Gladiator Posted September 2, 2011 Share Posted September 2, 2011 Please Unpack and Crack itOptions :[+] Method Obfuscation[+] String Enryption[+] Resource Protection[+] anti Patch ProtectionBest RegardsMagician Link to comment Share on other sites More sharing options...
LCF-AT Posted September 2, 2011 Share Posted September 2, 2011 Hi, so why do you use NetFrameWork now?Ok so with NetFrameW.... I have not much and less to do so I have to quit this time. greetz Link to comment Share on other sites More sharing options...
Gladiator Posted September 2, 2011 Author Share Posted September 2, 2011 (edited) I am just trying some methods and commercial protectors in .net and there is no idea to make some thing stronger Thanks Dear LCF-AT Edited September 2, 2011 by Magician Link to comment Share on other sites More sharing options...
CodeExplorer Posted September 3, 2011 Share Posted September 3, 2011 The protection seems to be CodeFort .NET. Link to comment Share on other sites More sharing options...
jacano Posted September 4, 2011 Share Posted September 4, 2011 The protection scheme is really simply, they used name and string obfuscation and also a flow obfuscation based on delegates calls.All the calls in this app are redirected to delegates, in the .cctor() of these delegates there is another call to a method that receives an integer, this integer indexes the real method that need to be executed.The body method is obtained by reflection from a resource file.The key of the crackme is: HF738HVHXHCIHQ2873H8273HFIUSHF7238HF2FRemoving all the delegates will require me a little bit of programming, perhaps mono.cecil is a good option. 2 Link to comment Share on other sites More sharing options...
Gladiator Posted September 4, 2011 Author Share Posted September 4, 2011 @jacano:What about unpacking ? in this case we have so simple target and i think finding password was not so hard but what we can do in complex targets ? Link to comment Share on other sites More sharing options...
CodeExplorer Posted September 4, 2011 Share Posted September 4, 2011 At entry point:Assembly assembly = delegate034.m0000ad(delegate034.f000084);Stream stream = delegate035.m0000ae(assembly, "_", delegate035.f000085);is infact:Assembly assembly = Assembly.GetExecutingAssembly();Stream stream = Assembly.GetManifestResourceStream(assembly, "_");quite easy to deprotect using reflection/mono.cecil Link to comment Share on other sites More sharing options...
CodeExplorer Posted September 4, 2011 Share Posted September 4, 2011 @LCF-AT:Seems that "Magician" test all posible comercial .NET protectionin order to use them for "his" next .NET protector.Unpacked file:/>http://www.multiupload.com/148JCQE44HNext ? Link to comment Share on other sites More sharing options...
Gladiator Posted September 4, 2011 Author Share Posted September 4, 2011 @LCF-AT:Seems that "Magician" test all posible comercial .NET protectionin order to use them for "his" next .NET protector.Unpacked file:http://www.multiupload.com/148JCQE44HNext ?No , i just test them for learning some thing and don't want to use them.Thanks. Link to comment Share on other sites More sharing options...
CodeExplorer Posted September 9, 2011 Share Posted September 9, 2011 No , i just test them for learning some thing and don't want to use them.Thanks.I've heard something else ...So you stopped at CodeFort .NET for "your" protector. 1 Link to comment Share on other sites More sharing options...
Recommended Posts
Create an account or sign in to comment
You need to be a member in order to leave a comment
Create an account
Sign up for a new account in our community. It's easy!
Register a new accountSign in
Already have an account? Sign in here.
Sign In Now