Jump to content
Tuts 4 You
MindSystem

[CrackMe].Net Reactor Modded

Recommended Posts

CodeEnding

thank you very much SHADOW  :prop:


Share this post


Link to post
Share on other sites
NightBaron

Not going to create a new thread for this, here's present for everyone:

 

Modded de4dot, which supports latest .NET Reactor 4.9.7.0.

Wow it work ! 

Thanks for sharing :D

Share this post


Link to post
Share on other sites
santicolque

Thanks for the wonderful contribution, SHADOW_UA!


Share this post


Link to post
Share on other sites
EvOlUtIoN

@SHADOW_UA I think you have to create a thread in the tools section.


Share this post


Link to post
Share on other sites
pnta

Not going to create a new thread for this, here's present for everyone:

 

Modded de4dot, which supports latest .NET Reactor 4.9.7.0.

@SHADOW_UA, Thanks for share but it not work with the target Smarty Uninstaller 4.1.1 (home page: http://www.smartuninstall.com)

 

Please try it

thanks

post-46774-0-24523300-1425129013_thumb.j

Edited by pnta (see edit history)

Share this post


Link to post
Share on other sites
pnta

Oh yeah, I tried again on the OS windows 7 (32x) it worked, before I tried it on the OS 8 (64x)  and it not work


thanks


  • Like 1

Share this post


Link to post
Share on other sites
Jatt

Not going to create a new thread for this, here's present for everyone:

 

Modded de4dot, which supports latest .NET Reactor 4.9.7.0.

 

thanks alot. worked on my target.

Share this post


Link to post
Share on other sites
Falcon_2015

Easy method to unpack .NET Reactor last version:

 

Step 1. Check the file. If not native, go to step 3.

Step 2. Dump with Megadumper. After dump if file crashes, just add a resource type of RC_DATA named "__" with CFF Explorer

 

46hLn7A.png

 

Step 3. Check <Module>.cctor. If it not exists go to step 6.

Step 4. Dump methods with ManagedJitter

Step 5. Go to <Module>.cctor. Double click on method call (there's only one)

 

uvOWURv.png

 

Point on your mouse cursor on method list to get method token:

 

hIBHSJU.png

 

Convert it to decimal. In this case 06000033 --> 33 in decimal is 51. Open CFF Explorer, go to methods table and find method with your number. In this case, it is 51.

 

1Yq6dnb.png

 

Copy RVA address of this method and go to Address Converter. Type in your RVA and click Enter.

 

VpNKov1.png

 

Edit bytes 1B 30 to 06 2A (return).

 

NsyAn6p.png

 

Save file.

 

Step 6. Clean file with Simple Assembly Explorer Deobfuscator (All Options).

@ SHADOW_UA

 

    I have exe protector by .Net Reactor , but i can't unpack it ,used de4dot or manual all NG ......

 

post-86376-0-42410200-1427360317_thumb.j

post-86376-0-76592000-1427360346_thumb.j

Share this post


Link to post
Share on other sites
ghostfish

It was packed by intellilock


Share this post


Link to post
Share on other sites
Falcon_2015

It was packed by intellilock

@ghostfish   Thank you for your reply ,O(∩_∩)O~ How to judge it's intellilock? and What tools did you used to detect shell ? if you know how to unpank,you are willing to share?  :sorry:  :prop: 

Share this post


Link to post
Share on other sites
datlun123dth

Errr Anyone share me the ManagedJitter. I can't find it anywhere on the internet

Share this post


Link to post
Share on other sites
xf3t4

I cannot get method token. I am using ILSpy version 2.4.0.1963

@SHADOW_UA Can you check it for me?

image.png.b64bd89cb880a03b885de910ccc42b40.png

Share this post


Link to post
Share on other sites
SHADOW_UA
10 hours ago, xf3t4 said:

I cannot get method token. I am using ILSpy version 2.4.0.1963

@SHADOW_UA Can you check it for me?

image.png.b64bd89cb880a03b885de910ccc42b40.png

Use dnSpy, it's much better.

Share this post


Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now

×