Jump to content
Tuts 4 You

ILProtector + Enigma - (Unpack & Get the Password)


zodiac

Recommended Posts

  • 2 months later...
6 hours ago, CodeExplorer said:

After you dump the main exe (.NET) with MegaDumper:

Exception messages:
   Unable to load DLL 'Test32.dll': The specified module could not be found. (Exception from HRESULT: 0x8007007E)

So you got to dump that dll with DllSaver.

Enigma Only unpacked exes:
https://www95.zippyshare.com/v/b0258Ft4/file.html

 

Heres ilprotected file cleaned

Test_protected_bodyRestored.exe

Link to post
  • 1 month later...
BlackHat
15 hours ago, wwh1004 said:

1. dump ilprotector native runtime

 you can inject a dll to call OpenFileDialog and dump

2. decrypt method body

fix ILProtectorUnpacker's hook, then it works

 

Test.ip.exe.7z 6.04 kB · 2 downloads

Dumping of ILProtector Native -- Done
inject a DLL - Which DLL and Where and How ? 
Fix IL Protector HOOK - Any info about it Brother ???

Link to post
20 hours ago, Black Hat Anonymous said:

Dumping of ILProtector Native -- Done
inject a DLL - Which DLL and Where and How ? 
Fix IL Protector HOOK - Any info about it Brother ???

Snipaste_2019-06-24_23-32-22.png.2d34ca6156982395c682a7ba7ec20986.png

Code like this. You can copy dlls in OpenFileDialog. If you can't copy dlls (maybe anti dump?), you can use the code like "File.WriteAllBytes(@"I:\Downloads\Yes.dll2", File.ReadAllBytes(@"I:\Downloads\Yes.dll"));".

ILProtector detects the first few bytes of the compiled machine code. You can fake it.

  • Thanks 1
Link to post
GautamGreat

1. Dumped native dll from Enigma's Virtual Box.

2. Break at OEP of Enigma, and dump binary with Mega Dumper.

3. Put Dumped files in one folder and the unpack with @CodeExplorer's Tool

Here is my unpacked file.

 

unpacked.rar

  • Like 1
Link to post
  • 1 month later...
On 5/15/2019 at 4:47 PM, CodeExplorer said:

After you dump the main exe (.NET) with MegaDumper:

Exception messages:
   Unable to load DLL 'Test32.dll': The specified module could not be found. (Exception from HRESULT: 0x8007007E)

So you got to dump that dll with DllSaver.

Enigma Only unpacked exes:
https://www95.zippyshare.com/v/b0258Ft4/file.html

 

Which options did you use to get the file?
I tried but the file is not correct

Link to post
  • 5 months later...

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
×
×
  • Create New...