Language : .NET
Platform : Windows [x32/x64]
OS Version : Windows 10
Packer / Protector : ConfuserEX Custom [Dark Protector Mod]

Description :

Unpack the exe to find the key! If you would give a brief explanation on how you unpacked it. The exe has max protections and will pop up a messagebox once you enter the correct password.

Protections Added to this Unpack Exe: Junk Code, Anti De4Dot, Anti Debug, Anti Dump, Anti ILDasm, Anti Tamper, Calli Protection, Constant Dis, Constants, Control Flow, Hide Methods, Invalid Metadata, MD5 Checksum, Mid Ref Proxy, Mutate Constants, Mutations, Module Flood, Reference Proxy, Renamer, Resources, and Stack Underflow.

Screenshot :

UnpackMe_MaxSettings.exe

crashing in win10

I changed the password to my name

Edited May 1, 20205 yr by bmeale

private void button1_Click(object sender, EventArgs e)
        {
            if (this.textBox1.Text == "int73")
            {
                MessageBox.Show("congrat you wins");
            }
        }

1. you need to remove Anti Tamper manually ( you can search on youtube , theres much tutorial )
2. Remove Native Methods using x86Fixer (https://cdn.discordapp.com/attachments/718479256979767317/797817808905175040/x86_Retranslater.rar) and change to ILOnly
3. Remove Anti Decompiler (Search on Prab's Github)
4. Remove Call to Calli (Search CalliFixers on github)
5. Then remove junk ( simply u can use de4dot for this )
6. Resolve the delegates ( i forgot which link , u can find on this forums )
7. Remove Mutation ( you can use Public Mutations remover)
8. Decrypt String using ConstantDec by cs( you can search on goole , and download on any,run)
9. against remove mutation but this is for Parse mutations ( you can simply download Mindsystem Supercalculator )
10. Remove Manually Junk Flow ( i dont know what is this called , bcuz the code does nothing just nop all the instruction that don't needed )
11. Fix Ref proxy ( you can use ProxyCallFixer v1.2 by theproxy)
12. Remove Junk Class ( you can do it manually / you can download Unsealer in Github)
13. De4dot to rename
14. Remove Everything in <Module> ( bcuz its useless again)

UnpackMe_MaxSettings_NoTamper_NoX86_NoAntiDecompiler_NoCalli_NoJunk_nodelegate_NoMutation_NoConstant_NoMutation_NoJunkFlow_noProxy_NoJunkClass-cleaned_NoModule.exe

Edited March 20, 20214 yr by Mr-Toms

On 2/23/2020 at 7:13 AM, Babyhamsta said:

Protections Added to this Unpack Exe: Junk Code, Anti De4Dot, Anti Debug, Anti Dump, Anti ILDasm, Anti Tamper, Calli Protection, Constant Dis, Constants, Control Flow, Hide Methods, Invalid Metadata, MD5 Checksum, Mid Ref Proxy, Mutate Constants, Mutations, Module Flood, Reference Proxy, Renamer, Resources, and Stack Underflow.

If the purpose of all that is to protect and hide the key, then that's a very bad use of the protection.

Make sure to write a secure source code before using protections...

Quote

to find the key! If you would give a brief explanation on how you unpacked it

It can be done in 1 sec from memory : 

0x385fc70 : DarksProtector - dark#5000
0x385fc98 : int73 ===> PASSWORD
0x385fca4 : congrat you wins
0x385fcb8 : label2
0x385fcc4 : Unpack me for the password!! :)

 

Edited June 21, 20232 yr by X0rby