whoknows Posted May 30, 2019 Posted May 30, 2019 (edited) Language : C# frm4 Platform : Windows x86 OS Version : Windows 7+ Packer / Protector : Eazfuscator.NET 2019.1 w/ Virtualization + the new Homomorphic encryption Description : Find the way & explain how ggggg.rar -------- update :: 07/06/2019 I got a PM by @cawk, he successfully unpacked it + deobed..... - success 10/10 -- Eazfuscator.NET v2020.3 Language : C# frm4 Platform : Windows x86 OS Version : Windows 7+ Packer / Protector : Eazfuscator.NET v2020.3 w/ Virtualization https://www36.zippyshare.com/v/L51Y2Jfr/file.html upload not working so posted here till fixed! Edited October 14, 2020 by whoknows
HooK Posted August 24, 2019 Posted August 24, 2019 Yes, can we please have some info about how it was unpacked / cleaned? What tools & techniques were used? etc... Thanks! -HooK
Zyhes Posted August 27, 2019 Posted August 27, 2019 As far as I know cawk has his own eazfuscator devirtualizator.
reverseme Posted January 4, 2020 Posted January 4, 2020 I am still trying to devirtualize it. There is no tutorial for eazfuscator and i am not an experienced re. So no luck yet!
tungtruong20xx Posted September 4, 2020 Posted September 4, 2020 can u help me the solution unpack this soft
KanohAgito Posted March 12, 2021 Posted March 12, 2021 I think it's impossible to unpack even they added 2020.4 and make it more complicated
Salin Posted March 19, 2021 Posted March 19, 2021 (edited) I've read the protector developer's technical blog and I have something to make sure. as you know the code is protected with homomorphic encryption(HE) they call their protection model CiO model. all constants in program related states is executed while keeping encrypted so if program path completely depends on constants, it is almost impossible to achive. (....?) I mean the problem is whether this challenge needs information that only developer knows. Edited March 19, 2021 by Salin fix
whoknows Posted March 19, 2021 Author Posted March 19, 2021 @Salin the Eazfuscator.NET 2019.1 w/ Virtualization + the new Homomorphic encryption is cracked.
Salin Posted March 20, 2021 Posted March 20, 2021 @whoknows yes. I know the person cracked it. I just want to know what the person achieved specifically. Did the person get correct key?
whoknows Posted March 20, 2021 Author Posted March 20, 2021 @salin as written @ #1, I received a naked .net as the original I have here.. so yes, if he wanted could kg it.
g2zer0 Posted May 4, 2021 Posted May 4, 2021 how can i determine the version of Eazfuscator which has been used to obfuscate a program?
Solution BlackHat Posted August 19, 2022 Solution Posted August 19, 2022 (edited) (CLQ) ggggg_unp.exe Edited August 19, 2022 by BlackHat 2 1
sych Posted March 14, 2023 Posted March 14, 2023 (edited) Can anyone share the steps to deobfuscate this protector? I don't know where to start, but it's very interesting. Edited March 14, 2023 by sych typos
jackyjask Posted March 14, 2023 Posted March 14, 2023 Try to explore some public tools on GH, eg: https://github.com/topics/eazfuscator
Recommended Posts
Create an account or sign in to comment
You need to be a member in order to leave a comment
Create an account
Sign up for a new account in our community. It's easy!
Register a new accountSign in
Already have an account? Sign in here.
Sign In Now