[Hack] Unpack, Crack tool C# .NET

Here if we open dnSpy or CheatEngine, then MaxCare will be closed to prevent hack.

  1. Using “Detect It Easy” to determine the coding language of this software
https://github.com/horsicq/Detect-It-Easy

This software is encoded/protected by “ENIGMA” into “PE” (portable executable) file, so we can’t reverse as normal.

2. Using “Process Hacker” to suspend the software to avoid it is closed when we use cheat tools

https://processhacker.sourceforge.io/downloads.php

3. Using “MegaDumper” to dump it

https://github.com/CodeCracker-Tools/MegaDumper

Here we can see “.NET = true” means this sw is developed with .Net

Right click and select “.NET dump” then wait for dumping…

After waitting, it dumped 33 files and create a new folder called “Dumps”

Now we’ll resume MaxCare process, then it’ll be closed automatically since we are running cheat tools.

4.Using “dnSpy” to reverse source

Then we can see, it’s not PE anymore

Right click and select “Go to Entry Point”

If we goto “Resource”, then we can find this service

5.Using “CawkVM-Devirter” to unpack

https://github.com/Mageland29/CawkVM-Devirter

Since we have special character, so we can’t paste the string into the console.

Therefore, we have to modify the source code of “CawkVM-Devirter”

Since we hardcoded, so we can type anything we want

Then it unpacked succesfully into “MaxCare_Devirt.exe”. Now we can use “dnSpy” to reverse source of this new generated exe file.

Reference:

“Developer never die” 😎🇻🇳