SaggingCoder Posted June 29, 2018 Posted June 29, 2018 Difficulty : 7 (I think) Language : .NET Platform : Windows OS Version : Windows 7 and up Packer / Protector : eazFuscator 2018.2 Description : Hello, here I am again 👋. After last and first attempt in the KeygenMe-Section, I tried to put more attention on packing my code harder. I've tried to understand and mod the open source obfuscator ConfuserEx but never got the result I was anticipating. (All the unpackers unpacked them with ease no matter what I added/changed 🙄). So I shifted my attention towards the commercial obfuscators and oh boy the pricing on these.... I've tried NetGuard, Babel, NetReactor,.. and so on. On some of these there were still virus triggers, and honestly I am quite displeased to know that these still can be easily unpacked with just De4Dot, unless I tried their paid methods for which I dont have the fundings. But two have stood out to me, which was Babel and eazFuscator. Babel looked very promising but aside from the string encryption I couldnt have tried out the other protectors because those are only for the licensed version. Stupidly the string encryption alone wasn't enough since I was still able to let the program self decrypt the strings and fish them from dnSpy.... That's where I turned attention to eazFuscator. I downloaded a trial, set up the options and wow. I dont even know where to begin 😅. Those unpackers I found flying online also didn't help a lot... At least I wasnt able to unpack my own code. And that's where you come into play! Will you manage to unpack my little executable that was obfuscated with the latest eazFuscator, find the correct password and prove me that obfuscation is nothing but a serious big waste of time and resources? 😉 Good luck! Screenshot : UnPackMe1.exe
Solution Abigor Posted June 30, 2018 Solution Posted June 30, 2018 Pass: Spoiler ThisIsTheCorrectPassword:) Â UnPackMe1-devirtualized.exe 1
SaggingCoder Posted June 30, 2018 Author Posted June 30, 2018 So I see, even the supposed strongest wouldn't stand a chance. Can I ask how you managed to devirtualize it?Â
kali Posted June 30, 2018 Posted June 30, 2018 (edited) Got same results as @Abigor. Â Edited June 30, 2018 by kali
XenocodeRCE Posted June 30, 2018 Posted June 30, 2018 1 hour ago, SaggingCoder said: So I see, even the supposed strongest wouldn't stand a chance. Can I ask how you managed to devirtualize it?  No need to devirtualize it to grab the password, its in clear in memory too.  «On some of these there were still virus triggers, and honestly I am quite displeased to know that these still can be easily unpacked with just De4Dot, unless I tried their paid methods for which I dont have the fundings. » Consistency please, consistency ^^ You don't have the fundings for NETGuard yet you have $399 for Eazfuscator single developper licence ? ^^ There are open source unpackers and devirtualizer for Eazfuscator. Every obfuscator out there will trigger AV on your protected file. Even more today than ever. However, two things ; first, they are not malware crypter so their goal is not to get your file fully undetectable to AV, second, AV always have a false positive report service where you can send them your protected file and it will not be detected by AV anymore.
SaggingCoder Posted June 30, 2018 Author Posted June 30, 2018 3 hours ago, XenocodeRCE said: Consistency please, consistency ^^ You don't have the fundings for NETGuard yet you have $399 for Eazfuscator single developper licence ? ^^  yah erm... no. like i said I used the trial version. (with the trial limitations on not so legal way removed 😅... im sorry i had to know if it's its money worth...)  4 hours ago, XenocodeRCE said: Every obfuscator out there will trigger AV on your protected file. Even more today than ever. However, two things ; first, they are not malware crypter so their goal is not to get your file fully undetectable to AV, second, AV always have a false positive report service where you can send them your protected file and it will not be detected by AV anymore. True yes, however I just wanted to see which one makes less problems.
CodeExplorer Posted 4 hours ago Posted 4 hours ago de4dot -p un --dont-rename Does anyone know any devirtualizer working for this? Â
Recommended Posts
Create an account or sign in to comment
You need to be a member in order to leave a comment
Create an account
Sign up for a new account in our community. It's easy!
Register a new accountSign in
Already have an account? Sign in here.
Sign In Now