.net eazfuscator+vmprotect CrackMe&UnpackMe
本帖最后由 mochongli 于 2022-8-7 18:48 编辑测试壳,只有一个简单判断。 本帖最后由 BlackHatRCE 于 2022-9-30 19:34 编辑
Eazfuscator Unpacking (With Virtualization)
Devirtualized, Unpacked and Cleaned the Eazfuscator. It is properly done and everything is restored. You can review and let me know if it is good or not.
Learn basics of CIL fundamentals. You will find plenty of resources in Google.
You can learn how the "assembly reader/modifier" works. You can see "dnlib" https://github.com/0xd4d/dnlib or "asmresolver "https://github.com/Washi1337/AsmResolver
Analyze how streams are Initialized, location of opcodes and their connection with respective handlers.
EAZ does not have specific info for "Exception Handling" so you have to spend a good time in debugging to add support for those.
Some Public Resource to look for understanding more about EAZ -
Strings, Resource and Assembly Embedding -https://github.com/HoLLy-HaCKeR/EazFixer (> It will probably not work on latest version but good to check how It used to work)
Symbols Renaming- https://github.com/HoLLy-HaCKeR/EazDecode (> If It is hard for doing then We can guess the name by reading Strings, Types etc. and general pattern present in .NET apps.)
EAZ De-virtualization is not so easy as It seems. A good Resource to understand the Devirt process is - @https://github.com/saneki/eazdevirt
This challenge does not have "homomorphic encryption" so no need to brute force the Key and you can continue the Unpacking. For more Info, You can read the links given above.
Tip : I cleaned the Assembly after Unpacking and Devirting by observing classes manually so It looks nice.
You can guess Symbols from the assembly itself by modifying de4dot Renamer or can do it manually. in Case of Stacking (depends on How EAZ is stacked),
It is not advisable to clean Assembly as It may break other protectors unpacking.
感谢分享
MIIEvQIBADANBgkqhkiG9w0BAQEFAASCBKcwggSjAgEAAoIBAQDLX1IykO46LAxS
@mochongli 双壳争霸?可惜vmp没有启用虚拟化 SoftCracker 发表于 2022-7-23 23:16
@mochongli 双壳争霸?可惜vmp没有启用虚拟化
开了 ef的虚拟化,vmp就开不了虚拟化了吧?即使开了,,也有可能无法运行,即使运行了,速度也是猛速降低的。。。 本帖最后由 jy04468108 于 2022-7-25 09:05 编辑
我的是:MIIEvQIBADANBgkqhkiG9w0BAQEFAASCBKcwggSjAgEAAoIBAQDLX1IykO46LAxS
不知道你们的是不是。
有没有加双层壳和对应的破解方法
本帖最后由 mochongli 于 2022-8-6 19:44 编辑
@艾莉希雅 @jy04468108 试试v1 数据也加密了
@SoftCracker v1都开了虚拟化 password : the high ground(大小写不敏感)
@mochongli
1. 你是用vmp3.6的哪个版本加壳的?是3.6.0.1406吗?
2. 你加壳的时候使用了什么特别的方式吗?如果没有,可以用完全同样的方式再加一次vmp发上来吗(还是用之前加了eaz的那个文件)?我感觉加了vmp的文件有一点问题 本帖最后由 mochongli 于 2022-8-8 02:52 编辑
@SoftCracker
1. 对
2. 没有, 我没保存vmp文件。什么问题,虽然不一样但应该可以复现。
本帖最后由 SoftCracker 于 2022-8-8 04:46 编辑
你重新发的文件确实能重现这个问题,但我自己加壳却无法重现,麻烦把vmp文件保存一下发上来
页:
[1]
2