16200 发表于 2022-1-14 17:52

加了Eazfuscator最新版大佬来试试手




就加了最新版得 其它没了 !!!大佬来试试 。估计最好不要爆破吧。

BlackHatRCE 发表于 2022-8-26 05:04

本帖最后由 BlackHatRCE 于 2022-8-31 14:56 编辑


Eazfuscator Unpacking (Without Virtualization)



Why You didn't apply VM in this Challenge ? without VM, It is easy to unpack. :)

Some Public Resource to look for understanding more about EAZ -


[*]Strings, Resource and Assembly Embedding -https://github.com/HoLLy-HaCKeR/EazFixer (> It will probably not work on latest version but good to check how It used to work)
[*]Symbols Renaming- https://github.com/HoLLy-HaCKeR/EazDecode (> If It is hard for doing then We can guess the name by reading Strings, Types etc. and general pattern present in .NET apps.)


This challenge do not have "homomorphic encryption" or "Virtualization" so no need to brute force the Key and you can continue the Unpacking. For more Info, You can read the links given above.

Tip : I cleaned the Assembly after Unpacking and Devirting by observing classes manually so It looks nice.
You can guess Symbols from the assembly itself by modifying de4dot Renamer or can do it manually. in Case of Stacking (depends on How EAZ is stacked),
It is not advisable to clean Assembly as It may break other protectors unpacking.

teety 发表于 2022-1-14 23:24

本帖最后由 teety 于 2022-1-14 23:25 编辑

直接de4dot去混淆,拖入Dnspy就可以看到了。加了虚拟化应该也是可以解密后内存dump出来结果也一样吧。

private void button_0_Click(object sender, EventArgs e)
{
      this.textBox_0.Text = Class50.smethod_0(-658317359);//加上这句就自己填写好正确的内容了。
      string text3 = this.textBox_0.Text;
      string text2 = this.textBox_0.Text;
      if (text3.Equals(Class50.smethod_0(-658317359)) && text2.Equals(Class50.smethod_0(-658317359)))
      {
                MessageBox.Show(Class50.smethod_0(-658317371));
                return;
      }
      MessageBox.Show(Class50.smethod_0(-658317330));
}

云在天 发表于 2022-1-14 18:18



加油

16200 发表于 2022-1-14 18:24

云在天 发表于 2022-1-14 18:18
加油

脱妹子衣服都没你块!!!!{:1_923:}

夜泉 发表于 2022-1-14 20:10

下了,看了下,你这没有虚拟化啊,我看你应该连文档都没看,就exe直接拖入到 Eazfuscator 完事儿了?

SoftCracker 发表于 2022-1-15 01:24

16200 发表于 2022-1-14 18:24
脱妹子衣服都没你块!!!!

你得启用虚拟化啊!

lyliucn 发表于 2022-1-15 08:17

这个壳不是很不好脱吗?他的混淆很厉害。、

jy04468108 发表于 2022-1-15 08:53

没加VM的化,好像也不是很难。

go2crack 发表于 2022-1-16 01:13

鲨ミ鱼 发表于 2022-1-23 14:33

Eazfuscator最新版本有没有,发一个试试手
页: [1] 2
查看完整版本: 加了Eazfuscator最新版大佬来试试手