Jump to content
Tuts 4 You

Dark Protector Mod


Babyhamsta
Go to solution Solved by Mr-Toms,

Recommended Posts

Language : .NET
Platform : Windows [x32/x64]
OS Version : Windows 10
Packer / Protector : ConfuserEX Custom [Dark Protector Mod]

Description :

Unpack the exe to find the key! If you would give a brief explanation on how you unpacked it. The exe has max protections and will pop up a messagebox once you enter the correct password.

Protections Added to this Unpack Exe: Junk Code, Anti De4Dot, Anti Debug, Anti Dump, Anti ILDasm, Anti Tamper, Calli Protection, Constant Dis, Constants, Control Flow, Hide Methods, Invalid Metadata, MD5 Checksum, Mid Ref Proxy, Mutate Constants, Mutations, Module Flood, Reference Proxy, Renamer, Resources, and Stack Underflow.

Screenshot :

image.png.d381d513347a0ae1d70838de82daa5da.png

UnpackMe_MaxSettings.exe

Link to comment
Share on other sites

  • 3 weeks later...
  • 1 month later...
  • 10 months later...
  • Solution

private void button1_Click(object sender, EventArgs e)
        {
            if (this.textBox1.Text == "int73")
            {
                MessageBox.Show("congrat you wins");
            }
        }

1. you need to remove Anti Tamper manually ( you can search on youtube , theres much tutorial )
2. Remove Native Methods using x86Fixer (https://cdn.discordapp.com/attachments/718479256979767317/797817808905175040/x86_Retranslater.rar) and change to ILOnly
3. Remove Anti Decompiler (Search on Prab's Github)
4. Remove Call to Calli (Search CalliFixers on github)
5. Then remove junk ( simply u can use de4dot for this )
6. Resolve the delegates ( i forgot which link , u can find on this forums )
7. Remove Mutation ( you can use Public Mutations remover)
8. Decrypt String using ConstantDec by cs( you can search on goole , and download on any,run)
9. against remove mutation but this is for Parse mutations ( you can simply download Mindsystem Supercalculator )
10. Remove Manually Junk Flow ( i dont know what is this called , bcuz the code does nothing just nop all the instruction that don't needed )
11. Fix Ref proxy ( you can use ProxyCallFixer v1.2 by theproxy)
12. Remove Junk Class ( you can do it manually / you can download Unsealer in Github)
13. De4dot to rename
14. Remove Everything in <Module> ( bcuz its useless again)

UnpackMe_MaxSettings_NoTamper_NoX86_NoAntiDecompiler_NoCalli_NoJunk_nodelegate_NoMutation_NoConstant_NoMutation_NoJunkFlow_noProxy_NoJunkClass-cleaned_NoModule.exe

Edited by Mr-Toms
  • Like 3
  • Haha 1
Link to comment
Share on other sites

  • 2 years later...
On 2/23/2020 at 7:13 AM, Babyhamsta said:

Protections Added to this Unpack Exe: Junk Code, Anti De4Dot, Anti Debug, Anti Dump, Anti ILDasm, Anti Tamper, Calli Protection, Constant Dis, Constants, Control Flow, Hide Methods, Invalid Metadata, MD5 Checksum, Mid Ref Proxy, Mutate Constants, Mutations, Module Flood, Reference Proxy, Renamer, Resources, and Stack Underflow.

If the purpose of all that is to protect and hide the key, then that's a very bad use of the protection.

Make sure to write a secure source code before using protections...

Quote

to find the key! If you would give a brief explanation on how you unpacked it

It can be done in 1 sec from memory

0x385fc70 : DarksProtector - dark#5000
0x385fc98 : int73 ===> PASSWORD
0x385fca4 : congrat you wins
0x385fcb8 : label2
0x385fcc4 : Unpack me for the password!! :)

 

Edited by X0rby
Link to comment
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
×
×
  • Create New...