Jump to content
View in the app

A better way to browse. Learn more.

Tuts 4 You

A full-screen app on your home screen with push notifications, badges and more.

To install this app on iOS and iPadOS
  1. Tap the Share icon in Safari
  2. Scroll the menu and tap Add to Home Screen.
  3. Tap Add in the top-right corner.
To install this app on Android
  1. Tap the 3-dot menu (⋮) in the top-right corner of the browser.
  2. Tap Add to Home screen or Install app.
  3. Confirm by tapping Install.

Featured Replies

Posted

CryptoObfuscator v2020.200911

Try to unpack or alternatively provide a serial.

Protections used:

Code Virtualization
Rename Symbols
Reduce Metadata
Mark Classes as Final

+ Shield with SNK
 

File Information

Submitter whoknows

Submitted 12/15/2020

Category UnPackMe (.NET)

View File

CryptoObfuscator v2020.200911

Solved by BataBo

Go to solution

This was a fun challenge!

Spoiler

1309-1474-1844-1839-1564

Steps that i took:

There is probably a better way to do this, but oh well.

Spoiler
  • Drag n drop the file on dnspy, we can see that CommandSerializer is a winform and UpdateServer is the button click handler. The button click handler method seems to be invoking a multicastdelegate - which is the dynamic method. I found that the quickest way of dealing with this protection is simply loading the assembly and getting the value of the field dynamically, then using asmresolver (dnlib should work aswell with dynamicbodyreader) we use CilMethodBody.FromDynamicMethod & set the cilmethodbody of the method to the result.
  • Analyzing the file i found that we have to input 5 numbers, seperated by dashes. Simply putting a breakpoint on the Sum method of IEnumerable<int> and inputting 5 random numbers (ex. 1-1-1-1-1), will call it 5 different times, writing down the numbers it returns, seperated by dashes, will get us our serial. (note - we are debugging the original file)

 

WindowsFormsApplication41_96N3SC0R5z.png

  • Author

very nice @TobitoFatito

spacer.png how much time to reach @ "Simply putting a breakpoint on the Sum method of IEnumerable<int> and inputting 5 random numbers (ex. 1-1-1-1-1), will call it 5 different times", as I wrote a complex code, on how it call the method do the summation.

??

 

the only glitch is @ 

IEnumerable<int>

by this, what I understood, you cant read the exact code. just get the sum values by the debugger.

Edited by whoknows

  • Solution

This assembly was challenging but I managed to unpack it,

1.)At some point in execution the program decrypts methods and the method IL code is stored in byte array so I log that array

2.)I automatically decrypt all methods and fix all adresses, but assembly breaks

3.)I analyze the assembly and get all the relevant methods and manually fix the assembly

4.)While I was at it I also removed a lot of junk from the assembly

So here is the result

WindowsFormsApplication41_unpacked_cleaned.exe

  • Author

wow, 

impressive how you restore back the code..  the button click works like this : 

spacer.png

 

EventsHost

spacer.png

 

   host.Initialize doing some reflection.

  host.PropagateEvent doing the call to 'methods' you putted on the form class. 

spacer.png

 

The origin EXE structure

spacer.png

 

impressive impressive impressive impressive impressive. well done...

 

Quote

also removed a lot of junk from the assembly

was all the 'dynamic' thing I done on this classes^  :) 

 

I have submit rev2 by 16/12.. still w8ing for approval.

Edited by whoknows

  • Author

rev2 @ 

spacer.png

Didn't notice much change, used the same techniques I used for v1, but unlike v1 here I kept your dynamic stuff.

 

WindowsFormsApplication41.exe

  • Author

excellent @BataBo

for the history, the serial is :

Quote

2606x2968x3668x3682x3156

 

  • 1 year later...

Create an account or sign in to comment

Configure browser push notifications

Chrome (Android)
  1. Tap the lock icon next to the address bar.
  2. Tap Permissions → Notifications.
  3. Adjust your preference.
Chrome (Desktop)
  1. Click the padlock icon in the address bar.
  2. Select Site settings.
  3. Find Notifications and adjust your preference.