, 20195 yr by TobitoFatito
May 31, 20223 yr 1. Understand the Method Encryption routine of Agile.NET to decrypt Method Bodies. Dynamic Routine is not so preferrable as you have to build your unpacker for diff. frameworks and I personally do not like this. Agile have few "off-the-route" routines for few protected files which you have to handle while you are dealing with static decryption. You can analyze the respective DLL responsible for this. You can make your own Static Unpacker or Use JIT Dumper - https://github.com/Anonym0ose/JitDumper or SMD for Agile - 2. You can update de4dot or make your own unpacker for fixing Strings/Cflow and other stuff. or Use https://github.com/ribthegreat99OrN0P/Agile.NET-Deobfuscator-Latest or https://github.com/NotPrab/AgileStringDecryptor https://github.com/waynebonc/AgileDotNet-StringDeobfuscator 3. For VM, You can simply check the de4dot how it used to devirtualize older version of Agile.NET and you can follow same strategy to update for newer version though if de4dot unable to handle few opcodes you have to add your custom codes. For this version, You can update CSVM Handlers info containing file to restore the Data from Virtualized part. Regards (Clique) CLQ Quote I think after Unpack, The source code looks 99.9% or nearly 100% close to Original. Testing Agile_unpacked.exe
Create an account or sign in to comment