zodiac 1 Posted February 26, 2019 Share Posted February 26, 2019 Language : . NET Platform : Windows OS Version : Windows 7/Windows 8/Windows 10 Packer / Protector : ILProtector + Enigma Description : Unpack the file and get the password. Screenshot : Test_protected.rar Link to post
#Sith 4 Posted February 26, 2019 Share Posted February 26, 2019 (edited) Password: 1596357 Test_unpacked.exe Edited February 26, 2019 by #Sith (see edit history) Link to post
3dsboy08 37 Posted February 26, 2019 Share Posted February 26, 2019 File does not seem to be runnable on my VM - please fix this before I can continue. Link to post
CodeExplorer 3,515 Posted May 15, 2019 Share Posted May 15, 2019 After you dump the main exe (.NET) with MegaDumper: Exception messages: Unable to load DLL 'Test32.dll': The specified module could not be found. (Exception from HRESULT: 0x8007007E) So you got to dump that dll with DllSaver. Enigma Only unpacked exes: https://www95.zippyshare.com/v/b0258Ft4/file.html 1 Link to post
cawk 219 Posted May 15, 2019 Share Posted May 15, 2019 6 hours ago, CodeExplorer said: After you dump the main exe (.NET) with MegaDumper: Exception messages: Unable to load DLL 'Test32.dll': The specified module could not be found. (Exception from HRESULT: 0x8007007E) So you got to dump that dll with DllSaver. Enigma Only unpacked exes: https://www95.zippyshare.com/v/b0258Ft4/file.html Heres ilprotected file cleaned Test_protected_bodyRestored.exe Link to post
wwh1004 46 Posted June 23, 2019 Share Posted June 23, 2019 (edited) 1. dump ilprotector native runtime you can inject a dll to call OpenFileDialog and dump 2. decrypt method body fix ILProtectorUnpacker's hook, then it works Test.ip.exe.7z Edited June 23, 2019 by wwh1004 (see edit history) 1 Link to post
Asura 0 Posted June 23, 2019 Share Posted June 23, 2019 (edited) @CodeExplorer Could you please leave the DllSaver download please? Thanks! Edited June 23, 2019 by Asura (see edit history) Link to post
CodeExplorer 3,515 Posted June 23, 2019 Share Posted June 23, 2019 4 hours ago, Asura said: Could you please leave the DllSaver download please? Thanks! Strange here attachments downloads works ok. Here is external download link: https://www3.zippyshare.com/v/fDchNW5P/file.html 1 Link to post
Asura 0 Posted June 23, 2019 Share Posted June 23, 2019 (edited) Thanks!! @CodeExplorer Edited June 23, 2019 by Asura (see edit history) Link to post
BlackHat 72 Posted June 23, 2019 Share Posted June 23, 2019 15 hours ago, wwh1004 said: 1. dump ilprotector native runtime you can inject a dll to call OpenFileDialog and dump 2. decrypt method body fix ILProtectorUnpacker's hook, then it works Test.ip.exe.7z 6.04 kB · 2 downloads Dumping of ILProtector Native -- Done inject a DLL - Which DLL and Where and How ? Fix IL Protector HOOK - Any info about it Brother ??? Link to post
wwh1004 46 Posted June 24, 2019 Share Posted June 24, 2019 20 hours ago, Black Hat Anonymous said: Dumping of ILProtector Native -- Done inject a DLL - Which DLL and Where and How ? Fix IL Protector HOOK - Any info about it Brother ??? Code like this. You can copy dlls in OpenFileDialog. If you can't copy dlls (maybe anti dump?), you can use the code like "File.WriteAllBytes(@"I:\Downloads\Yes.dll2", File.ReadAllBytes(@"I:\Downloads\Yes.dll"));". ILProtector detects the first few bytes of the compiled machine code. You can fake it. 1 Link to post
GautamGreat 177 Posted June 25, 2019 Share Posted June 25, 2019 1. Dumped native dll from Enigma's Virtual Box. 2. Break at OEP of Enigma, and dump binary with Mega Dumper. 3. Put Dumped files in one folder and the unpack with @CodeExplorer's Tool Here is my unpacked file. unpacked.rar 1 Link to post
zodiac 1 Posted July 25, 2019 Author Share Posted July 25, 2019 On 5/15/2019 at 4:47 PM, CodeExplorer said: After you dump the main exe (.NET) with MegaDumper: Exception messages: Unable to load DLL 'Test32.dll': The specified module could not be found. (Exception from HRESULT: 0x8007007E) So you got to dump that dll with DllSaver. Enigma Only unpacked exes: https://www95.zippyshare.com/v/b0258Ft4/file.html Which options did you use to get the file? I tried but the file is not correct Link to post
zodiac 1 Posted January 15, 2020 Author Share Posted January 15, 2020 On 6/25/2019 at 1:16 PM, GautamGreat said: 1. Dumped native dll from Enigma's Virtual Box. 2. Break at OEP of Enigma, and dump binary with Mega Dumper. 3. Put Dumped files in one folder and the unpack with @CodeExplorer's Tool Here is my unpacked file. unpacked.rar 531.45 kB · 30 downloads how to do Break at OEP of Enigma, and dump binary with Mega Dumper? 1 Link to post
Recommended Posts
Create an account or sign in to comment
You need to be a member in order to leave a comment
Create an account
Sign up for a new account in our community. It's easy!
Register a new accountSign in
Already have an account? Sign in here.
Sign In Now