Newbe UnPackMe1

[SaggingCoder]

Difficulty : 7 (I think)
Language : .NET
Platform : Windows
OS Version : Windows 7 and up
Packer / Protector : eazFuscator 2018.2

Description :

Hello, here I am again 👋. After last and first attempt in the KeygenMe-Section, I tried to put more attention on packing my code harder. I've tried to understand and mod the open source obfuscator ConfuserEx but never got the result I was anticipating. (All the unpackers unpacked them with ease no matter what I added/changed 🙄). So I shifted my attention towards the commercial obfuscators and oh boy the pricing on these.... I've tried NetGuard, Babel, NetReactor,.. and so on. On some of these there were still virus triggers, and honestly I am quite displeased to know that these still can be easily unpacked with just De4Dot, unless I tried their paid methods for which I dont have the fundings. 
But two have stood out to me, which was Babel and eazFuscator.
Babel looked very promising but aside from the string encryption I couldnt have tried out the other protectors because those are only for the licensed version. Stupidly the string encryption alone wasn't enough since I was still able to let the program self decrypt the strings and fish them from dnSpy....
That's where I turned attention to eazFuscator. I downloaded a trial, set up the options and wow. I dont even know where to begin 😅. Those unpackers I found flying online also didn't help a lot... At least I wasnt able to unpack my own code. 

And that's where you come into play! Will you manage to unpack my little executable that was obfuscated with the latest eazFuscator, find the correct password and prove me that obfuscation is nothing but a serious big waste of time and resources? 😉

Good luck!

Screenshot :

UnPackMe1.exe

[Abigor]

Pass:

Spoiler

ThisIsTheCorrectPassword:)

 

UnPackMe1-devirtualized.exe

[SaggingCoder]

So I see, even the supposed strongest wouldn't stand a chance. Can I ask how you managed to devirtualize it? 

[kali]

Got same results as @Abigor.

 

Edited June 30, 2018 by kali

[XenocodeRCE]

1 hour ago, SaggingCoder said:

So I see, even the supposed strongest wouldn't stand a chance. Can I ask how you managed to devirtualize it? 

 

No need to devirtualize it to grab the password, its in clear in memory too. 

 

«On some of these there were still virus triggers, and honestly I am quite displeased to know that these still can be easily unpacked with just De4Dot, unless I tried their paid methods for which I dont have the fundings.  »

Consistency please, consistency ^^ You don't have the fundings for NETGuard yet you have $399 for Eazfuscator single developper licence ? ^^

There are open source unpackers and devirtualizer for Eazfuscator.

Every obfuscator out there will trigger AV on your protected file. Even more today than ever. However, two things ; first, they are not malware crypter so their goal is not to get your file fully undetectable to AV, second, AV always have a false positive report service where you can send them your protected file and it will not be detected by AV anymore.

[SaggingCoder]

3 hours ago, XenocodeRCE said:

Consistency please, consistency ^^ You don't have the fundings for NETGuard yet you have $399 for Eazfuscator single developper licence ? ^^

 

yah erm... no. like i said I used the trial version. (with the trial limitations on not so legal way removed 😅... im sorry i had to know if it's its money worth...)

 

4 hours ago, XenocodeRCE said:

Every obfuscator out there will trigger AV on your protected file. Even more today than ever. However, two things ; first, they are not malware crypter so their goal is not to get your file fully undetectable to AV, second, AV always have a false positive report service where you can send them your protected file and it will not be detected by AV anymore.

True yes, however I just wanted to see which one makes less problems.