Jump to content
Tuts 4 You

EazFuscator 2019.1

Prab

By Prab
in UnPackMe (.NET)

 Share

Recommended Posts

whoknows

whoknows

Posted
Posted

same version already done @  

https://forum.tuts4you.com/topic/41323-eazfuscatornet-20191-w-homomorphic-encryption/#comment-199617

 

  • Like 1
Prab

Prab

Posted
  • Author
Posted
1 hour ago, whoknows said:

same version already done @  


https://forum.tuts4you.com/topic/41323-eazfuscatornet-20191-w-homomorphic-encryption/#comment-199617

 

oh thanks, sorry my bad

CreateAndInject

CreateAndInject

Posted
Posted

Why do you make a 2019.1 CrackMe rather than 2020.1?

Reza-HNA

Reza-HNA

Posted
Posted (edited)

if you understand how vm's works you can devirtualize any .net target.
for start you can read saneki's eazdevirt source code.

Crackme_2-devirtualized.rar

Edited by Reza-HNA
  • Like 3
  • 4 weeks later...
looikuj

looikuj

Posted
Posted
On 4/16/2020 at 7:27 PM, CreateAndInject said:

Why do you make a 2019.1 CrackMe rather than 2020.1?

coul you try to crack 2020.1 :D

looikuj

looikuj

Posted
Posted
20 hours ago, CreateAndInject said:

@maristroch I think I can do it except VM.

no one made a crack for the latest version there is only a keygen for 2019.1 but 2020.1 people says that its uncrackable because of there good vm

CreateAndInject

CreateAndInject

Posted
Posted

I can't unpack if vm is enabled.

0x59

0x59

Posted
Posted

maristroch 2020.1 is not uncrackablee is just difficulty to analyze 

whoknows

whoknows

Posted
Posted 
https://github.com/JemmyLoveJenny/JemmyLoveJenny.github.io/blob/master/articles/Eazfuscator-Anti-Virtual-IL/Eazfuscator-Anti-Virtual-IL.md

 

TobitoFatito

TobitoFatito

Posted
Posted (edited)
On 5/17/2020 at 6:41 AM, Prab said:

2020.1 version

Crackme.exe 236 kB · 8 downloads

It might have a few weird instructions since i'm new to this :D

Crackme-cleaned-Devirtualized2.zip

Info:

This is the first version of eaz that i analyze so i can't say how 2019.x is different from 2020.1 but its definitely not uncrackable

Steps i took (as i should have included since the beginning):

1 Learn how CIL works / CIL fundamentals (there are some nice ebooks that i can't link here :D )

2 Learn how the assembly reader/writer of your choice works (dnlib for example)

3 Learn how a simple VM works ( https://github.com/TobitoFatitoNulled/MemeVM (the original creator of this vm left so this is a fork to keep the project alive))

4 https://github.com/saneki/eazdevirt See how the previous devirt was made (and you could also check previous eazvm protected executables)

5 Practice your skills trying to make MemeVM Devirt, you can message me if you have any issues with this step (You can always disable renaming on memevm to make the process easier to understand).

6 Start renaming a EazVM test assembly (you can make your own with trial) with all the knowledge you got from the previous steps (and find how crypto streams are initialized, where opcodes are located & how they are connected to the handlers etc etc etc, things that you would find in a vm)

Editing saneki's eazdevirt might be a good idea, though i was more comfortable making my own base.

Edited by TobitoFatito
more info as i should have included earlier o.O
  • Like 3
  • Thanks 3
localhost0

localhost0

Posted
Posted

With eazfuscator, you only protect your less important files.
you can protect your important files with vmprotect or better protection.

briefly this protection is like shit.

TobitoFatito

TobitoFatito

Posted
Posted (edited)
52 minutes ago, mamo434376 said:

With eazfuscator, you only protect your less important files.
you can protect your important files with vmprotect or better protection.

briefly this protection is like shit.

Who are you to say that it's shit? Have you made an unpacker for it? If you do, you are free to correct me but if you don't you shouldn't make these silly comments, in my opinion.

Edited by TobitoFatito
less toxic :D
  • Thanks 3
whoknows

whoknows

Posted
Posted

@Abigor 

well done mate... the validation shits inside, is custom...

BlackHat

BlackHat

Posted
Posted

How these Unpacking Posts are getting approved ? It is clearly written in the Rules that the solution of challenge will not be accepted if you don't describe the steps. 
Here everyone showing that they have cleaned it but no one is telling how ? so literally this is not a valid contribution to the forum if you don't descibe how it has been done. 

Just uploading files of cleaned is not all about unpacking. I think everyone must need to describe the steps or approach he has done to clean it. 
If I sound rude, I am sorry but this is what i feel. 

  • Thanks 2
localhost0

localhost0

Posted
Posted (edited)
On 5/18/2020 at 12:50 PM, TobitoFatito said:

Who are you to say that it's shit? Have you made an unpacker for it? If you do, you are free to correct me but if you don't you shouldn't make these silly comments, in my opinion.

almost everyone here has opened this protection.
the same protection exists in the beds protector private (over) and was easy to remove.
and empty talk.

 

Edited by mamo434376
  • Confused 1
looikuj

looikuj

Posted
Posted
On 5/16/2020 at 7:08 PM, 0x59 said:

maristroch 2020.1 is not uncrackablee is just difficulty to analyze 

someone told me that they have a very good vm and its very hard to crack the license.
I only have a keygen for the version 2019.1 but 2019.2 - 2020.1 there is nothing and I think no one made something.

but if you can do a crack for eaz that would be great.

 

On 5/17/2020 at 7:52 PM, TobitoFatito said:

Literally just finished recompiler might have a few weird instructions :D

Crackme-cleaned-Devirtualized2.zip 99.97 kB · 12 downloads

could you please explain how do you cleaned that so good?

TobitoFatito

TobitoFatito

Posted
Posted (edited)
2 hours ago, 0x59 said:

Eaz 2020.1 
Crackme-Cleaned.exe
 

Capture.PNG

What's the point of this? You ran my file under de4dot and repost it? :D i can recognise my file ya know, i intentionally left this out (i haven't finished local types yet but i manually set the third local to int32) + i added 9 locals when only 3 get used :D

4pEkxfB.png

Edited by TobitoFatito
  • Haha 5
Washi

Washi

Posted
Posted
On 5/18/2020 at 12:59 PM, BlackHat said:

How these Unpacking Posts are getting approved ? It is clearly written in the Rules that the solution of challenge will not be accepted if you don't describe the steps. 
Here everyone showing that they have cleaned it but no one is telling how ? so literally this is not a valid contribution to the forum if you don't descibe how it has been done. 

Just uploading files of cleaned is not all about unpacking. I think everyone must need to describe the steps or approach he has done to clean it. 
If I sound rude, I am sorry but this is what i feel. 

Have to agree with this here. As far as I know, tuts4you is a place for educational content, not a place for showing off. What's the point of sharing just the unpacked binary, other than for bragging rights?

  • Like 1
TobitoFatito

TobitoFatito

Posted
Posted
14 hours ago, 0x59 said:

TobitoFatito 

Its true i didn't devirt it , my friend did it ;)

Sothat's don't make me skid ;)

But i made it clear that i recognise that file being mine, did your friend download my file run it through de4dot and then give you the file to post it? it legit makes 0 sense.

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
 Share
Go to topic listing
×
×
  • Create New...