Jump to content
View in the app

A better way to browse. Learn more.
Tuts 4 You

A full-screen app on your home screen with push notifications, badges and more.

To install this app on iOS and iPadOS
  1. Tap the Share icon in Safari
  2. Scroll the menu and tap Add to Home Screen.
  3. Tap Add in the top-right corner.
To install this app on Android
  1. Tap the 3-dot menu (⋮) in the top-right corner of the browser.
  2. Tap Add to Home screen or Install app.
  3. Confirm by tapping Install.

Unpack Challenge (Agile.NET)

Fr4x
Fr4x
in UnPackMe (.NET)

Featured Replies

Posted

Language : C# .Net
Platform : Windows x32/x64
OS Version : All
Packer / Protector : Agile.Net v6.6

Description : 

Hi everyone, hope one of you friends can unpack the target and teach us how to unpack it

Screenshot :

image.png.b95c3293ef2e20ee7e285f2e13837f35.png.2924c16d2e719e95c69e64db3e644c00.png

Secured.rar

    •
    • Like 2

    Solved by ElektroKill

    Go to solution

    Your topic has not been approved. You did not follow the correct posting format and/or provided enough information regarding the challenge.

    Quote

    Language : (Assembler, C++, Java, .NET, Python, Borland, PureBasic, etc.)
    Platform : (Windows, Linux, Android, MacOS, DOS, etc. + architecture eg. x32/x64)
    OS Version : (All, Windows 7, Ubuntu 15.10, OS X v10.11, etc.)
    Packer / Protector : (None, ASProtect 1.73, Confuser 1.9, Enigma 4.40, UPX 3.91, etc.)

    Description :

    Description of the challenge and any other related information, this must be presented clearly and legibly. Your challenge will not be approved if this is presented poorly.

    Screenshot :

    All challenges must include a screenshot.

    The challenge must be attached directly to the topic and not linked to an external host.

    You have 48 hours to correct your topic before it will be moved to the Trashcan.

    For further details regarding the formatting of the topic please refer to the topic in the below link...

    [This is an automated reply]

    • Like 2
    • Author
    On 10/28/2019 at 5:34 PM, Teddy Rogers said:

    Your topic has not been approved. You did not follow the correct posting format and/or provided enough information regarding the challenge.

    You have 48 hours to correct your topic before it will be moved to the Trashcan.

    For further details regarding the formatting of the topic please refer to the topic in the below link...

    [This is an automated reply]

    Edited

    • Like 2
    • 2 weeks later...

    https://github.com/ribthegreat99OrN0P/Agile.NET-Deobfuscator

    USE MY TOOL LAST AFTER YOU HAVE DONE THE FOLLOWING STEPS

    Instructions:

    1. Jit-dump the executable with JitDumper3/4 enable the checkbox (Dump MD).

    2. Clean the (String And Flow) with SimpleAssemblyExplorer(SAE) checking the checkbox (Delegates} as well.

    3. De4dot.

     

    Files.rar

    Edited by N0P/ribthegreat99
    UPDATE

    • Like 4
    • Thanks 2
    7 hours ago, N0P/ribthegreat99 said:

    I have unpacked most of the protections just need someone to complete the last part of it, the calls/delegates!!

    Instructions:

    1. Jit-dump the executable with JitDumper3/4 enable the checkbox (Dump MD).

    2. Clean the (String And Flow) with SimpleAssemblyExplorer(SAE) checking the checkbox (Delegates} as well.

    3. De4dot.

     

    Files.rar 37.3 kB · 2 downloads

    Could you provide a download for JitDumper ? I can’t find it any where

    On 11/11/2019 at 2:22 AM, ElektroKill said:

    Could you provide a download for JitDumper ? I can’t find it any where

     

    JitDumperv4.rar

    •
    • Like 6
    • Thanks 2
    • 5 months later...
    On 4/21/2020 at 11:50 AM, Prab said:

    This is not working

    you need to run it in NetBox

    • Thanks 1

    please link for NetBox

    thanks

     

    On 11/10/2019 at 1:24 PM, N0P/ribthegreat99 said:

    I have unpacked most of the protections just need someone to complete the last part of it, the calls/delegates!!

    Instructions:

    1. Jit-dump the executable with JitDumper3/4 enable the checkbox (Dump MD).

    2. Clean the (String And Flow) with SimpleAssemblyExplorer(SAE) checking the checkbox (Delegates} as well.

    3. De4dot.

     

    Files.rar 37.3 kB · 54 downloads

    the calls/delegates is the problem. I also stuck at this place 

    • 2 months later...
    On 5/2/2020 at 9:47 PM, BlackHat said:

    the calls/delegates is the problem. I also stuck at this place 

    The same for me! Need help with that.. 

    image.png

    All Methods are shown like that, but can't really see what does the method do?!

    @CodeExplorer Can you help with a tip?

    @N0P/ribthegreat99 Did you get it yet? or still??

    8 hours ago, GameHackerPM said:

    The same for me! Need help with that.. 

    image.png

    All Methods are shown like that, but can't really see what does the method do?!

    @CodeExplorer Can you help with a tip?

    @N0P/ribthegreat99 Did you get it yet? or still??

    Hello can you pm me this file i want to check it out. By the way, i have made a tool to deob cflow, strings, and delegates of agile

    tool to decrypt strings & delegates will make public

                        switch (num)
                        {
                        case 0:
                        {
                            bool flag = !(this.\u00A0.Text == " ! C@tch Y0u ,B@bY");
                            num = Math.Abs(-8);
                            continue;
                        }

    UnpackMe-noag.exe

     

    7 hours ago, N0P/ribthegreat99 said:

    Hello can you pm me this file i want to check it out. By the way, i have made a tool to deob cflow, strings, and delegates of agile

    can You share?

    8 hours ago, AzoresRCE said:

    tool to decrypt strings & delegates will make public

                        switch (num)
                        {
                        case 0:
                        {
                            bool flag = !(this.\u00A0.Text == " ! C@tch Y0u ,B@bY");
                            num = Math.Abs(-8);
                            continue;
                        }

    UnpackMe-noag.exe

     

    Any ETA? :)

    • 2 weeks later...
    • 2 months later...
    On 10/4/2020 at 2:27 PM, notkult said:

     @N0P/ribthegreat99NetBox seems to just start the program then instantly stop it, any fix?

    Try use it on a windows 7 vm/machine

    On 10/6/2020 at 7:04 PM, N0P/ribthegreat99 said:

    Try use it on a windows 7 vm/machine

    Used it on a laptop with Windows 8, worked just fine.

    Just a little tip, JitDumper is good as long as you are running it against an executable which needs .NET 4.0 or earlier

    but once you start unpacking DLLs which require .NET 4.5 or higher, it will probably crash, so it's going to be obsolete

    sooner or later and a new approach will have to be created.

    • Like 1
    13 hours ago, Kurapica said:

    Just a little tip, JitDumper is good as long as you are running it against an executable which needs .NET 4.0 or earlier

    but once you start unpacking DLLs which require .NET 4.5 or higher, it will probably crash, so it's going to be obsolete

    sooner or later and a new approach will have to be created.

    Thanks for the tip! I ran it for a standard .NET Framework 4.0 exe and worked fine.

    Create an account or sign in to comment

    Go to topic listing

    Configure browser push notifications
    Chrome (Android)
    1. Tap the lock icon next to the address bar.
    2. Tap Permissions → Notifications.
    3. Adjust your preference.
    Chrome (Desktop)
    1. Click the padlock icon in the address bar.
    2. Select Site settings.
    3. Find Notifications and adjust your preference.