Posted August 24, 200718 yr I'm quite interested as to how people will approach this A version with much stronger security is currently in the works, but frankly I do not know where security needs to be added, since there is so little info on .NET unpacking about. So, please unpack it and tell me what you think and/or write a tutorial http://crackmes.de/users/tfb/cryxenet_0.01a/ Edited August 24, 200718 yr by Teddy Rogers Please use correct topic title format - thanks!
August 24, 200718 yr Here is unpacked file : http://www.box.net/shared/mni5bn2pl4Is it right?Regards.rca. Edited August 24, 200718 yr by rongchaua
August 24, 200718 yr Is it right?Wow.. good job, rongchaua.This is what I call clean-shaven.How did u go ?
August 24, 200718 yr Author Yeah, the .NET generic unpacker didn't work on my computer (Vista) so I thought I had defeated it. *sigh*, this is gonna make improving the prot harder, because I won't be able to see what works and what doesn't
August 24, 200718 yr WTF ?Just wanted to ask, if it only works on Vista... coz I'm with XPSP2.I had it the first time. But then I realized, thatur Anti-Dump works really fine over here. I can not dump a **** anymore :|What's going on ?Rongchaua, are u on vista ? Edited August 24, 200718 yr by Ufo-Pu55y
August 24, 200718 yr Author lol The mysterious antidump The Salamander .NET deprotector doesn't work on my Vista machine either. This is quite confusing.
August 25, 200718 yr Author Haha okay then. I'm working on something to counter it. But ofc. I can't test it
August 25, 200718 yr Yeah, the .NET generic unpacker didn't work on my computer (Vista) so I thought I had defeated it. I give you a hint. Take a look at the assembly protected with Cli_Secure. Cli_Secure can hide the proccess of assembly to protect dumping from memory. Rongchaua, are u on vista ? Yes I am. @Ufo, rendari: I hope you can make a real protector for .NET Assembly. Until now I can also unpacked fast all of protector for .NET. - .NET Reactor. - CodeVeil. - Themida. - Cli_Secure. - I can't download the Salamander Protector and PC Guard for .NET, therefore I can not unpack it. - dotnet protector don't run on my vista. After protecting with it the assembly doesn't run anymore. . - Assembly Lockbox is a new protector, I have not taken a look in. But I think it's quite easy to unpack it. Regards. rca.
August 25, 200718 yr @rendari,rongchaua:What about Maxtocode ? Seems to be unpacked, yet.. :XCan't download the trial to make an unpackme.Gives me a 10kb file.. :/ Edited August 25, 200718 yr by Ufo-Pu55y
August 25, 200718 yr What about Maxtocode ? Seems to be unpacked, yet.. :X The Homepage of this protector is down. Hence there is no way to get the latest version. Can't download the trial to make an unpackme.Gives me a 10kb file.. :/ Here is it, my beloved SampleCrackme. ) http://www.box.net/shared/fsej52oajq Regards. rca. Edited August 25, 200718 yr by rongchaua
August 25, 200718 yr Here is it, my beloved SampleCrackme. )http://www.box.net/shared/fsej52oajq Um.. which isn't packed Got a link for the packed one ? I still have it, but I raped the .dll with EBFEs everywhere.. and I lost the clean one :| There's another (chinese) homepage: http://www.maxtocode.com.cn/chs/index.html But since I don't understand anything over there, I couldn't find a trial d/l link.. Edited August 25, 200718 yr by Ufo-Pu55y
August 25, 200718 yr But since I don't understand anything over there, I couldn't find a trial d/l link.. I don't understand too. But with Google Translate Tool I have this http://www.maxtocode.com.cn/downloads/MaxtoCodeTest3.exe But this is a 3.20 and CHINESE Version. ) Edited August 25, 200718 yr by rongchaua
August 29, 200718 yr How to unpack pure .NET Packer with Reflexil:1)I found the function which calls EntryPoint.Invoke: in this casepublic void c(){Assembly.Load(this.d).EntryPoint.Invoke(null, null);}2) At this point I used the new plugin:Into reflexil window: right click and select "Replece all with code".Into the c# source I added using System.IO; and into the c() function this:FileStream fs = new FileStream(@"C:\dump.exe",FileMode.Create,FileAccess.Write);fs.Close();Now click on "Preview IL" and if all is ok click on "OK"3)Manual insertion of IL code:now insert after the first stloc.0 these IL codes, in this way, we can use local variables and functions:ldloc.0ldarg.0ldfld uint8[] a:biggrin.gifldc.i4.0ldc.i4 0x927c1callvirt instance void [mscorlib]System.IO.FileStream::Write(uint8[], int32, int32)aka stream.Write(this.d, 0, 0x927c1);For more info about doing it view the UFO-Pu55y video tutorial.4)Save the file, and run it: a running dump will create at c:\The patched file is attached to arteam forum: http://forums.accessroot.com/index.php?showtopic=5984
August 29, 200718 yr ...Jesus... .NET junks might have felt it in their balls, that this AddIn would be a real .NET killer, but I didn't expect to see the CodeInjection feature of Reflexil already being in use in such a perfect way !! GREAT
September 1, 200718 yr How to unpack pure .NET Packer with Reflexil:.... 3)Manual insertion of IL code: now insert after the first stloc.0 these IL codes, in this way, we can use local variables and functions: Just a temporarely hint to make life easier, until a fully working CodeInjector comes out: using System;using System.Collections.Generic;using System.Text;using System.IO;namespace Reflexil.CodeInjector { class a { byte[] d; void c() { FileStream stream = new FileStream(@"C:\dump.exe", FileMode.Create, FileAccess.Write); stream.Write(this.d, 0, 0x927c1); stream.Close(); } }} Simply pretend, as if ur injection would use the real references - after that u only need to correct these references ! Makes sense more than ever, when copying original code into ur injection... or when trying on something more complex.. Meh.. I should have known before ! I could fully remake my last tutorial now Cheers
Create an account or sign in to comment