Jump to content
View in the app

A better way to browse. Learn more.
Tuts 4 You

A full-screen app on your home screen with push notifications, badges and more.

To install this app on iOS and iPadOS
  1. Tap the Share icon in Safari
  2. Scroll the menu and tap Add to Home Screen.
  3. Tap Add in the top-right corner.
To install this app on Android
  1. Tap the 3-dot menu (⋮) in the top-right corner of the browser.
  2. Tap Add to Home screen or Install app.
  3. Confirm by tapping Install.

[KeygenMe] Disguiser.NET

li0nsar3c00l
li0nsar3c00l
in UnPackMe (.NET)

Featured Replies

Posted

hey guys, as some of you may already know, I've been working on an obfuscator for quite a long time. https://www.disguiser.net/


There is still a lot of stuff to improve, but I' like to know, how long it takes an experienced reverser to code a Keygen for this.


 


All features are present in normal mode, so I still have something harder in case this is too easy for you guys :D


 


I'd rate it 6/10, let me know what you think


 


 


PS. it might not be the best nor innovative, but its mine! if you find my hidden messages, you will get something from me :)


(yeah, plural! and PM me for your small gift, once you found them)


 


 


greetz


li0nsar3c00l [RTN]


KeygenMe.rar

Edited by li0nsar3c00l

The hidden message is in the DisguiserRawHeap.


Its just encrypted and I don't know the key for decryption.


Where I am so far :


 


Unpack the file.


  1. start olly
  2. run the file, twice, and wait for process terminated message
  3. go to Memory map
  4. search for "mscorlib" and then search next until you ave the MZ header

 


Some resource have a cool name so I made a joke ofc


 


I've made a Malwr static scan to have a dump of every string https://malwr.com/analysis/ZTNjODc0NDRmZDk3NDQ4MWE3MWFmOGY5MThhZTVlYWY/

You can dump the real file easily too using WinDbg and breaking on LoadModule, dump the buffer (2nd param).


You can dump the real file easily too using WinDbg and breaking on LoadModule, dump the buffer (2nd param).

 

Yes. but the dumped file need to be fixed manually...

  • Author

The packer is just for compression, nothing too special :D

Unpacked file, keygen and relevant source attached. Very nice challenge! ;)


 


I will respect li0n's wishes and will not make full-featured unpacker available. But I might make examples of each protection feature and explain how to remove it - if and when I have more free time. :)


 


unpacked+keygen+src.zip

    •
    • Like 6

    Unpacked file, keygen and relevant source attached. Very nice challenge! ;)

     

    I will respect li0n's wishes and will not make full-featured unpacker available. But I might make examples of each protection feature and explain how to remove it - if and when I have more free time. :)

     

    Well I guess it's easier to know how to deob it once you are able to build test-app; using 1 protection only for each test-app (e.g String Encryption, Cflow, Resource, Method ...)

     

    Nice job though !

    @Xenocode: I didn't have that luxury. All the work was done based on one and only file from this topic. :)


     


    But you're right - it would have been a bit easier, if I was able to make more test apps.

    • Author

    Unpacked file, keygen and relevant source attached. Very nice challenge! ;)

    tooked you longer than i expected :P

    well done, hope you had some fun!

     

    ps. you can still search for hidden messages! :D

    Create an account or sign in to comment

    Go to topic listing

    Configure browser push notifications
    Chrome (Android)
    1. Tap the lock icon next to the address bar.
    2. Tap Permissions → Notifications.
    3. Adjust your preference.
    Chrome (Desktop)
    1. Click the padlock icon in the address bar.
    2. Select Site settings.
    3. Find Notifications and adjust your preference.