Jump to content
View in the app

A better way to browse. Learn more.
Tuts 4 You

A full-screen app on your home screen with push notifications, badges and more.

To install this app on iOS and iPadOS
  1. Tap the Share icon in Safari
  2. Scroll the menu and tap Add to Home Screen.
  3. Tap Add in the top-right corner.
To install this app on Android
  1. Tap the 3-dot menu (⋮) in the top-right corner of the browser.
  2. Tap Add to Home screen or Install app.
  3. Confirm by tapping Install.

[crackme] .net Crackme #16

Kurapica
Kurapica
in CrackMe

Featured Replies

Posted

Keygen is required and no patching is allowed.

CrackME.rar

There's an anti-reflector trick, which can be killed like this:

Open the target in WinHex, then do a "Replace Hex Values" with "FFE2" to "0000"

for all occurrences. This FFE2 is an invalid IL instruction, so I replaced it with 2 NOPs.

Assembly still runs and reflector can browse the full IL code again.

PS: PEBrowse can browse it without fixing tho...

I think it is fair enough to share this article (written by the dev of this protector):

http://www.codeproject.com/KB/vb/StackCrypt.aspx

But atm I'm still confused, ytf methods don't start with the 1st IL instruction.

The 1st executed one is in the middle of the method instead :huh:

@UFO-Pu55y: I can not bring the crackme run on my vista so I must analyse statically. Therefore I can not notice that the 1. executed instructions is in the middle of function. I will try to bring it run and see how it works. Hope I'll find something. :) .

Edited by rongchaua

@UFO-Pu55y: I can not bring the crackme run on my vista so I must analyse statically. Therefore I can not notice that the 1. executed instructions is in the middle of function. I will try to bring it run and see how it works. Hope I'll find something. :) .

No no, I was wrong. Everything gets executed like you see it in Reflector (after patching the bad ILs).

I found out how to fish the encrypted strings with Olly.

Looking for a more comfortable way to get them atm...

Today I took a look at Goliath. I think we can restore the original code of assembly. I am writing a deobfuscator for it. Hope I can finish it.

I think it is fair enough to share this article (written by the dev of this protector):

http://www.codeproject.com/KB/vb/StackCrypt.aspx

But atm I'm still confused, ytf methods don't start with the 1st IL instruction.

The 1st executed one is in the middle of the method instead :huh:

Thanks for your advertising! :)

best regards,

Marcello Cantelmo

www.cantelmosoftware.com

Keygen is required and no patching is allowed.

CrackME.rar

:^

Marcello Cantelmo

www.cantelmosoftware.com

There's an anti-reflector trick, which can be killed like this:

Open the target in WinHex, then do a "Replace Hex Values" with "FFE2" to "0000"

for all occurrences. This FFE2 is an invalid IL instruction, so I replaced it with 2 NOPs.

Assembly still runs and reflector can browse the full IL code again.

PS: PEBrowse can browse it without fixing tho...

:thumbsup:

Marcello Cantelmo

www.cantelmosoftware.com

Today I took a look at Goliath. I think we can restore the original code of assembly. I am writing a deobfuscator for it. Hope I can finish it.

:kick: ...But after you have completed your obfuscator by a rating to my job? ;)

Marcello Cantelmo

www.cantelmosoftware.com

Edited by Marcello

@UFO-Pu55y: I can not bring the crackme run on my vista so I must analyse statically. Therefore I can not notice that the 1. executed instructions is in the middle of function. I will try to bring it run and see how it works. Hope I'll find something. :) .

No no, I was wrong. Everything gets executed like you see it in Reflector (after patching the bad ILs).

I found out how to fish the encrypted strings with Olly.

Looking for a more comfortable way to get them atm...

But how long are you losing to analyze the obfuscator of a stranger? I hope only that now microsoft create a .NET native compiler ;)

best regards,

Marcello Cantelmo

www.cantelmosoftware.com

  • Author
But how long are you losing to analyze the obfuscator of a stranger? I hope only that now microsoft create a .NET native compiler ;)

best regards,

Marcello Cantelmo

www.cantelmosoftware.com

Do you think native compilers stopped people from reversing code ? you should think again :no:

But how long are you losing to analyze the obfuscator of a stranger? I hope only that now microsoft create a .NET native compiler ;)

best regards,

Marcello Cantelmo

www.cantelmosoftware.com

Do you think native compilers stopped people from reversing code ? you should think again :no:

One thing is the crack and another thing is the decompilation! The crack can be used as an advertising our product. Now all feel hackers. You do not have to lose even more time to understand an algorithm ;)

MS that has always fought piracy now does nothing if one of his employees realized a decompiler and forces us to use an obfuscator. It is better to create a native compiler!!!

Lutz is a MS developer who created r3fl3ct0r (for free). MS suggests using d0tfusc4t0r ($1900). Other company (jungl3 cr34tur3s) has created a decompiler but if you purchase MSDN enjoy a 50% discount on the product. Members will another company (x3n0c0d3) was formed by ex product manager MS ;)

I think its something wrong. Must not offend my intelligence!

If I continue to use the MS products the *security* is a essential requirement. This is not just my thoughts (but many). Probably forcing us to use patents ;)

How can I become a h4ck3r? I know that the market is much more rewarding :cool:

best regards,

Marcello Cantelmo

www.cantelmosoftware.com

The crack can be used as an advertising our product. Now all feel hackers.
Soon while entering "goliath" into google, you will notice an entry like "Goliath Unpacker v1.0.......".

Congratulation... nice adv3rtis3m3nt !

That is.. only if some guy will come up and think that it's worth it at all ;)

In other words: Find some clients for your protector, and we'll find somewhat more motivation

to own your code...

The crack can be used as an advertising our product. Now all feel hackers.
Soon while entering "goliath" into google, you will notice an entry like "Goliath Unpacker v1.0.......".

Congratulation... nice adv3rtis3m3nt !

That is.. only if some guy will come up and think that it's worth it at all ;)

In other words: Find some clients for your protector, and we'll find somewhat more motivation

to own your code...

Crack understood as removal of protection and then use it without valid license :yes: . Advertising is that you use the program but then you need to protect programs to be distributed ;)

You, however, are more talented and have all done a unpacker! Why not exploit your intelligence to make things better? Maybe your obfuscator since. Net is a vulnerable platform? :biggrin:

Expect your unpacker before issuing Goliath .NET Onfuscator 3.x (tnx for *free* beta tester support) :thumbsup:

Marcello Cantelmo

www.cantelmosoftware.com

  • 11 months later...

Create an account or sign in to comment

Go to topic listing

Configure browser push notifications
Chrome (Android)
  1. Tap the lock icon next to the address bar.
  2. Tap Permissions → Notifications.
  3. Adjust your preference.
Chrome (Desktop)
  1. Click the padlock icon in the address bar.
  2. Select Site settings.
  3. Find Notifications and adjust your preference.