Jump to content
View in the app

A better way to browse. Learn more.

Tuts 4 You

A full-screen app on your home screen with push notifications, badges and more.

To install this app on iOS and iPadOS
  1. Tap the Share icon in Safari
  2. Scroll the menu and tap Add to Home Screen.
  3. Tap Add in the top-right corner.
To install this app on Android
  1. Tap the 3-dot menu (⋮) in the top-right corner of the browser.
  2. Tap Add to Home screen or Install app.
  3. Confirm by tapping Install.

Featured Replies

Posted

Language : . NET
Platform : Windows
OS Version : Windows 7/Windows 8/Windows 10
Packer / Protector : ILProtector + Enigma

Description :

Unpack the file and get the password.

Screenshot : 

Capture.JPG.6a1a816aad03ee7037107021258372a6.JPG

Test_protected.rar

Password: 1596357

 

Test_unpacked.exe

Edited by #Sith

File does not seem to be runnable on my VM - please fix this before I can continue.

  • 2 months later...

After you dump the main exe (.NET) with MegaDumper:

Exception messages:
   Unable to load DLL 'Test32.dll': The specified module could not be found. (Exception from HRESULT: 0x8007007E)

So you got to dump that dll with DllSaver.

Enigma Only unpacked exes:
https://www95.zippyshare.com/v/b0258Ft4/file.html

 

6 hours ago, CodeExplorer said:

After you dump the main exe (.NET) with MegaDumper:

Exception messages:
   Unable to load DLL 'Test32.dll': The specified module could not be found. (Exception from HRESULT: 0x8007007E)

So you got to dump that dll with DllSaver.

Enigma Only unpacked exes:
https://www95.zippyshare.com/v/b0258Ft4/file.html

 

Heres ilprotected file cleaned

Test_protected_bodyRestored.exe

  • 1 month later...

1. dump ilprotector native runtime

 you can inject a dll to call OpenFileDialog and dump

2. decrypt method body

fix ILProtectorUnpacker's hook, then it works

 

Test.ip.exe.7z

Edited by wwh1004

@CodeExplorer

Could you please leave the DllSaver download please? Thanks!


 

 

 

 
 
 
 

Edited by Asura

4 hours ago, Asura said:

Could you please leave the DllSaver download please? Thanks!

Strange here attachments downloads works ok.
Here is external download link:
https://www3.zippyshare.com/v/fDchNW5P/file.html




Thanks!! @CodeExplorer
 

 
 

Edited by Asura

15 hours ago, wwh1004 said:

1. dump ilprotector native runtime

 you can inject a dll to call OpenFileDialog and dump

2. decrypt method body

fix ILProtectorUnpacker's hook, then it works

 

Test.ip.exe.7z 6.04 kB · 2 downloads

Dumping of ILProtector Native -- Done
inject a DLL - Which DLL and Where and How ? 
Fix IL Protector HOOK - Any info about it Brother ???

20 hours ago, Black Hat Anonymous said:

Dumping of ILProtector Native -- Done
inject a DLL - Which DLL and Where and How ? 
Fix IL Protector HOOK - Any info about it Brother ???

Snipaste_2019-06-24_23-32-22.png.2d34ca6156982395c682a7ba7ec20986.png

Code like this. You can copy dlls in OpenFileDialog. If you can't copy dlls (maybe anti dump?), you can use the code like "File.WriteAllBytes(@"I:\Downloads\Yes.dll2", File.ReadAllBytes(@"I:\Downloads\Yes.dll"));".

ILProtector detects the first few bytes of the compiled machine code. You can fake it.

1. Dumped native dll from Enigma's Virtual Box.

2. Break at OEP of Enigma, and dump binary with Mega Dumper.

3. Put Dumped files in one folder and the unpack with @CodeExplorer's Tool

Here is my unpacked file.

 

unpacked.rar

  • 1 month later...
  • Author
On 5/15/2019 at 4:47 PM, CodeExplorer said:

After you dump the main exe (.NET) with MegaDumper:

Exception messages:
   Unable to load DLL 'Test32.dll': The specified module could not be found. (Exception from HRESULT: 0x8007007E)

So you got to dump that dll with DllSaver.

Enigma Only unpacked exes:
https://www95.zippyshare.com/v/b0258Ft4/file.html

 

Which options did you use to get the file?
I tried but the file is not correct

  • 5 months later...
  • Author
On 6/25/2019 at 1:16 PM, GautamGreat said:

1. Dumped native dll from Enigma's Virtual Box.

2. Break at OEP of Enigma, and dump binary with Mega Dumper.

3. Put Dumped files in one folder and the unpack with @CodeExplorer's Tool

Here is my unpacked file.

 

unpacked.rar 531.45 kB · 30 downloads

how to do Break at OEP of Enigma, and dump binary with Mega Dumper?

Create an account or sign in to comment

Configure browser push notifications

Chrome (Android)
  1. Tap the lock icon next to the address bar.
  2. Tap Permissions → Notifications.
  3. Adjust your preference.
Chrome (Desktop)
  1. Click the padlock icon in the address bar.
  2. Select Site settings.
  3. Find Notifications and adjust your preference.