Posted October 16, 20195 yr Language : (C# .Net) Platform : (Windows x32/x64) OS Version : (All) Packer / Protector : (NetGuard.io) Description : Hi everyone, hope one of you friends can finally full unpack netguard and teach us how to unpack this crap protector Screenshot : UnpackMe_protected.exe Edited October 16, 20195 yr by </DarkCod3r> (IRAN)
October 16, 20195 yr Your topic has not been approved. You did not follow the correct posting format and/or provided enough information regarding the challenge. Quote Language : (Assembler, C++, Java, .NET, Python, Borland, PureBasic, etc.) Platform : (Windows, Linux, Android, MacOS, DOS, etc. + architecture eg. x32/x64) OS Version : (All, Windows 7, Ubuntu 15.10, OS X v10.11, etc.) Packer / Protector : (None, ASProtect 1.73, Confuser 1.9, Enigma 4.40, UPX 3.91, etc.) Description : Description of the challenge and any other related information, this must be presented clearly and legibly. Your challenge will not be approved if this is presented poorly. Screenshot : All challenges must include a screenshot. The challenge must be attached directly to the topic and not linked to an external host. You have 48 hours to correct your topic before it will be moved to the Trashcan. For further details regarding the formatting of the topic please refer to the topic in the below link... [This is an automated reply]
October 16, 20195 yr Author 13 minutes ago, Teddy Rogers said: Your topic has not been approved. You did not follow the correct posting format and/or provided enough information regarding the challenge. You have 48 hours to correct your topic before it will be moved to the Trashcan. For further details regarding the formatting of the topic please refer to the topic in the below link... [This is an automated reply] done edited
October 17, 20195 yr Ne aptal adamlarsnz aq.netguard.io büyük projeler ve hepsinin aynı anda stabil çalışması için hafif yapılmıştır bunu anlamıyan gay dır.
October 17, 20195 yr Author 2 hours ago, mamo434376 said: Ne aptal adamlarsnz aq.netguard.io büyük projeler ve hepsinin aynı anda stabil çalışması için hafif yapılmıştır bunu anlamıyan gay dır. Hi my friend, i guess you trying to say netguard cannot be unpacked but you are wrong because there are some of my friends who can easily full unpack netguard.io in few minute Like Rextor [IP-REC] & SychicBoy & etc... So we are here to learn how to do it
October 17, 20195 yr 7 hours ago, </DarkCod3r> (IRAN) said: Hi my friend, i guess you trying to say netguard cannot be unpacked but you are wrong because there are some of my friends who can easily full unpack netguard.io in few minute Like Rextor [IP-REC] & SychicBoy & etc... So we are here to learn how to do it I SAY THAT NETGUARD IS NORMAL FOR GREAT PROJECTS cahil aq
October 17, 20195 yr Spoiler Key : Lol **&^$%#$^#$#^%&% Fu4cO0 Well, I'm not that good to fully unpack NetGuard but I know how to dump the key in the memory (process hacker btw)😜
October 21, 20195 yr for get key there no needed to unpack or use any third softs ! just put to dnspy and you will see it self , all string are not ecrypted !
October 23, 20195 yr That was a pretty good challenge This is the cleanest output i could get, controlflow is still left but im totally uncapable of doing the cflow Small tutorial: First thing when opening the file in dnlib, you can see that it uses a VM, there are weird delegates that get initialized on the cctor, with calculations, aiming to make it harder to decrypt them. While debugging, the first call seemed to have a native anti-debug (which i could not figure out) so i simply nopped the native dll call inside the first call. That made a function inside the assembly not work but ill have a fix for that later on. Figured out that i could just Invoke the .cctor and then get the values of the fields, so thats exactly what i did. (similar to this) https://github.com/TobitoFatitoNulled/ArchangelUnCloaker/blob/master/ArchangelUnCloaker/Program.cs#L43 Now after doing that everything else was simple. The method looked like this Cawk's calli for netguard works just fine,you can NOP the vm call, since its useless and finally the method that doesn't work after removing antidebug, for that i simply got to dotnetfiddle and figured out what the integer was for that method (and all methods, it will be 16 on all methods) I'd love to see some use on the VM, since i don't see any right now UnpackMe_protected-Cracked.exe
October 23, 20195 yr 5 minutes ago, TobitoFatito said: This is the cleanest output i could get, controlflow is still left but im totally uncap Nice ! Congratulation ; as far as I am aware, the VM call might not looks usefull in dnspy because of CFLOW, but it's supposed to get called because the VM handlers are in a sattelite assembly Thank you for the cctor invoke trick, I wasn't aware yet
October 25, 20195 yr Author On 10/23/2019 at 10:39 PM, TobitoFatito said: That was a pretty good challenge This is the cleanest output i could get, controlflow is still left but im totally uncapable of doing the cflow Small tutorial: First thing when opening the file in dnlib, you can see that it uses a VM, there are weird delegates that get initialized on the cctor, with calculations, aiming to make it harder to decrypt them. While debugging, the first call seemed to have a native anti-debug (which i could not figure out) so i simply nopped the native dll call inside the first call. That made a function inside the assembly not work but ill have a fix for that later on. Figured out that i could just Invoke the .cctor and then get the values of the fields, so thats exactly what i did. (similar to this) https://github.com/TobitoFatitoNulled/ArchangelUnCloaker/blob/master/ArchangelUnCloaker/Program.cs#L43 Now after doing that everything else was simple. The method looked like this Cawk's calli for netguard works just fine,you can NOP the vm call, since its useless and finally the method that doesn't work after removing antidebug, for that i simply got to dotnetfiddle and figured out what the integer was for that method (and all methods, it will be 16 on all methods) I'd love to see some use on the VM, since i don't see any right now UnpackMe_protected-Cracked.exe 363.5 kB · 5 downloads good job my friend, May i ask you to record a tutorial video of all steps please
October 25, 20195 yr Author On 10/21/2019 at 10:01 PM, xxx22xxx said: for get key there no needed to unpack or use any third softs ! just put to dnspy and you will see it self , all string are not ecrypted ! i know the free version not encrypt strings, but this is a unpack challenge not a crack challenge
October 25, 20195 yr 10 hours ago, (IRAN) said: i know the free version not encrypt strings, but this is a unpack challenge not a crack challenge that was not pointed to your reqeust(challenge) it was pointed to @illuZion about to find key ! Edited October 25, 20195 yr by xxx22xxx
Create an account or sign in to comment