Jump to content
View in the app

A better way to browse. Learn more.

Tuts 4 You

A full-screen app on your home screen with push notifications, badges and more.

To install this app on iOS and iPadOS
  1. Tap the Share icon in Safari
  2. Scroll the menu and tap Add to Home Screen.
  3. Tap Add in the top-right corner.
To install this app on Android
  1. Tap the 3-dot menu (⋮) in the top-right corner of the browser.
  2. Tap Add to Home screen or Install app.
  3. Confirm by tapping Install.

Featured Replies

Posted

I'm quite interested as to how people will approach this :) A version with much stronger security is currently in the works, but frankly I do not know where security needs to be added, since there is so little info on .NET unpacking about. So, please unpack it and tell me what you think and/or write a tutorial :)

http://crackmes.de/users/tfb/cryxenet_0.01a/

Edited by Teddy Rogers
Please use correct topic title format - thanks!

Here is unpacked file : http://www.box.net/shared/mni5bn2pl4

Is it right?

Regards.

rca.

Edited by rongchaua

Is it right?

Wow.. good job, rongchaua.

This is what I call clean-shaven.

How did u go ?

How did u go ?

I go with ".NET Generic Unpacker".

Regards.

rca.

  • Author

Yeah, the .NET generic unpacker didn't work on my computer (Vista) so I thought I had defeated it. *sigh*, this is gonna make improving the prot harder, because I won't be able to see what works and what doesn't :P

WTF ?

Just wanted to ask, if it only works on Vista... coz I'm with XPSP2.

I had it the first time. But then I realized, that

ur Anti-Dump works really fine over here. I can not dump a **** anymore :|

What's going on ?

Rongchaua, are u on vista ?

Edited by Ufo-Pu55y

  • Author

lol The mysterious antidump :P The Salamander .NET deprotector doesn't work on my Vista machine either. This is quite confusing.

The Salamander .NET deprotector

Woops.. I didn't know it.

Works fine on my box..

  • Author

Haha okay then. I'm working on something to counter it. But ofc. I can't test it :P

Yeah, the .NET generic unpacker didn't work on my computer (Vista) so I thought I had defeated it.

I give you a hint. Take a look at the assembly protected with Cli_Secure. Cli_Secure can hide the proccess of assembly to protect dumping from memory.

Rongchaua, are u on vista ?

Yes I am.

@Ufo, rendari: I hope you can make a real protector for .NET Assembly. Until now I can also unpacked fast all of protector for .NET.

- .NET Reactor.

- CodeVeil.

- Themida.

- Cli_Secure.

- I can't download the Salamander Protector and PC Guard for .NET, therefore I can not unpack it.

- dotnet protector don't run on my vista. After protecting with it the assembly doesn't run anymore. :) .

- Assembly Lockbox is a new protector, I have not taken a look in. But I think it's quite easy to unpack it.

Regards.

rca.

@rendari,rongchaua:

What about Maxtocode ? Seems to be unpacked, yet.. :X

Can't download the trial to make an unpackme.

Gives me a 10kb file.. :/

Edited by Ufo-Pu55y

What about Maxtocode ? Seems to be unpacked, yet.. :X

The Homepage of this protector is down. Hence there is no way to get the latest version. :(

Can't download the trial to make an unpackme.

Gives me a 10kb file.. :/

Here is it, my beloved SampleCrackme. :) )

http://www.box.net/shared/fsej52oajq

Regards.

rca.

Edited by rongchaua

Here is it, my beloved SampleCrackme. :) )

http://www.box.net/shared/fsej52oajq

Um.. which isn't packed :^

Got a link for the packed one ?

I still have it, but I raped the .dll with EBFEs everywhere..

and I lost the clean one :|

There's another (chinese) homepage:

http://www.maxtocode.com.cn/chs/index.html

But since I don't understand anything over there, I couldn't find a trial d/l link..

Edited by Ufo-Pu55y

But since I don't understand anything over there, I couldn't find a trial d/l link..

I don't understand too. But with Google Translate Tool I have this http://www.maxtocode.com.cn/downloads/MaxtoCodeTest3.exe

But this is a 3.20 and CHINESE Version. :) )

Edited by rongchaua

How to unpack pure .NET Packer with Reflexil:

1)I found the function which calls EntryPoint.Invoke: in this case

public void c()

{

Assembly.Load(this.d).EntryPoint.Invoke(null, null);

}

2) At this point I used the new plugin:

Into reflexil window: right click and select "Replece all with code".

Into the c# source I added using System.IO; and into the c() function this:

FileStream fs = new FileStream(@"C:\dump.exe",FileMode.Create,FileAccess.Write);

fs.Close();

Now click on "Preview IL" and if all is ok click on "OK"

3)Manual insertion of IL code:

now insert after the first stloc.0 these IL codes, in this way, we can use local variables and functions:

ldloc.0

ldarg.0

ldfld uint8[] a:biggrin.gif

ldc.i4.0

ldc.i4 0x927c1

callvirt instance void [mscorlib]System.IO.FileStream::Write(uint8[], int32, int32)

aka stream.Write(this.d, 0, 0x927c1);

For more info about doing it view the UFO-Pu55y video tutorial.

4)Save the file, and run it: a running dump will create at c:\

The patched file is attached to arteam forum: http://forums.accessroot.com/index.php?showtopic=5984

...
Jesus... :o

.NET junks might have felt it in their balls,

that this AddIn would be a real .NET killer,

but I didn't expect to see the CodeInjection feature of Reflexil

already being in use in such a perfect way !!

GREAT :P

M$ will hate the author of Reflexil...

Hopefully they won

M$ will hate the author of Reflexil...

Hopefully they won

Really? That

How to unpack pure .NET Packer with Reflexil:

....

3)Manual insertion of IL code:

now insert after the first stloc.0 these IL codes, in this way, we can use local variables and functions:

Just a temporarely hint to make life easier,

until a fully working CodeInjector comes out:

using System;
using System.Collections.Generic;
using System.Text;
using System.IO;namespace Reflexil.CodeInjector {
class a
{
byte[] d;
void c()
{
FileStream stream = new FileStream(@"C:\dump.exe", FileMode.Create, FileAccess.Write);
stream.Write(this.d, 0, 0x927c1);
stream.Close();
}
}
}

Simply pretend, as if ur injection would use the real references -

after that u only need to correct these references !

Makes sense more than ever, when copying original code into

ur injection... or when trying on something more complex.. :)

Meh.. I should have known before !

I could fully remake my last tutorial now :(

Cheers

  • Author

You're all making me a very sad little puppy :)

Create an account or sign in to comment

Configure browser push notifications

Chrome (Android)
  1. Tap the lock icon next to the address bar.
  2. Tap Permissions → Notifications.
  3. Adjust your preference.
Chrome (Desktop)
  1. Click the padlock icon in the address bar.
  2. Select Site settings.
  3. Find Notifications and adjust your preference.