[CrackMe].Net Reactor Modded

[CodeEnding]

thank you very much SHADOW 

[ghostfish]

perfect !!

Thank you SHADOW_UA

     

Edited February 22, 2015 by ghostfish

[NightBaron]

Not going to create a new thread for this, here's present for everyone:

 

Modded de4dot, which supports latest .NET Reactor 4.9.7.0.

Wow it work ! 

Thanks for sharing

[santicolque]

Thanks for the wonderful contribution, SHADOW_UA!

[EvOlUtIoN]

@SHADOW_UA I think you have to create a thread in the tools section.

[pnta]

Not going to create a new thread for this, here's present for everyone:

 

Modded de4dot, which supports latest .NET Reactor 4.9.7.0.

@SHADOW_UA, Thanks for share but it not work with the target Smarty Uninstaller 4.1.1 (home page: http://www.smartuninstall.com)

 

Please try it

thanks

Edited February 28, 2015 by pnta

[ghostfish]

@SHADOW_UA, Thanks for share but it not work with the target Smarty Uninstaller 4.1.1 (home page: http://www.smartuninstall.com)

 

Please try it

thanks

 

it worked....

 

[pnta]

Oh yeah, I tried again on the OS windows 7 (32x) it worked, before I tried it on the OS 8 (64x)  and it not work

thanks

[gavz]

hi,guys

 

what is ManagedJitter in "Step 4. Dump methods with ManagedJitter"?

 

is it app? cant google it.. any link plz

 

nvm, found it

https://forum.tuts4you.com/topic/35895-unpacking-tools-2-source-code-c-and-binaries/

[Jatt]

Not going to create a new thread for this, here's present for everyone:

 

Modded de4dot, which supports latest .NET Reactor 4.9.7.0.

 

thanks alot. worked on my target.

[zhuk]

Thanks a lot!

[Falcon_2015]

Easy method to unpack .NET Reactor last version:

 

Step 1. Check the file. If not native, go to step 3.

Step 2. Dump with Megadumper. After dump if file crashes, just add a resource type of RC_DATA named "__" with CFF Explorer

 

 

Step 3. Check <Module>.cctor. If it not exists go to step 6.

Step 4. Dump methods with ManagedJitter

Step 5. Go to <Module>.cctor. Double click on method call (there's only one)

 

 

Point on your mouse cursor on method list to get method token:

 

 

Convert it to decimal. In this case 06000033 --> 33 in decimal is 51. Open CFF Explorer, go to methods table and find method with your number. In this case, it is 51.

 

 

Copy RVA address of this method and go to Address Converter. Type in your RVA and click Enter.

 

 

Edit bytes 1B 30 to 06 2A (return).

 

 

Save file.

 

Step 6. Clean file with Simple Assembly Explorer Deobfuscator (All Options).

@ SHADOW_UA

 

    I have exe protector by .Net Reactor , but i can't unpack it ,used de4dot or manual all NG ......

 

[ghostfish]

It was packed by intellilock

[Falcon_2015]

It was packed by intellilock

@ghostfish   Thank you for your reply ,O(∩_∩)O~ How to judge it's intellilock? and What tools did you used to detect shell ? if you know how to unpank，you are willing to share?     

[373F]

hello,my friends

i have done it with two tools.

1.de4dot Fixed;

2.dnspy

Cra'ckMe.rar

[datlun123dth]

Errr Anyone share me the ManagedJitter. I can't find it anywhere on the internet

[man of the war]

Easy and full unpack

 

 

Cra_ckMe-cleaned.rar

[derpherp]

On 3/2/2015 at 1:23 PM, gavz said:

 

https://forum.tuts4you.com/topic/35895-unpacking-tools-2-source-code-c-and-binaries/

Thank you!

For indexers: ManagedJitter CodeCracker dump methods

[xf3t4]

I cannot get method token. I am using ILSpy version 2.4.0.1963

@SHADOW_UA Can you check it for me?

[SHADOW_UA]

10 hours ago, xf3t4 said:

I cannot get method token. I am using ILSpy version 2.4.0.1963

@SHADOW_UA Can you check it for me?

Use dnSpy, it's much better.

[Legal_0x90]

Ez bro  

Thanks!

Cra'ckMe_unpacked.exe

[localhost0]

thnx bro ❤️