Prab Posted April 16, 2020 Share Posted April 16, 2020 Language : C# Platforms : Windows Packer/obfuscator : EazFuscator 2019.1 Description : Hi everyone, hope one of you friends can unpack the target and teach us how to unpack it Screenshot : Virustotal : https://www.virustotal.com/gui/file/c55f28ff985269defec68e58287b45b7fde932003358e5faad51210ce3ab4421/detection Download : Crackme.exe Link to comment Share on other sites More sharing options...
whoknows Posted April 16, 2020 Share Posted April 16, 2020 same version already done @ https://forum.tuts4you.com/topic/41323-eazfuscatornet-20191-w-homomorphic-encryption/#comment-199617 1 Link to comment Share on other sites More sharing options...
Prab Posted April 16, 2020 Author Share Posted April 16, 2020 1 hour ago, whoknows said: same version already done @ https://forum.tuts4you.com/topic/41323-eazfuscatornet-20191-w-homomorphic-encryption/#comment-199617 oh thanks, sorry my bad Link to comment Share on other sites More sharing options...
CreateAndInject Posted April 16, 2020 Share Posted April 16, 2020 Why do you make a 2019.1 CrackMe rather than 2020.1? Link to comment Share on other sites More sharing options...
Reza-HNA Posted April 16, 2020 Share Posted April 16, 2020 (edited) if you understand how vm's works you can devirtualize any .net target. for start you can read saneki's eazdevirt source code. Crackme_2-devirtualized.rar Edited April 16, 2020 by Reza-HNA 3 Link to comment Share on other sites More sharing options...
looikuj Posted May 15, 2020 Share Posted May 15, 2020 On 4/16/2020 at 7:27 PM, CreateAndInject said: Why do you make a 2019.1 CrackMe rather than 2020.1? coul you try to crack 2020.1 Link to comment Share on other sites More sharing options...
CreateAndInject Posted May 15, 2020 Share Posted May 15, 2020 @maristroch I think I can do it except VM. 1 Link to comment Share on other sites More sharing options...
looikuj Posted May 16, 2020 Share Posted May 16, 2020 20 hours ago, CreateAndInject said: @maristroch I think I can do it except VM. no one made a crack for the latest version there is only a keygen for 2019.1 but 2020.1 people says that its uncrackable because of there good vm Link to comment Share on other sites More sharing options...
CreateAndInject Posted May 16, 2020 Share Posted May 16, 2020 I can't unpack if vm is enabled. Link to comment Share on other sites More sharing options...
0x59 Posted May 16, 2020 Share Posted May 16, 2020 maristroch 2020.1 is not uncrackablee is just difficulty to analyze Link to comment Share on other sites More sharing options...
whoknows Posted May 16, 2020 Share Posted May 16, 2020 https://github.com/JemmyLoveJenny/JemmyLoveJenny.github.io/blob/master/articles/Eazfuscator-Anti-Virtual-IL/Eazfuscator-Anti-Virtual-IL.md Link to comment Share on other sites More sharing options...
Prab Posted May 17, 2020 Author Share Posted May 17, 2020 2020.1 version Crackme.exe Link to comment Share on other sites More sharing options...
whoknows Posted May 17, 2020 Share Posted May 17, 2020 proper Eazfuscator.NET 2020.1 with Virtualization ggggg2020.1.rar Link to comment Share on other sites More sharing options...
TobitoFatito Posted May 17, 2020 Share Posted May 17, 2020 (edited) On 5/17/2020 at 6:41 AM, Prab said: 2020.1 version Crackme.exe 236 kB · 8 downloads It might have a few weird instructions since i'm new to this Crackme-cleaned-Devirtualized2.zip Info: This is the first version of eaz that i analyze so i can't say how 2019.x is different from 2020.1 but its definitely not uncrackable Steps i took (as i should have included since the beginning): 1 Learn how CIL works / CIL fundamentals (there are some nice ebooks that i can't link here ) 2 Learn how the assembly reader/writer of your choice works (dnlib for example) 3 Learn how a simple VM works ( https://github.com/TobitoFatitoNulled/MemeVM (the original creator of this vm left so this is a fork to keep the project alive)) 4 https://github.com/saneki/eazdevirt See how the previous devirt was made (and you could also check previous eazvm protected executables) 5 Practice your skills trying to make MemeVM Devirt, you can message me if you have any issues with this step (You can always disable renaming on memevm to make the process easier to understand). 6 Start renaming a EazVM test assembly (you can make your own with trial) with all the knowledge you got from the previous steps (and find how crypto streams are initialized, where opcodes are located & how they are connected to the handlers etc etc etc, things that you would find in a vm) Editing saneki's eazdevirt might be a good idea, though i was more comfortable making my own base. Edited May 20, 2020 by TobitoFatito more info as i should have included earlier o.O 3 3 Link to comment Share on other sites More sharing options...
localhost0 Posted May 18, 2020 Share Posted May 18, 2020 With eazfuscator, you only protect your less important files. you can protect your important files with vmprotect or better protection. briefly this protection is like shit. Link to comment Share on other sites More sharing options...
