Babyhamsta Posted February 23, 2020 Posted February 23, 2020 Language : .NET Platform : Windows [x32/x64] OS Version : Windows 10 Packer / Protector : ConfuserEX Custom [Dark Protector Mod] Description : Unpack the exe to find the key! If you would give a brief explanation on how you unpacked it. The exe has max protections and will pop up a messagebox once you enter the correct password. Protections Added to this Unpack Exe: Junk Code, Anti De4Dot, Anti Debug, Anti Dump, Anti ILDasm, Anti Tamper, Calli Protection, Constant Dis, Constants, Control Flow, Hide Methods, Invalid Metadata, MD5 Checksum, Mid Ref Proxy, Mutate Constants, Mutations, Module Flood, Reference Proxy, Renamer, Resources, and Stack Underflow. Screenshot : UnpackMe_MaxSettings.exe
bmeale Posted May 1, 2020 Posted May 1, 2020 (edited) I changed the password to my name Edited May 1, 2020 by bmeale
Solution Mr-Toms Posted March 20, 2021 Solution Posted March 20, 2021 (edited) private void button1_Click(object sender, EventArgs e) { if (this.textBox1.Text == "int73") { MessageBox.Show("congrat you wins"); } } 1. you need to remove Anti Tamper manually ( you can search on youtube , theres much tutorial ) 2. Remove Native Methods using x86Fixer (https://cdn.discordapp.com/attachments/718479256979767317/797817808905175040/x86_Retranslater.rar) and change to ILOnly 3. Remove Anti Decompiler (Search on Prab's Github) 4. Remove Call to Calli (Search CalliFixers on github) 5. Then remove junk ( simply u can use de4dot for this ) 6. Resolve the delegates ( i forgot which link , u can find on this forums ) 7. Remove Mutation ( you can use Public Mutations remover) 8. Decrypt String using ConstantDec by cs( you can search on goole , and download on any,run) 9. against remove mutation but this is for Parse mutations ( you can simply download Mindsystem Supercalculator ) 10. Remove Manually Junk Flow ( i dont know what is this called , bcuz the code does nothing just nop all the instruction that don't needed ) 11. Fix Ref proxy ( you can use ProxyCallFixer v1.2 by theproxy) 12. Remove Junk Class ( you can do it manually / you can download Unsealer in Github) 13. De4dot to rename 14. Remove Everything in <Module> ( bcuz its useless again) UnpackMe_MaxSettings_NoTamper_NoX86_NoAntiDecompiler_NoCalli_NoJunk_nodelegate_NoMutation_NoConstant_NoMutation_NoJunkFlow_noProxy_NoJunkClass-cleaned_NoModule.exe Edited March 20, 2021 by Mr-Toms 4 1
X0rby Posted June 21, 2023 Posted June 21, 2023 (edited) On 2/23/2020 at 7:13 AM, Babyhamsta said: Protections Added to this Unpack Exe: Junk Code, Anti De4Dot, Anti Debug, Anti Dump, Anti ILDasm, Anti Tamper, Calli Protection, Constant Dis, Constants, Control Flow, Hide Methods, Invalid Metadata, MD5 Checksum, Mid Ref Proxy, Mutate Constants, Mutations, Module Flood, Reference Proxy, Renamer, Resources, and Stack Underflow. If the purpose of all that is to protect and hide the key, then that's a very bad use of the protection. Make sure to write a secure source code before using protections... Quote to find the key! If you would give a brief explanation on how you unpacked it It can be done in 1 sec from memory : 0x385fc70 : DarksProtector - dark#5000 0x385fc98 : int73 ===> PASSWORD 0x385fca4 : congrat you wins 0x385fcb8 : label2 0x385fcc4 : Unpack me for the password!! :) Edited June 21, 2023 by X0rby 1
Recommended Posts
Create an account or sign in to comment
You need to be a member in order to leave a comment
Create an account
Sign up for a new account in our community. It's easy!
Register a new accountSign in
Already have an account? Sign in here.
Sign In Now