Jump to content
View in the app

A better way to browse. Learn more.

Tuts 4 You

A full-screen app on your home screen with push notifications, badges and more.

To install this app on iOS and iPadOS
  1. Tap the Share icon in Safari
  2. Scroll the menu and tap Add to Home Screen.
  3. Tap Add in the top-right corner.
To install this app on Android
  1. Tap the 3-dot menu (⋮) in the top-right corner of the browser.
  2. Tap Add to Home screen or Install app.
  3. Confirm by tapping Install.

Black Hat Lucifer (Anti Dump + IL Protection + Enigma Protector)

Featured Replies

Posted

Language : .NET
Platform : Windows x32/x64
OS Version : All
Packer / Protector : Anti Dump + IL Protection + Enigma Protector 3.50

Description :

You need to unpack and change the Text. "Tuts4you Special Unpack Edition"

Screenshot :

Capture.PNG.74fd0382a34f52ed92fd01da919d46b8.PNG

 

UnpackMe by Lucifer.exe

Before this is approved please edit your topic so it follows the correct posting format...

Ted.

  • Author
2 hours ago, Teddy Rogers said:

Before this is approved please edit your topic so it follows the correct posting format...

Ted.

I edited it according to rules :)

Run the target first with NETBox so won't kill .NET PE.
Dump with MegaDumper.

In dumped exe change Image Base to 400000
Fix relocation with Universal Fixer

Native DLL UnpackMePlease.dll missing:
DllSaver break if module contains UnpackMePlease

Unpacked exes:
https://www112.zippyshare.com/v/26CxsdFV/file.html

 

  • Author
On 5/8/2019 at 10:23 PM, #Sith said:

How did you change the text without actually unpacking it ??? any guide or anything ?? 

Please 

  • Author
2 hours ago, CodeExplorer said:

Run the target first with NETBox so won't kill .NET PE.
Dump with MegaDumper.

In dumped exe change Image Base to 400000
Fix relocation with Universal Fixer

Native DLL UnpackMePlease.dll missing:
DllSaver break if module contains UnpackMePlease

Unpacked exes:
https://www112.zippyshare.com/v/26CxsdFV/file.html

 

Running Perfect bro !! as its .net we can bypass anti dump with put bp on _corexmain using x64dbg or using enigma unpacker script by giv.. but what method you told is not clear .. and after it as i dump the exe with megadumper ... only one dll comes not both..
as its ilprotected and dll name -- unpackmeplease.dll and yes.dll i loaded in enigma so at dumping only one dll came out not the second one.

How you manage to get both of the dll bro ?
and after that as we have both dll of ilprotection with exe then how you bypassed the ilprotection latest ? any video will be appreciated awesome. 
or any text guide will also be ok.... thank you so much.. by the way nice work !!

Run original exe with NETBox 4.0 forget to specify version 4.0:
https://forum.tuts4you.com/topic/39321-netbox/
Dump .NET exe main module with MegaDumper:
https://forum.tuts4you.com/topic/24087-dotnet-dumper-10/page/3/?tab=comments#comment-177260

Quote

Native DLL UnpackMePlease.dll missing:
DllSaver break if module contains UnpackMePlease

You should load original exe with dllsaver:
https://forum.tuts4you.com/topic/39871-dllsaver/

As for ILProtector unpacking I've used a private tool I won't share!
 

3 hours ago, Black Hat Anonymous said:

How did you change the text without actually unpacking it ??? any guide or anything ?? 

Please 

To get unpackmeplease.dll and yes.dll i've just use WinAPI CopyFileA in target process, and after i use standard method to set new Content in component after initialization.

  • Author
On 5/15/2019 at 10:33 PM, #Sith said:

To get unpackmeplease.dll and yes.dll i've just use WinAPI CopyFileA in target process, and after i use standard method to set new Content in component after initialization.

Thanks You Brother.  but i m geeting always unpackmeplease.dll only .... im not able to get yes.dll any tutorial or instruction will be much appreciated... visual like image/video will be definitely --- GOLD 
Instruction will still be perfect .... 

  • 4 years later...
On 5/15/2019 at 4:27 PM, CodeExplorer said:

Run original exe with NETBox 4.0 forget to specify version 4.0:
https://forum.tuts4you.com/topic/39321-netbox/
Dump .NET exe main module with MegaDumper:
https://forum.tuts4you.com/topic/24087-dotnet-dumper-10/page/3/?tab=comments#comment-177260

You should load original exe with dllsaver:
https://forum.tuts4you.com/topic/39871-dllsaver/

As for ILProtector unpacking I've used a private tool I won't share!
 

Hello why change image base to that specific value? Sorry for the newbie question.

Create an account or sign in to comment

Configure browser push notifications

Chrome (Android)
  1. Tap the lock icon next to the address bar.
  2. Tap Permissions → Notifications.
  3. Adjust your preference.
Chrome (Desktop)
  1. Click the padlock icon in the address bar.
  2. Select Site settings.
  3. Find Notifications and adjust your preference.