MulaB Posted June 18, 2018 Posted June 18, 2018 (edited) Difficulty : 8 Language : VB.NET (.NET) Platform : Windows OS Version : Windows 7, Windows 8, Windows 10 Packer / Protector : Agile.net ( Full Version with Virtualization ) Description : if u click on the "try" button the tool will check if the entered text in the textbox is correct. What u need to do is unpack the tool and get the password. Screenshot : Secured.rar Secured.rar Edited June 18, 2018 by MulaB 1
puff Posted June 24, 2018 Posted June 24, 2018 Didn't need to unpack, simply grabbed key from memory. This still should pretty easy to unpack though... 1
Techlord Posted June 24, 2018 Posted June 24, 2018 Well, I was working on it too and unpacked it but did nto have time to clean it well enough to my liking. However, as you can see from my screenshot below, its unpacked and clean enough to give us the solution : Best Regards :) 3
MulaB Posted June 24, 2018 Author Posted June 24, 2018 14 hours ago, disterso said: Didn't need to unpack, simply grabbed key from memory. This still should pretty easy to unpack though... How did u grab it from memory? Trough megadumper and then that exe?
XenocodeRCE Posted June 24, 2018 Posted June 24, 2018 1 hour ago, MulaB said: How did u grab it from memory? Trough megadumper and then that exe? You can dump strings from Process Hacker 2
puff Posted June 24, 2018 Posted June 24, 2018 3 hours ago, MulaB said: How did u grab it from memory? Trough megadumper and then that exe? I attached cheat engine to it and viewed the memory and searched for the fail message. then found the key above... I also have semi unpacked this using jit and SAE
Progman Posted August 26, 2018 Posted August 26, 2018 I also found the key without unpacking it. Would be nice to have a better target. It is interesting that some people who must be very new to this would try to unpack before phishing the obvious answer out of memory. Of course afterwards for the challenge
hellxsuicide Posted August 11, 2019 Posted August 11, 2019 Does someone of you guys know a Eazfuscator Unpacker/Deobfuscator, or maybe could help me with unpacking something? Would be really appreciated :)
TobitoFatito Posted August 11, 2019 Posted August 11, 2019 6 hours ago, hellxsuicide said: Does someone of you guys know a Eazfuscator Unpacker/Deobfuscator, or maybe could help me with unpacking something? Would be really appreciated I can help you crack something but sadly not unpack yet (eaz)
hellxsuicide Posted August 17, 2019 Posted August 17, 2019 On 8/11/2019 at 11:57 PM, TobitoFatito said: I can help you crack something but sadly not unpack yet (eaz) So do you have discord or something, i was actually able to unpack some things, but I think there needs to be done some string decryption. And sorry for the late response.
TobitoFatito Posted August 18, 2019 Posted August 18, 2019 (edited) On 8/17/2019 at 11:32 PM, hellxsuicide said: So do you have discord or something, i was actually able to unpack some things, but I think there needs to be done some string decryption. And sorry for the late response. I Released a way of patching these vm's, here https://github.com/TobitoFatitoNulled/Venturi77CallHijacker but you'll need to manually inject agile for now (will try to fix the issue asap tho. Edited October 10, 2019 by TobitoFatito 3
BlackHat Posted May 31, 2022 Posted May 31, 2022 1. Understand the Method Encryption routine of Agile.NET to decrypt Method Bodies. Dynamic Routine is not so preferrable as you have to build your unpacker for diff. frameworks and I personally do not like this. Agile have few "off-the-route" routines for few protected files which you have to handle while you are dealing with static decryption. You can analyze the respective DLL responsible for this. You can make your own Static Unpacker or Use JIT Dumper - https://github.com/Anonym0ose/JitDumper or SMD for Agile - 2. You can update de4dot or make your own unpacker for fixing Strings/Cflow and other stuff. or Use https://github.com/ribthegreat99OrN0P/Agile.NET-Deobfuscator-Latest or https://github.com/NotPrab/AgileStringDecryptor https://github.com/waynebonc/AgileDotNet-StringDeobfuscator 3. For VM, You can simply check the de4dot how it used to devirtualize older version of Agile.NET and you can follow same strategy to update for newer version though if de4dot unable to handle few opcodes you have to add your custom codes. For this version, You can update CSVM Handlers info containing file to restore the Data from Virtualized part. Regards (Clique) CLQ Quote I think after Unpack, The source code looks 99.9% or nearly 100% close to Original. Testing Agile_unpacked.exe 3
Recommended Posts
Create an account or sign in to comment
You need to be a member in order to leave a comment
Create an account
Sign up for a new account in our community. It's easy!
Register a new accountSign in
Already have an account? Sign in here.
Sign In Now