Jump to content
Tuts 4 You
  • 0
Sign in to follow this  
Black Hat Anonymous

Black Hat Lucifer (Anti Dump + IL Protection + Enigma Protector)

Question

Black Hat Anonymous

Language : .NET
Platform : Windows x32/x64
OS Version : All
Packer / Protector : Anti Dump + IL Protection + Enigma Protector 3.50

Description :

You need to unpack and change the Text. "Tuts4you Special Unpack Edition"

Screenshot :

Capture.PNG.74fd0382a34f52ed92fd01da919d46b8.PNG

 

UnpackMe by Lucifer.exe

Share this post


Link to post

9 answers to this question

Recommended Posts

  • 1
CodeExplorer

Run the target first with NETBox so won't kill .NET PE.
Dump with MegaDumper.

In dumped exe change Image Base to 400000
Fix relocation with Universal Fixer

Native DLL UnpackMePlease.dll missing:
DllSaver break if module contains UnpackMePlease

Unpacked exes:
https://www112.zippyshare.com/v/26CxsdFV/file.html

 

  • Like 2
  • Confused 1

Share this post


Link to post
  • 1
CodeExplorer

Run original exe with NETBox 4.0 forget to specify version 4.0:
https://forum.tuts4you.com/topic/39321-netbox/
Dump .NET exe main module with MegaDumper:
https://forum.tuts4you.com/topic/24087-dotnet-dumper-10/page/3/?tab=comments#comment-177260

Quote

Native DLL UnpackMePlease.dll missing:
DllSaver break if module contains UnpackMePlease

You should load original exe with dllsaver:
https://forum.tuts4you.com/topic/39871-dllsaver/

As for ILProtector unpacking I've used a private tool I won't share!
 

  • Thanks 1

Share this post


Link to post
  • 0
Teddy Rogers

Before this is approved please edit your topic so it follows the correct posting format...

Ted.

Share this post


Link to post
  • 0
Black Hat Anonymous
2 hours ago, Teddy Rogers said:

Before this is approved please edit your topic so it follows the correct posting format...

Ted.

I edited it according to rules :)

Share this post


Link to post
  • 0
Black Hat Anonymous
On 5/8/2019 at 10:23 PM, #Sith said:

How did you change the text without actually unpacking it ??? any guide or anything ?? 

Please 

Share this post


Link to post
  • 0
Black Hat Anonymous
2 hours ago, CodeExplorer said:

Run the target first with NETBox so won't kill .NET PE.
Dump with MegaDumper.

In dumped exe change Image Base to 400000
Fix relocation with Universal Fixer

Native DLL UnpackMePlease.dll missing:
DllSaver break if module contains UnpackMePlease

Unpacked exes:
https://www112.zippyshare.com/v/26CxsdFV/file.html

 

Running Perfect bro !! as its .net we can bypass anti dump with put bp on _corexmain using x64dbg or using enigma unpacker script by giv.. but what method you told is not clear .. and after it as i dump the exe with megadumper ... only one dll comes not both..
as its ilprotected and dll name -- unpackmeplease.dll and yes.dll i loaded in enigma so at dumping only one dll came out not the second one.

How you manage to get both of the dll bro ?
and after that as we have both dll of ilprotection with exe then how you bypassed the ilprotection latest ? any video will be appreciated awesome. 
or any text guide will also be ok.... thank you so much.. by the way nice work !!

Share this post


Link to post
  • 0
#Sith
3 hours ago, Black Hat Anonymous said:

How did you change the text without actually unpacking it ??? any guide or anything ?? 

Please 

To get unpackmeplease.dll and yes.dll i've just use WinAPI CopyFileA in target process, and after i use standard method to set new Content in component after initialization.

  • Thanks 1

Share this post


Link to post
  • 0
Black Hat Anonymous
On 5/15/2019 at 10:33 PM, #Sith said:

To get unpackmeplease.dll and yes.dll i've just use WinAPI CopyFileA in target process, and after i use standard method to set new Content in component after initialization.

Thanks You Brother.  but i m geeting always unpackmeplease.dll only .... im not able to get yes.dll any tutorial or instruction will be much appreciated... visual like image/video will be definitely --- GOLD 
Instruction will still be perfect .... 

Share this post


Link to post

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
Sign in to follow this  
×
×
  • Create New...