Abigor Posted May 18, 2020 Share Posted May 18, 2020 23 hours ago, whoknows said: proper Eazfuscator.NET 2020.1 with Virtualization ggggg2020.1.rar 93.25 kB · 16 downloads New features, interesting. File correct? ggggg_cleaned.zip 3 Link to comment Share on other sites More sharing options...
Prab Posted May 18, 2020 Author Share Posted May 18, 2020 15 hours ago, TobitoFatito said: Literally just finished recompiler might have a few weird instructions Crackme-cleaned-Devirtualized2.zip 99.97 kB · 7 downloads Nice ! Link to comment Share on other sites More sharing options...
TobitoFatito Posted May 18, 2020 Share Posted May 18, 2020 (edited) 52 minutes ago, mamo434376 said: With eazfuscator, you only protect your less important files. you can protect your important files with vmprotect or better protection. briefly this protection is like shit. Who are you to say that it's shit? Have you made an unpacker for it? If you do, you are free to correct me but if you don't you shouldn't make these silly comments, in my opinion. Edited May 18, 2020 by TobitoFatito less toxic :D 3 Link to comment Share on other sites More sharing options...
whoknows Posted May 18, 2020 Share Posted May 18, 2020 @Abigor well done mate... the validation shits inside, is custom... Link to comment Share on other sites More sharing options...
BlackHat Posted May 18, 2020 Share Posted May 18, 2020 How these Unpacking Posts are getting approved ? It is clearly written in the Rules that the solution of challenge will not be accepted if you don't describe the steps. Here everyone showing that they have cleaned it but no one is telling how ? so literally this is not a valid contribution to the forum if you don't descibe how it has been done. Just uploading files of cleaned is not all about unpacking. I think everyone must need to describe the steps or approach he has done to clean it. If I sound rude, I am sorry but this is what i feel. 2 Link to comment Share on other sites More sharing options...
localhost0 Posted May 18, 2020 Share Posted May 18, 2020 (edited) On 5/18/2020 at 12:50 PM, TobitoFatito said: Who are you to say that it's shit? Have you made an unpacker for it? If you do, you are free to correct me but if you don't you shouldn't make these silly comments, in my opinion. almost everyone here has opened this protection. the same protection exists in the beds protector private (over) and was easy to remove. and empty talk. Edited May 20, 2020 by mamo434376 1 Link to comment Share on other sites More sharing options...
looikuj Posted May 18, 2020 Share Posted May 18, 2020 On 5/16/2020 at 7:08 PM, 0x59 said: maristroch 2020.1 is not uncrackablee is just difficulty to analyze someone told me that they have a very good vm and its very hard to crack the license. I only have a keygen for the version 2019.1 but 2019.2 - 2020.1 there is nothing and I think no one made something. but if you can do a crack for eaz that would be great. On 5/17/2020 at 7:52 PM, TobitoFatito said: Literally just finished recompiler might have a few weird instructions Crackme-cleaned-Devirtualized2.zip 99.97 kB · 12 downloads could you please explain how do you cleaned that so good? Link to comment Share on other sites More sharing options...
TobitoFatito Posted May 19, 2020 Share Posted May 19, 2020 (edited) 2 hours ago, 0x59 said: Eaz 2020.1 Crackme-Cleaned.exe What's the point of this? You ran my file under de4dot and repost it? i can recognise my file ya know, i intentionally left this out (i haven't finished local types yet but i manually set the third local to int32) + i added 9 locals when only 3 get used Edited May 19, 2020 by TobitoFatito 5 Link to comment Share on other sites More sharing options...
Washi Posted May 19, 2020 Share Posted May 19, 2020 On 5/18/2020 at 12:59 PM, BlackHat said: How these Unpacking Posts are getting approved ? It is clearly written in the Rules that the solution of challenge will not be accepted if you don't describe the steps. Here everyone showing that they have cleaned it but no one is telling how ? so literally this is not a valid contribution to the forum if you don't descibe how it has been done. Just uploading files of cleaned is not all about unpacking. I think everyone must need to describe the steps or approach he has done to clean it. If I sound rude, I am sorry but this is what i feel. Have to agree with this here. As far as I know, tuts4you is a place for educational content, not a place for showing off. What's the point of sharing just the unpacked binary, other than for bragging rights? 1 Link to comment Share on other sites More sharing options...
TobitoFatito Posted May 20, 2020 Share Posted May 20, 2020 14 hours ago, 0x59 said: TobitoFatito Its true i didn't devirt it , my friend did it Sothat's don't make me skid But i made it clear that i recognise that file being mine, did your friend download my file run it through de4dot and then give you the file to post it? it legit makes 0 sense. Link to comment Share on other sites More sharing options...
Recommended Posts
Create an account or sign in to comment
You need to be a member in order to leave a comment
Create an account
Sign up for a new account in our community. It's easy!
Register a new accountSign in
Already have an account? Sign in here.
Sign In Now