Jump to content
Tuts 4 You

DotNetPatcher 4.5

zodiac

By zodiac
in UnPackMe (.NET)

 Share

Recommended Posts

zodiac

zodiac

Posted
Posted

Difficulty : 5
Language :  .NET C#
Platform : Windows .x32/x64
OS Version : All Windows
Packer / Protector : DotNetPatcher 4.5.9 (last Version)

Description :

max Protaction.  note Method and tutorial how to unpack it.

The file should be runnable after unpacking it

Screenshot :

HDsjoXn.jpg

unpackme.zip

Link to comment
Share on other sites
XenocodeRCE

XenocodeRCE

Posted
Posted
18 hours ago, Ahmad_k said:

There is no need to unpack.

Untitled.png

its in the "unpackme" section of the forum, so the goal is to unpack it, not to dump correct string from memory ;) 

 

  • Like 2
Link to comment
Share on other sites
zodiac

zodiac

Posted
  • Author
Posted
On 9/13/2018 at 5:26 AM, XenocodeRCE said:

its in the "unpackme" section of the forum, so the goal is to unpack it, not to dump correct string from memory ;) 

 

thanks XenocodeRCEI mean, it's unpacking exe file, not finding a string. It is clear that the string is compared in memory and by the method.

XenocodeRCE  I downloaded your tools in the github, but works for lower versions of Dont net Patch. This version of the app is strong. 🙂 Please introduce a new method for unpack.
 

Link to comment
Share on other sites
Ahmad_k

Ahmad_k

Posted
Posted

The new ControlFlow in DNP is not hard to defeat, actually after reading the source code i was able to remove Cflow partially (some error still exist in the tool and need to be fixed). Here is the file unpacked and cflow removed. still not runnable because of error

also you can find in the attachment the source code of my cflow removal, just adding to @XenocodeRCE tool and use it. If anyone can contribute and find what did i miss it will be great. i don't know why it fails in some methods and not fixing them correctly.

And finally i did post my answer above like this because the point from obfuscation is to make your code more complex when debugging. 

unpacked_noCflow.zip

CFlow.zip

  • Like 1
Link to comment
Share on other sites
zodiac

zodiac

Posted
  • Author
Posted
15 hours ago, Ahmad_k said:

The new ControlFlow in DNP is not hard to defeat, actually after reading the source code i was able to remove Cflow partially (some error still exist in the tool and need to be fixed). Here is the file unpacked and cflow removed. still not runnable because of error

also you can find in the attachment the source code of my cflow removal, just adding to @XenocodeRCE tool and use it. If anyone can contribute and find what did i miss it will be great. i don't know why it fails in some methods and not fixing them correctly.

And finally i did post my answer above like this because the point from obfuscation is to make your code more complex when debugging. 

unpacked_noCflow.zip

CFlow.zip

thanks but is not full unpak. anti tamper. anti dumper and etc how to remove. new dnp strange.

Link to comment
Share on other sites
Ahmad_k

Ahmad_k

Posted
Posted (edited)

Yes i know it is not fully unpacked. I was just trying to remove cflow for the code to be understandable and almost the same as source code. You can download the source code for DNP and try to reverse it

Edited by Ahmad_k
Link to comment
Share on other sites
  • 1 month later...
  • 4 years later...

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
 Share
Go to topic listing
×
×
  • Create New...