EazFuscator 2019.1

[Prab]

Language : C#
Platforms : Windows
Packer/obfuscator : EazFuscator 2019.1

Description :

Hi everyone, hope one of you friends can unpack the target and teach us how to unpack it

Screenshot :

Virustotal :

https://www.virustotal.com/gui/file/c55f28ff985269defec68e58287b45b7fde932003358e5faad51210ce3ab4421/detection

Download :

Crackme.exe

 

[whoknows]

same version already done @ 

https://forum.tuts4you.com/topic/41323-eazfuscatornet-20191-w-homomorphic-encryption/#comment-199617

 

[Prab]

1 hour ago, whoknows said:

same version already done @ 

https://forum.tuts4you.com/topic/41323-eazfuscatornet-20191-w-homomorphic-encryption/#comment-199617

 

oh thanks, sorry my bad

[CreateAndInject]

Why do you make a 2019.1 CrackMe rather than 2020.1?

[Reza-HNA]

if you understand how vm's works you can devirtualize any .net target.
for start you can read saneki's eazdevirt source code.

Crackme_2-devirtualized.rar

Edited April 16, 2020 by Reza-HNA

[looikuj]

On 4/16/2020 at 7:27 PM, CreateAndInject said:

Why do you make a 2019.1 CrackMe rather than 2020.1?

coul you try to crack 2020.1

[CreateAndInject]

@maristroch I think I can do it except VM.

[looikuj]

20 hours ago, CreateAndInject said:

@maristroch I think I can do it except VM.

no one made a crack for the latest version there is only a keygen for 2019.1 but 2020.1 people says that its uncrackable because of there good vm

[CreateAndInject]

I can't unpack if vm is enabled.

[0x59]

maristroch 2020.1 is not uncrackablee is just difficulty to analyze 

[whoknows]

https://github.com/JemmyLoveJenny/JemmyLoveJenny.github.io/blob/master/articles/Eazfuscator-Anti-Virtual-IL/Eazfuscator-Anti-Virtual-IL.md

 

[Prab]

2020.1 version

Crackme.exe

[whoknows]

proper Eazfuscator.NET 2020.1 with Virtualization 

ggggg2020.1.rar

[TobitoFatito]

On 5/17/2020 at 6:41 AM, Prab said:

2020.1 version

Crackme.exe 236 kB · 8 downloads

It might have a few weird instructions since i'm new to this

Crackme-cleaned-Devirtualized2.zip

Info:

This is the first version of eaz that i analyze so i can't say how 2019.x is different from 2020.1 but its definitely not uncrackable

Steps i took (as i should have included since the beginning):

1 Learn how CIL works / CIL fundamentals (there are some nice ebooks that i can't link here )

2 Learn how the assembly reader/writer of your choice works (dnlib for example)

3 Learn how a simple VM works ( https://github.com/TobitoFatitoNulled/MemeVM (the original creator of this vm left so this is a fork to keep the project alive))

4 https://github.com/saneki/eazdevirt See how the previous devirt was made (and you could also check previous eazvm protected executables)

5 Practice your skills trying to make MemeVM Devirt, you can message me if you have any issues with this step (You can always disable renaming on memevm to make the process easier to understand).

6 Start renaming a EazVM test assembly (you can make your own with trial) with all the knowledge you got from the previous steps (and find how crypto streams are initialized, where opcodes are located & how they are connected to the handlers etc etc etc, things that you would find in a vm)

Editing saneki's eazdevirt might be a good idea, though i was more comfortable making my own base.

Edited May 20, 2020 by TobitoFatito
more info as i should have included earlier o.O

[localhost0]

With eazfuscator, you only protect your less important files.
you can protect your important files with vmprotect or better protection.

briefly this protection is like shit.

[Abigor]

23 hours ago, whoknows said:

proper Eazfuscator.NET 2020.1 with Virtualization 

ggggg2020.1.rar 93.25 kB · 16 downloads

New features, interesting. File correct? 

ggggg_cleaned.zip

[Prab]

15 hours ago, TobitoFatito said:

Literally just finished recompiler might have a few weird instructions

Crackme-cleaned-Devirtualized2.zip 99.97 kB · 7 downloads

Nice !

[TobitoFatito]

52 minutes ago, mamo434376 said:

With eazfuscator, you only protect your less important files.
you can protect your important files with vmprotect or better protection.

briefly this protection is like shit.

Who are you to say that it's shit? Have you made an unpacker for it? If you do, you are free to correct me but if you don't you shouldn't make these silly comments, in my opinion.

Edited May 18, 2020 by TobitoFatito
less toxic :D

[whoknows]

@Abigor 

well done mate... the validation shits inside, is custom...

[BlackHat]

How these Unpacking Posts are getting approved ? It is clearly written in the Rules that the solution of challenge will not be accepted if you don't describe the steps. 
Here everyone showing that they have cleaned it but no one is telling how ? so literally this is not a valid contribution to the forum if you don't descibe how it has been done. 

Just uploading files of cleaned is not all about unpacking. I think everyone must need to describe the steps or approach he has done to clean it. 
If I sound rude, I am sorry but this is what i feel. 

[localhost0]

On 5/18/2020 at 12:50 PM, TobitoFatito said:

Who are you to say that it's shit? Have you made an unpacker for it? If you do, you are free to correct me but if you don't you shouldn't make these silly comments, in my opinion.

almost everyone here has opened this protection.
the same protection exists in the beds protector private (over) and was easy to remove.
and empty talk.

 

Edited May 20, 2020 by mamo434376

[looikuj]

On 5/16/2020 at 7:08 PM, 0x59 said:

maristroch 2020.1 is not uncrackablee is just difficulty to analyze 

someone told me that they have a very good vm and its very hard to crack the license.
I only have a keygen for the version 2019.1 but 2019.2 - 2020.1 there is nothing and I think no one made something.

but if you can do a crack for eaz that would be great.

 

On 5/17/2020 at 7:52 PM, TobitoFatito said:

Literally just finished recompiler might have a few weird instructions

Crackme-cleaned-Devirtualized2.zip 99.97 kB · 12 downloads

could you please explain how do you cleaned that so good?

[TobitoFatito]

2 hours ago, 0x59 said:

Eaz 2020.1 
Crackme-Cleaned.exe
 

What's the point of this? You ran my file under de4dot and repost it? i can recognise my file ya know, i intentionally left this out (i haven't finished local types yet but i manually set the third local to int32) + i added 9 locals when only 3 get used

Edited May 19, 2020 by TobitoFatito

[Washi]

On 5/18/2020 at 12:59 PM, BlackHat said:

How these Unpacking Posts are getting approved ? It is clearly written in the Rules that the solution of challenge will not be accepted if you don't describe the steps. 
Here everyone showing that they have cleaned it but no one is telling how ? so literally this is not a valid contribution to the forum if you don't descibe how it has been done. 

Just uploading files of cleaned is not all about unpacking. I think everyone must need to describe the steps or approach he has done to clean it. 
If I sound rude, I am sorry but this is what i feel. 

Have to agree with this here. As far as I know, tuts4you is a place for educational content, not a place for showing off. What's the point of sharing just the unpacked binary, other than for bragging rights?

[TobitoFatito]

14 hours ago, 0x59 said:

TobitoFatito 

Its true i didn't devirt it , my friend did it

Sothat's don't make me skid

But i made it clear that i recognise that file being mine, did your friend download my file run it through de4dot and then give you the file to post it? it legit makes 0 sense.