Posted May 3, 20196 yr Language : . NET Platform : Windows OS Version : Windows 7 Packer / Protector : ArmDot Description : Devirtulize the Armdot virtualized code (I used virtualized option + encrypted strings). Screenshot : UnpackMe.protected.exe
May 5, 20196 yr Here is the code without strings decrypted more to show that i havent just remade the method from scratch but have actually devirtualised the file obfuscator is not that good in all honesty once you get your head around everything in one method its just like any other vm private void button1_Click(object sender, EventArgs e) { int num = 0; if (num != 0) { object obj; char[] value = obj = new char[16]; obj[0] = (2049885642 ^ 2049885579); obj[1] = (721969625 ^ 721969580); obj[2] = (1722827470 ^ 1722827450); obj[3] = (675984423 ^ 675984463); obj[4] = (1647779473 ^ 1647779505); obj[5] = (1793770717 ^ 1793770638); obj[6] = (640259843 ^ 640259958); obj[7] = (959731082 ^ 959731177); obj[8] = (1744869780 ^ 1744869879); obj[9] = (237600744 ^ 237600653); obj[10] = (492056264 ^ 492056251); obj[11] = (327956409 ^ 327956426); obj[12] = (688741927 ^ 688741953); obj[13] = (658212064 ^ 658211989); obj[14] = (454212694 ^ 454212666); obj[15] = (28756323 ^ 28756290); MessageBox.Show(new string(value)); } else { object obj; char[] value2 = obj = new char[10]; obj[0] = (1435200779 ^ 1435200842); obj[1] = (853162666 ^ 853162719); obj[2] = (2119875586 ^ 2119875702); obj[3] = (712244489 ^ 712244577); obj[4] = (1541140050 ^ 1541140082); obj[5] = (2107783153 ^ 2107783095); obj[6] = (1703953462 ^ 1703953495); obj[7] = (1864360465 ^ 1864360568); obj[8] = (2035746888 ^ 2035746852); obj[9] = (620298057 ^ 620298088); MessageBox.Show(new string(value2)); } }
May 6, 20196 yr Solution And here is the fully deobfuscated file with strings decrypted i havent ran through de4dot since this will simplify your button click method to one messagebox.show Unpacked.exe
Create an account or sign in to comment