Jump to content
Tuts 4 You

AssemblyGuard.io

Guest

By Guest
in UnPackMe (.NET)

 Share

Recommended Posts

Guest

Guest

Posted
Posted

Difficulty : I don't know, but they say 10
Language : C#
Platform : Any Windows
OS Version : All
Packer / Protector : AssemblyGuard.io

Description:

You put the key and it will say "That's really correct!" if the key was correct.

I'd like someone who unpacked it to tell me how he/she did it 😕

NOTE: I want it to be unpacked, I don't want you to use Process Hacker just to get the key of the Unpackme file.

Screenshot:

q2Xs3X.png.f2e97857b61a980ff601d39f53f6dd58.png

Thanks! :)

UnpackMe.exe

Link to comment
Share on other sites
XenocodeRCE

XenocodeRCE

Posted
Posted

10/10 difficulty but that's a free modded ConfuserEx ? I don't understand anything in the scene nowadays .... also there claim to have bytecode encryption, bytecode for .NET ? Doesn't make sense ? 

  • Haha 1
Link to comment
Share on other sites
XenocodeRCE

XenocodeRCE

Posted
Posted

@Rextor No Idea why you negged my answer ? 

 

@OP

  

private void rWxHGbNyRwJQwkKTxvITtNVTObBy(object A_1, EventArgs A_2)
	{
		if (this.fxPPCqxJaEkasrESqMqXrjHHfJCDA.Text == Convert.FromBase64String(Convert.FromBase64String(Convert.FromBase64String(Regex.Unescape("\\u0056\\u0047\\u0031\\u0077\\u0055\\u006d\\u0056\\u0047\\u0062\\u0046\\u0056\\u0054\\u0057\\u0047\\u0078\\u0050\\u0054\\u0057\\u0078\\u0077\\u0063\\u006c\\u0052\\u0074\\u0063\\u0046\\u005a\\u004e\\u0052\\u006d\\u0078\\u0078\\u0059\\u006b\\u0064\\u0077\\u0054\\u0031\\u005a\\u0046\\u0057\\u006e\\u0052\\u0055\\u0061\\u0032\\u0052\\u0047\\u0054\\u0055\\u0055\\u0035\\u0056\\u0057\\u004a\\u0048\\u004d\\u0057\\u0046\\u0069\\u0056\\u0056\\u0056\\u0035\\u0056\\u0032\\u0030\\u0078\\u0054\\u0032\\u004a\\u0057\\u0061\\u0033\\u006c\\u0056\\u0056\\u0044\\u0041\\u0039")))))
		{
			MessageBox.Show("Thats really correct! Please tell me how u did it :(");
		}
		else
		{
			MessageBox.Show("Invalid key, try again!");
		}
	}

 

Use ConfuserEx public deobfuscator tools 

  • Like 2
Link to comment
Share on other sites
  • 3 months later...
CodeExplorer

CodeExplorer

Posted
Posted

Confuser Exceptions Restore - anti-tamper kicked:
https://forum.tuts4you.com/topic/41025-confuser-exceptions-restore-anti-tamper/

Here is source code for getting entry point token plus unpacked exes in progress:
https://www87.zippyshare.com/v/PSpLkONo/file.html

You just have to set number of metadata streams to 5 after fixing extradata/multiple assemblies with ConfuserExFixer.exe

Attached only the cleaned exe!
 

koi-cleaned.zip

  • Like 1
Link to comment
Share on other sites
NichaenMod

NichaenMod

Posted
Posted

1. Runf file with NetBox Dump fast and see the module name Koi
2. Fix the file with universal fixer 
3. Run the dumped and fixed file again in netbox and dump fast , see is tamper removed
4. use universal fixer
5. fix the entry point 
6. Use universal control flow remover 
7. Use proxy call remover v1.2 By The Proxy
8. Remove anti invoke from the constants 
9. use universal constants decryptor
10. Use my ahcii name fixer 
11. use de4dot succes file is full unpacked

;)

 

Simple wayyys best way

UnpackMe_Full-Unpacked.exe

Link to comment
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
 Share
Go to topic listing
×
×
  • Create New...