Gladiator Posted September 2, 2011 Posted September 2, 2011 Please Unpack and Crack itOptions :[+] Method Obfuscation[+] String Enryption[+] Resource Protection[+] anti Patch ProtectionBest RegardsMagician
LCF-AT Posted September 2, 2011 Posted September 2, 2011 Hi, so why do you use NetFrameWork now?Ok so with NetFrameW.... I have not much and less to do so I have to quit this time. greetz
Gladiator Posted September 2, 2011 Author Posted September 2, 2011 (edited) I am just trying some methods and commercial protectors in .net and there is no idea to make some thing stronger Thanks Dear LCF-AT Edited September 2, 2011 by Magician
CodeExplorer Posted September 3, 2011 Posted September 3, 2011 The protection seems to be CodeFort .NET.
jacano Posted September 4, 2011 Posted September 4, 2011 The protection scheme is really simply, they used name and string obfuscation and also a flow obfuscation based on delegates calls.All the calls in this app are redirected to delegates, in the .cctor() of these delegates there is another call to a method that receives an integer, this integer indexes the real method that need to be executed.The body method is obtained by reflection from a resource file.The key of the crackme is: HF738HVHXHCIHQ2873H8273HFIUSHF7238HF2FRemoving all the delegates will require me a little bit of programming, perhaps mono.cecil is a good option. 2
Gladiator Posted September 4, 2011 Author Posted September 4, 2011 @jacano:What about unpacking ? in this case we have so simple target and i think finding password was not so hard but what we can do in complex targets ?
CodeExplorer Posted September 4, 2011 Posted September 4, 2011 At entry point:Assembly assembly = delegate034.m0000ad(delegate034.f000084);Stream stream = delegate035.m0000ae(assembly, "_", delegate035.f000085);is infact:Assembly assembly = Assembly.GetExecutingAssembly();Stream stream = Assembly.GetManifestResourceStream(assembly, "_");quite easy to deprotect using reflection/mono.cecil
CodeExplorer Posted September 4, 2011 Posted September 4, 2011 @LCF-AT:Seems that "Magician" test all posible comercial .NET protectionin order to use them for "his" next .NET protector.Unpacked file:/>http://www.multiupload.com/148JCQE44HNext ?
Gladiator Posted September 4, 2011 Author Posted September 4, 2011 @LCF-AT:Seems that "Magician" test all posible comercial .NET protectionin order to use them for "his" next .NET protector.Unpacked file:http://www.multiupload.com/148JCQE44HNext ?No , i just test them for learning some thing and don't want to use them.Thanks.
CodeExplorer Posted September 9, 2011 Posted September 9, 2011 No , i just test them for learning some thing and don't want to use them.Thanks.I've heard something else ...So you stopped at CodeFort .NET for "your" protector. 1
Recommended Posts
Create an account or sign in to comment
You need to be a member in order to leave a comment
Create an account
Sign up for a new account in our community. It's easy!
Register a new accountSign in
Already have an account? Sign in here.
Sign In Now