Fr4x Posted October 16, 2019 Posted October 16, 2019 (edited) Language : (C# .Net) Platform : (Windows x32/x64) OS Version : (All) Packer / Protector : (NetGuard.io) Description : Hi everyone, hope one of you friends can finally full unpack netguard and teach us how to unpack this crap protector Screenshot : UnpackMe_protected.exe Edited October 16, 2019 by </DarkCod3r> (IRAN) 1
Teddy Rogers Posted October 16, 2019 Posted October 16, 2019 Your topic has not been approved. You did not follow the correct posting format and/or provided enough information regarding the challenge. Quote Language : (Assembler, C++, Java, .NET, Python, Borland, PureBasic, etc.) Platform : (Windows, Linux, Android, MacOS, DOS, etc. + architecture eg. x32/x64) OS Version : (All, Windows 7, Ubuntu 15.10, OS X v10.11, etc.) Packer / Protector : (None, ASProtect 1.73, Confuser 1.9, Enigma 4.40, UPX 3.91, etc.) Description : Description of the challenge and any other related information, this must be presented clearly and legibly. Your challenge will not be approved if this is presented poorly. Screenshot : All challenges must include a screenshot. The challenge must be attached directly to the topic and not linked to an external host. You have 48 hours to correct your topic before it will be moved to the Trashcan. For further details regarding the formatting of the topic please refer to the topic in the below link... [This is an automated reply]
Fr4x Posted October 16, 2019 Author Posted October 16, 2019 13 minutes ago, Teddy Rogers said: Your topic has not been approved. You did not follow the correct posting format and/or provided enough information regarding the challenge. You have 48 hours to correct your topic before it will be moved to the Trashcan. For further details regarding the formatting of the topic please refer to the topic in the below link... [This is an automated reply] done edited
localhost0 Posted October 17, 2019 Posted October 17, 2019 Ne aptal adamlarsnz aq.netguard.io büyük projeler ve hepsinin aynı anda stabil çalışması için hafif yapılmıştır bunu anlamıyan gay dır.
Fr4x Posted October 17, 2019 Author Posted October 17, 2019 2 hours ago, mamo434376 said: Ne aptal adamlarsnz aq.netguard.io büyük projeler ve hepsinin aynı anda stabil çalışması için hafif yapılmıştır bunu anlamıyan gay dır. Hi my friend, i guess you trying to say netguard cannot be unpacked but you are wrong because there are some of my friends who can easily full unpack netguard.io in few minute Like Rextor [IP-REC] & SychicBoy & etc... So we are here to learn how to do it
localhost0 Posted October 17, 2019 Posted October 17, 2019 7 hours ago, </DarkCod3r> (IRAN) said: Hi my friend, i guess you trying to say netguard cannot be unpacked but you are wrong because there are some of my friends who can easily full unpack netguard.io in few minute Like Rextor [IP-REC] & SychicBoy & etc... So we are here to learn how to do it I SAY THAT NETGUARD IS NORMAL FOR GREAT PROJECTS cahil aq
illuZion Posted October 17, 2019 Posted October 17, 2019 Spoiler Key : Lol **&^$%#$^#$#^%&% Fu4cO0 Well, I'm not that good to fully unpack NetGuard but I know how to dump the key in the memory (process hacker btw)😜
xxx22xxx Posted October 21, 2019 Posted October 21, 2019 for get key there no needed to unpack or use any third softs ! just put to dnspy and you will see it self , all string are not ecrypted !
TobitoFatito Posted October 23, 2019 Posted October 23, 2019 That was a pretty good challenge This is the cleanest output i could get, controlflow is still left but im totally uncapable of doing the cflow Small tutorial: First thing when opening the file in dnlib, you can see that it uses a VM, there are weird delegates that get initialized on the cctor, with calculations, aiming to make it harder to decrypt them. While debugging, the first call seemed to have a native anti-debug (which i could not figure out) so i simply nopped the native dll call inside the first call. That made a function inside the assembly not work but ill have a fix for that later on. Figured out that i could just Invoke the .cctor and then get the values of the fields, so thats exactly what i did. (similar to this) https://github.com/TobitoFatitoNulled/ArchangelUnCloaker/blob/master/ArchangelUnCloaker/Program.cs#L43 Now after doing that everything else was simple. The method looked like this Cawk's calli for netguard works just fine,you can NOP the vm call, since its useless and finally the method that doesn't work after removing antidebug, for that i simply got to dotnetfiddle and figured out what the integer was for that method (and all methods, it will be 16 on all methods) I'd love to see some use on the VM, since i don't see any right now UnpackMe_protected-Cracked.exe 1 2
XenocodeRCE Posted October 23, 2019 Posted October 23, 2019 5 minutes ago, TobitoFatito said: This is the cleanest output i could get, controlflow is still left but im totally uncap Nice ! Congratulation ; as far as I am aware, the VM call might not looks usefull in dnspy because of CFLOW, but it's supposed to get called because the VM handlers are in a sattelite assembly Thank you for the cctor invoke trick, I wasn't aware yet 1
Fr4x Posted October 25, 2019 Author Posted October 25, 2019 On 10/23/2019 at 10:39 PM, TobitoFatito said: That was a pretty good challenge This is the cleanest output i could get, controlflow is still left but im totally uncapable of doing the cflow Small tutorial: First thing when opening the file in dnlib, you can see that it uses a VM, there are weird delegates that get initialized on the cctor, with calculations, aiming to make it harder to decrypt them. While debugging, the first call seemed to have a native anti-debug (which i could not figure out) so i simply nopped the native dll call inside the first call. That made a function inside the assembly not work but ill have a fix for that later on. Figured out that i could just Invoke the .cctor and then get the values of the fields, so thats exactly what i did. (similar to this) https://github.com/TobitoFatitoNulled/ArchangelUnCloaker/blob/master/ArchangelUnCloaker/Program.cs#L43 Now after doing that everything else was simple. The method looked like this Cawk's calli for netguard works just fine,you can NOP the vm call, since its useless and finally the method that doesn't work after removing antidebug, for that i simply got to dotnetfiddle and figured out what the integer was for that method (and all methods, it will be 16 on all methods) I'd love to see some use on the VM, since i don't see any right now UnpackMe_protected-Cracked.exe 363.5 kB · 5 downloads good job my friend, May i ask you to record a tutorial video of all steps please
Fr4x Posted October 25, 2019 Author Posted October 25, 2019 On 10/21/2019 at 10:01 PM, xxx22xxx said: for get key there no needed to unpack or use any third softs ! just put to dnspy and you will see it self , all string are not ecrypted ! i know the free version not encrypt strings, but this is a unpack challenge not a crack challenge
xxx22xxx Posted October 25, 2019 Posted October 25, 2019 (edited) 10 hours ago, (IRAN) said: i know the free version not encrypt strings, but this is a unpack challenge not a crack challenge that was not pointed to your reqeust(challenge) it was pointed to @illuZion about to find key ! Edited October 25, 2019 by xxx22xxx
Beast_Hunter Posted October 27, 2019 Posted October 27, 2019 (edited) Key = Lol **&^$%#$^#$#^%&% Fu4cO0 Edited October 27, 2019 by Beast_Hunter
Recommended Posts
Create an account or sign in to comment
You need to be a member in order to leave a comment
Create an account
Sign up for a new account in our community. It's easy!
Register a new accountSign in
Already have an account? Sign in here.
Sign In Now