开年第一个crackme,希望可以超过72小时!
本帖最后由 HAINING 于 2023-1-29 13:33 编辑开年第一个crackme,net代码,希望可以超过72小时!期待大佬出手!标准是:注册成功并出源码,期待能撑过72小时!{:1_893:};www
EAFUSCATOR W/ VM + ENIGMA PROTECTOR
I am Unstoppable :D
STEPS -
[*]Run the Software and put BP so We can stop it after .NET Data loaded in memory.
[*]Perform a memory dump so we will get a file without native layer. (Enigma Protector over .NET only applies Native Layer)
[*]I downloaded the File and I see 2 Folders. One Main Target File is protected using "Assembly mode" while another was using "DLL mode".
As You can see, It is properly Unpacked and restored like Original unprotected File.Difficulty : 9/10
For those who want to learn the process of finding "right key" without unpacking, Follow this -
Steps :
[*]Run the software.
[*]Open the Process Hacker.
[*]Enter anything in the TextBox and It will show an Error.
[*]Check for that in Memory Strings and You will find out the Correct Key just near to it or You can inspect the Memory file in Hex Editor.
How To?
Some Public Resource to look for understanding more about EAZ -
[*]Strings, Resource and Assembly Embedding - https://github.com/HoLLy-HaCKeR/EazFixer (> It will probably not work on latest version but good to check how It used to work )
[*]Symbols Renaming - https://github.com/HoLLy-HaCKeR/EazDecode (> If It is hard for doing then We can guess the name by reading Strings, Types etc. and general pattern present in .NET apps.)
[*]EAZ Decode -virtualization is not so easy as It seems.
If there is Homo-morphic Encryption then It is harder even.
[*]A good Resource to understand the Devirt process is - https://github.com/saneki/eazdevirt
This challenge does not have homomorphic encryption so no need to brute force the Key and you can continue the Unpacking. For more Info, You can check the Previous solved Challenges of EAZFUSCATOR
If anyone knows English and Chinese both language,He can translate it properly for everyone.I do not know Chinese so I can not type in Chinese language (may be I am not smart enough to learn it).
可读性还是不高,没耐心了 darksied 发表于 2023-1-30 16:37
可读性还是不高,没耐心了
怎么脱壳呀 继续等大佬出手 BlackHatRCE 发表于 2023-2-14 16:07
EAFUSCATOR W/ VM + ENIGMA PROTECTOR
I am Unstoppable :D
还是英文的大佬 牛笔666 坏坏小生007 发表于 2023-3-14 08:17
还是英文的大佬 牛笔666
这也扣 呵呵
页:
[1]