加了Eazfuscator最新版大佬来试试手
就加了最新版得 其它没了 !!!大佬来试试 。估计最好不要爆破吧。
本帖最后由 BlackHatRCE 于 2022-8-31 14:56 编辑
Eazfuscator Unpacking (Without Virtualization)
Why You didn't apply VM in this Challenge ? without VM, It is easy to unpack. :)
Some Public Resource to look for understanding more about EAZ -
[*]Strings, Resource and Assembly Embedding -https://github.com/HoLLy-HaCKeR/EazFixer (> It will probably not work on latest version but good to check how It used to work)
[*]Symbols Renaming- https://github.com/HoLLy-HaCKeR/EazDecode (> If It is hard for doing then We can guess the name by reading Strings, Types etc. and general pattern present in .NET apps.)
This challenge do not have "homomorphic encryption" or "Virtualization" so no need to brute force the Key and you can continue the Unpacking. For more Info, You can read the links given above.
Tip : I cleaned the Assembly after Unpacking and Devirting by observing classes manually so It looks nice.
You can guess Symbols from the assembly itself by modifying de4dot Renamer or can do it manually. in Case of Stacking (depends on How EAZ is stacked),
It is not advisable to clean Assembly as It may break other protectors unpacking.
本帖最后由 teety 于 2022-1-14 23:25 编辑
直接de4dot去混淆,拖入Dnspy就可以看到了。加了虚拟化应该也是可以解密后内存dump出来结果也一样吧。
private void button_0_Click(object sender, EventArgs e)
{
this.textBox_0.Text = Class50.smethod_0(-658317359);//加上这句就自己填写好正确的内容了。
string text3 = this.textBox_0.Text;
string text2 = this.textBox_0.Text;
if (text3.Equals(Class50.smethod_0(-658317359)) && text2.Equals(Class50.smethod_0(-658317359)))
{
MessageBox.Show(Class50.smethod_0(-658317371));
return;
}
MessageBox.Show(Class50.smethod_0(-658317330));
}
加油 云在天 发表于 2022-1-14 18:18
加油
脱妹子衣服都没你块!!!!{:1_923:} 下了,看了下,你这没有虚拟化啊,我看你应该连文档都没看,就exe直接拖入到 Eazfuscator 完事儿了? 16200 发表于 2022-1-14 18:24
脱妹子衣服都没你块!!!!
你得启用虚拟化啊! 这个壳不是很不好脱吗?他的混淆很厉害。、 没加VM的化,好像也不是很难。
Eazfuscator最新版本有没有,发一个试试手
页:
[1]
2