Jump to content
View in the app

A better way to browse. Learn more.
Tuts 4 You

A full-screen app on your home screen with push notifications, badges and more.

To install this app on iOS and iPadOS
  1. Tap the Share icon in Safari
  2. Scroll the menu and tap Add to Home Screen.
  3. Tap Add in the top-right corner.
To install this app on Android
  1. Tap the 3-dot menu (ā‹®) in the top-right corner of the browser.
  2. Tap Add to Home screen or Install app.
  3. Confirm by tapping Install.

DNGuard HVM v4.94

Visual Studio
Visual Studio
in UnPackMe (.NET)

Featured Replies

DNGuard HVM v4.94

Hey,

Dropping my second UnpackMe challenge, made just for fun. This oneā€™s a bit tougher than my first, but still very doable. The goal is to unpack and analyze the binary and reach the success message. Cracking it is extra, not required.

Itā€™s a simple .NET WinForms app that asks for a password and shows ā€œAccess grantedā€ when the condition is met. The UI is trivial, the focus is on whatā€™s happening once protections kick in.

Protected with DNGuard HVM Enterprise. Source code, compiler-generated code, constructors, strings, managed resources, and blob heaps are encrypted. HVM and HVM II are both enabled at level 5, with proxy methods and additional runtime protections. Metadata is obfuscated, name heaps are destroyed, automatic renaming and dynamic control flow obfuscation are enabled, and basic anti-dump and anti-static measures are in place.

The password is not stored in plaintext. Verification is done against a SHA-256 hex hash (PasswordSha256Hex). If you want to reverse or bypass that, thatā€™s the crack portion and optional.

Screenshots show the app and protection settings used.

File Information

Submitter Visual Studio

Submitted 12/13/2025

Category UnPackMe (.NET)

View File

DNGuard HVM v4.94

Solved by 0xFFFFDAY

Go to solution

Do you accept crack without unpacking the target?

Just patching :)

image.png

Edited by Sh4DoVV

Basically it works like this,your input gets hased and compared to stored hashed thats inside crackme.

Stored hash is : 97328946466865e882e741277903962e7f1ca9cbb4e71948d740bbd38f702f3c <- crackmes hash.

To patch application put bp on MessageBoxW and check the call stack.

The address in my case is the second one on the call stack:

097044E3 - 8B CE - mov ecx,esi

From this address scroll up and you will see :

097044A7 - 74 10 - je 097044B9

097044A9 - C6 05 744ED005 01 - mov byte ptr [05D04E74],01 { (0),1 }

097044B0 - 8B CE - mov ecx,esi

097044B2 - E8 CDE96500 - call 09D62E84

097044B7 - EB 2A - jmp 097044E3

097044B9 - C6 05 744ED005 00 - mov byte ptr [05D04E74],00 { (0),0 }

Patch the first one 097044A7 - 74 10 - je 097044B9 to jne 097044B9 and that should be it.

image.png

    •
    • Thanks 2
    • Solution

    It was interesting šŸ˜…

    UnpackMe.Dumped.exe UnpackMe.Unpacked.exe

    Edited by 0xFFFFDAY

    • Thanks 1

    So we're supposed to brute-force the SHA-256?

    returnĀ !string.IsNullOrEmpty(input)Ā &&Ā Form1.FixedTimeEquals(Form1.ComputeSha256Hex(input),Ā "97328946466865e882e741277903962e7f1ca9cbb4e71948d740bbd38f702f3c");

    Create an account or sign in to comment

    https://forum.tuts4you.com/topic/45851-dnguard-hvm-v494/
    Go to topic listing

    Configure browser push notifications
    Chrome (Android)
    1. Tap the lock icon next to the address bar.
    2. Tap Permissions ā†’ Notifications.
    3. Adjust your preference.
    Chrome (Desktop)
    1. Click the padlock icon in the address bar.
    2. Select Site settings.
    3. Find Notifications and adjust your preference.