Jump to content
Tuts 4 You
  • 0
Sign in to follow this  
NightBaron

.NET CrackMe

Question

NightBaron

Language : .NET
Platform : Windows
OS Version : All Windows (.NET Framework 4.6 or higher)
Packer / Protector : The4Got10's Protector (Modded ConfuserEx) with VM and Native Shield

Description : 

Crack (I don't care if this file is fully unpacked or not) this application and make a short tutorial for it.

I want to know my app are strong or weak.

Thank!

Screenshot :

spacer.png

Protected.7z

if  cant start this app try 2nd file

Protected2nd.7z

 

Share this post


Link to post

5 answers to this question

Recommended Posts

  • 0
NeoNCoding

image.png.9b8034c6ca7ab7f83aac99718cde65b0.png

Share this post


Link to post
  • 0
NightBaron
Posted (edited)
44 minutes ago, NeoNCoding said:

image.png.9b8034c6ca7ab7f83aac99718cde65b0.png

i test on 3 different pc, this app working
did u extract file ? if not pls
extract file then start program
if still error try this i change something.
 

Protected.7z

Edited by NightBaron
add new file (see edit history)

Share this post


Link to post
  • 0
XenocodeRCE

you can dump using megadumper, if you suspend process to prevent anti dbg from running.

result is : ConsoleApp1.exe 1.248 mb 

 

little xor on confuserexstring decryptor method  (it stupid only 1 param out of 3 are usefull) :

 eGUSUsd.png

 

you need to patch a call method at EP (call to native dll) and you can debug and dump correct strings from memory, because it changes every time (not sure but i would say im 60% right)

 

Share this post


Link to post
  • 0
NightBaron
5 hours ago, XenocodeRCE said:

you can dump using megadumper, if you suspend process to prevent anti dbg from running.

result is : ConsoleApp1.exe 1.248 mb 

 

little xor on confuserexstring decryptor method  (it stupid only 1 param out of 3 are usefull) :

 eGUSUsd.png

 

you need to patch a call method at EP (call to native dll) and you can debug and dump correct strings from memory, because it changes every time (not sure but i would say im 60% right)

 

nice to see you here XenocodeRCE

nice trick for dump .net module (it work, Thank)
and i use code virtualization on key check algorithms, maybe debugging is an extremely hard task 

i'm waiting for someone's can get correct key or crack this app for accept every key :)

  • Like 1

Share this post


Link to post
  • 0
MulaB
Posted (edited)

Nice crackme you got here. To begin with I tried cleaning the code as much as possible but it still is very messy, so my approach was simply debugging the file and stepping trough the code. I made some small changes and now it returns something what seems like the actual "key".

gTpcACH.png

Result.rar

Edited by MulaB
Forgot to add the file. (see edit history)

Share this post


Link to post

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
Sign in to follow this  
×
×
  • Create New...