rendari Posted August 24, 2007 Posted August 24, 2007 (edited) I'm quite interested as to how people will approach this A version with much stronger security is currently in the works, but frankly I do not know where security needs to be added, since there is so little info on .NET unpacking about. So, please unpack it and tell me what you think and/or write a tutorial http://crackmes.de/users/tfb/cryxenet_0.01a/ Edited August 24, 2007 by Teddy Rogers Please use correct topic title format - thanks!
rongchaua Posted August 24, 2007 Posted August 24, 2007 (edited) Here is unpacked file : http://www.box.net/shared/mni5bn2pl4Is it right?Regards.rca. Edited August 24, 2007 by rongchaua
Ufo-Pu55y Posted August 24, 2007 Posted August 24, 2007 Is it right?Wow.. good job, rongchaua.This is what I call clean-shaven.How did u go ?
rongchaua Posted August 24, 2007 Posted August 24, 2007 How did u go ?I go with ".NET Generic Unpacker". Regards.rca.
rendari Posted August 24, 2007 Author Posted August 24, 2007 Yeah, the .NET generic unpacker didn't work on my computer (Vista) so I thought I had defeated it. *sigh*, this is gonna make improving the prot harder, because I won't be able to see what works and what doesn't
Ufo-Pu55y Posted August 24, 2007 Posted August 24, 2007 (edited) WTF ?Just wanted to ask, if it only works on Vista... coz I'm with XPSP2.I had it the first time. But then I realized, thatur Anti-Dump works really fine over here. I can not dump a **** anymore :|What's going on ?Rongchaua, are u on vista ? Edited August 24, 2007 by Ufo-Pu55y
rendari Posted August 24, 2007 Author Posted August 24, 2007 lol The mysterious antidump The Salamander .NET deprotector doesn't work on my Vista machine either. This is quite confusing.
Ufo-Pu55y Posted August 25, 2007 Posted August 25, 2007 The Salamander .NET deprotectorWoops.. I didn't know it.Works fine on my box..
rendari Posted August 25, 2007 Author Posted August 25, 2007 Haha okay then. I'm working on something to counter it. But ofc. I can't test it
rongchaua Posted August 25, 2007 Posted August 25, 2007 Yeah, the .NET generic unpacker didn't work on my computer (Vista) so I thought I had defeated it. I give you a hint. Take a look at the assembly protected with Cli_Secure. Cli_Secure can hide the proccess of assembly to protect dumping from memory. Rongchaua, are u on vista ? Yes I am. @Ufo, rendari: I hope you can make a real protector for .NET Assembly. Until now I can also unpacked fast all of protector for .NET. - .NET Reactor. - CodeVeil. - Themida. - Cli_Secure. - I can't download the Salamander Protector and PC Guard for .NET, therefore I can not unpack it. - dotnet protector don't run on my vista. After protecting with it the assembly doesn't run anymore. . - Assembly Lockbox is a new protector, I have not taken a look in. But I think it's quite easy to unpack it. Regards. rca.
Ufo-Pu55y Posted August 25, 2007 Posted August 25, 2007 (edited) @rendari,rongchaua:What about Maxtocode ? Seems to be unpacked, yet.. :XCan't download the trial to make an unpackme.Gives me a 10kb file.. :/ Edited August 25, 2007 by Ufo-Pu55y
rongchaua Posted August 25, 2007 Posted August 25, 2007 (edited) What about Maxtocode ? Seems to be unpacked, yet.. :X The Homepage of this protector is down. Hence there is no way to get the latest version. Can't download the trial to make an unpackme.Gives me a 10kb file.. :/ Here is it, my beloved SampleCrackme. ) http://www.box.net/shared/fsej52oajq Regards. rca. Edited August 25, 2007 by rongchaua
Ufo-Pu55y Posted August 25, 2007 Posted August 25, 2007 (edited) Here is it, my beloved SampleCrackme. )http://www.box.net/shared/fsej52oajq Um.. which isn't packed Got a link for the packed one ? I still have it, but I raped the .dll with EBFEs everywhere.. and I lost the clean one :| There's another (chinese) homepage: http://www.maxtocode.com.cn/chs/index.html But since I don't understand anything over there, I couldn't find a trial d/l link.. Edited August 25, 2007 by Ufo-Pu55y
rongchaua Posted August 25, 2007 Posted August 25, 2007 (edited) But since I don't understand anything over there, I couldn't find a trial d/l link.. I don't understand too. But with Google Translate Tool I have this http://www.maxtocode.com.cn/downloads/MaxtoCodeTest3.exe But this is a 3.20 and CHINESE Version. ) Edited August 25, 2007 by rongchaua
PnLuck Posted August 29, 2007 Posted August 29, 2007 How to unpack pure .NET Packer with Reflexil:1)I found the function which calls EntryPoint.Invoke: in this casepublic void c(){Assembly.Load(this.d).EntryPoint.Invoke(null, null);}2) At this point I used the new plugin:Into reflexil window: right click and select "Replece all with code".Into the c# source I added using System.IO; and into the c() function this:FileStream fs = new FileStream(@"C:\dump.exe",FileMode.Create,FileAccess.Write);fs.Close();Now click on "Preview IL" and if all is ok click on "OK"3)Manual insertion of IL code:now insert after the first stloc.0 these IL codes, in this way, we can use local variables and functions:ldloc.0ldarg.0ldfld uint8[] a:biggrin.gifldc.i4.0ldc.i4 0x927c1callvirt instance void [mscorlib]System.IO.FileStream::Write(uint8[], int32, int32)aka stream.Write(this.d, 0, 0x927c1);For more info about doing it view the UFO-Pu55y video tutorial.4)Save the file, and run it: a running dump will create at c:\The patched file is attached to arteam forum: http://forums.accessroot.com/index.php?showtopic=5984
Ufo-Pu55y Posted August 29, 2007 Posted August 29, 2007 ...Jesus... .NET junks might have felt it in their balls, that this AddIn would be a real .NET killer, but I didn't expect to see the CodeInjection feature of Reflexil already being in use in such a perfect way !! GREAT
Sonny27 Posted August 29, 2007 Posted August 29, 2007 M$ will hate the author of Reflexil...Hopefully they won
PnLuck Posted August 29, 2007 Posted August 29, 2007 M$ will hate the author of Reflexil...Hopefully they won
Ufo-Pu55y Posted September 1, 2007 Posted September 1, 2007 How to unpack pure .NET Packer with Reflexil:.... 3)Manual insertion of IL code: now insert after the first stloc.0 these IL codes, in this way, we can use local variables and functions: Just a temporarely hint to make life easier, until a fully working CodeInjector comes out: using System;using System.Collections.Generic;using System.Text;using System.IO;namespace Reflexil.CodeInjector { class a { byte[] d; void c() { FileStream stream = new FileStream(@"C:\dump.exe", FileMode.Create, FileAccess.Write); stream.Write(this.d, 0, 0x927c1); stream.Close(); } }} Simply pretend, as if ur injection would use the real references - after that u only need to correct these references ! Makes sense more than ever, when copying original code into ur injection... or when trying on something more complex.. Meh.. I should have known before ! I could fully remake my last tutorial now Cheers
rendari Posted September 1, 2007 Author Posted September 1, 2007 You're all making me a very sad little puppy
Recommended Posts
Create an account or sign in to comment
You need to be a member in order to leave a comment
Create an account
Sign up for a new account in our community. It's easy!
Register a new accountSign in
Already have an account? Sign in here.
Sign In Now