Jump to content
Tuts 4 You
  • 0
zodiac

DotNetPatcher 4.5

Question

zodiac

Difficulty : 5
Language :  .NET C#
Platform : Windows .x32/x64
OS Version : All Windows
Packer / Protector : DotNetPatcher 4.5.9 (last Version)

Description :

max Protaction.  note Method and tutorial how to unpack it.

The file should be runnable after unpacking it

Screenshot :

HDsjoXn.jpg

unpackme.zip

Share this post


Link to post
Share on other sites

6 answers to this question

Recommended Posts

  • 1
XenocodeRCE
18 hours ago, Ahmad_k said:

There is no need to unpack.

Untitled.png

its in the "unpackme" section of the forum, so the goal is to unpack it, not to dump correct string from memory ;) 

 

  • Like 2

Share this post


Link to post
Share on other sites
  • 1
Ahmad_k

The new ControlFlow in DNP is not hard to defeat, actually after reading the source code i was able to remove Cflow partially (some error still exist in the tool and need to be fixed). Here is the file unpacked and cflow removed. still not runnable because of error

also you can find in the attachment the source code of my cflow removal, just adding to @XenocodeRCE tool and use it. If anyone can contribute and find what did i miss it will be great. i don't know why it fails in some methods and not fixing them correctly.

And finally i did post my answer above like this because the point from obfuscation is to make your code more complex when debugging. 

unpacked_noCflow.zip

CFlow.zip

  • Like 1

Share this post


Link to post
Share on other sites
  • 0
zodiac
On 9/13/2018 at 5:26 AM, XenocodeRCE said:

its in the "unpackme" section of the forum, so the goal is to unpack it, not to dump correct string from memory ;) 

 

thanks XenocodeRCEI mean, it's unpacking exe file, not finding a string. It is clear that the string is compared in memory and by the method.

XenocodeRCE  I downloaded your tools in the github, but works for lower versions of Dont net Patch. This version of the app is strong. 🙂 Please introduce a new method for unpack.
 

Share this post


Link to post
Share on other sites
  • 0
zodiac
15 hours ago, Ahmad_k said:

The new ControlFlow in DNP is not hard to defeat, actually after reading the source code i was able to remove Cflow partially (some error still exist in the tool and need to be fixed). Here is the file unpacked and cflow removed. still not runnable because of error

also you can find in the attachment the source code of my cflow removal, just adding to @XenocodeRCE tool and use it. If anyone can contribute and find what did i miss it will be great. i don't know why it fails in some methods and not fixing them correctly.

And finally i did post my answer above like this because the point from obfuscation is to make your code more complex when debugging. 

unpacked_noCflow.zip

CFlow.zip

thanks but is not full unpak. anti tamper. anti dumper and etc how to remove. new dnp strange.

Share this post


Link to post
Share on other sites
  • 0
Ahmad_k

Yes i know it is not fully unpacked. I was just trying to remove cflow for the code to be understandable and almost the same as source code. You can download the source code for DNP and try to reverse it

Edited by Ahmad_k (see edit history)

Share this post


Link to post
Share on other sites
  • -1
Ahmad_k

There is no need to unpack.

Untitled.png

Share this post


Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now

×