Mohd 2 Posted September 9, 2020 Share Posted September 9, 2020 View File DNGuard HVM Try to unpack or alternatively provide the secret key, URL, Name and Address Protections used: DNGuard Enterprice HVM 3.953 Good luck. Submitter Mohd Submitted 09/08/2020 Category UnPackMe (.NET) 2 Link to post
Washi 95 Posted September 9, 2020 Share Posted September 9, 2020 (edited) Since the challenge description allows it, I'm going for the quick serial fish for now Spoiler Secret Key: AWX610881RFFJSDJSZV URL: http://localhost:52735/ Vendor: Fadi Sami Khalid Address: Jordan - Amman - Khalda Approach: Spoiler Obfuscation does not really matter if your methods are just simple string comparisons. The x86 generated by the JIT compiler still reveals everything Run app, enter random stuff in textboxes, press Validate to trigger the JIT compiler to compile the validation method. Notice text of the label changes to Not Correct. Attach WinDbg, set breakpoint on Control.set_Text (use !name2ee System.Windows.Forms.dll System.Windows.Control.set_Text to get the address to breakpoint). Continue execution and press Validate again. Type !clrstack to notice the click handler is in Form1._01.01. Copy the address of the handler and dump the x86 code using !U <address>. (dump here https://pastebin.com/br3s09Gv) Notice in x86 code its just a bunch of string.Equals calls. Set a breakpoint on all string.Equals(string, string) calls in the method. Continue execution and press Validate one more time again. Use !dumpstackobjects to read out the correct values for every one of these calls. Edited September 9, 2020 by Washi (see edit history) 1 1 Link to post
AzoresRCE 4 Posted September 10, 2020 Share Posted September 10, 2020 (edited) I would just like to point out that this is DNGuard Enterprise HVM 3.9.5.1 not 3.9.5.3 Edited September 10, 2020 by AzoresRCE (see edit history) 1 Link to post
0x59 7 Posted January 3 Share Posted January 3 (edited) Test_App_-_Full_-_End_Encrptoin-Unpacked.rar --Not unpacked by me-- Hook jit and after use dng hvm unpacker by @CodeExplorer just update anti-eh anti-eh2 anti-jit Open hvmruntime.dll on ghidra and go to Export/VMRuntime and start analysing it Edited January 5 by 0x59 (see edit history) 1 Link to post
GautamGreat 174 Posted January 5 Share Posted January 5 On 1/4/2021 at 3:02 AM, 0x59 said: Test_App_-_Full_-_End_Encrptoin-Unpacked.rar --Not unpacked by me-- Hook jit and after use dng hvm unpacker by @CodeExplorer just update anti-eh anti-eh2 anti-jit Tell me if u need more info I would love to have some information about hooking Jit Link to post
0x59 7 Posted January 5 Share Posted January 5 5 hours ago, GautamGreat said: I would love to have some information about hooking Jit just dm me sir 1 Link to post
Recommended Posts
Create an account or sign in to comment
You need to be a member in order to leave a comment
Create an account
Sign up for a new account in our community. It's easy!
Register a new accountSign in
Already have an account? Sign in here.
Sign In Now