Jump to content
Tuts 4 You

[KeygenMe] Disguiser.NET


li0nsar3c00l

Recommended Posts

li0nsar3c00l

hey guys, as some of you may already know, I've been working on an obfuscator for quite a long time. https://www.disguiser.net/


There is still a lot of stuff to improve, but I' like to know, how long it takes an experienced reverser to code a Keygen for this.


 


All features are present in normal mode, so I still have something harder in case this is too easy for you guys :D


 


I'd rate it 6/10, let me know what you think


 


 


PS. it might not be the best nor innovative, but its mine! if you find my hidden messages, you will get something from me :)


(yeah, plural! and PM me for your small gift, once you found them)


 


 


greetz


li0nsar3c00l [RTN]


KeygenMe.rar

Edited by li0nsar3c00l (see edit history)
Link to post
noob.exe

The hidden message is in the DisguiserRawHeap.


Its just encrypted and I don't know the key for decryption.


Link to post
XenocodeRCE

Where I am so far :


 


Unpack the file.


  1. start olly
  2. run the file, twice, and wait for process terminated message
  3. go to Memory map
  4. search for "mscorlib" and then search next until you ave the MZ header

 


Some resource have a cool name so I made a joke ofc


 


I've made a Malwr static scan to have a dump of every string https://malwr.com/analysis/ZTNjODc0NDRmZDk3NDQ4MWE3MWFmOGY5MThhZTVlYWY/

Link to post

You can dump the real file easily too using WinDbg and breaking on LoadModule, dump the buffer (2nd param).


Link to post
XenocodeRCE

You can dump the real file easily too using WinDbg and breaking on LoadModule, dump the buffer (2nd param).

 

Yes. but the dumped file need to be fixed manually...

Link to post

Unpacked file, keygen and relevant source attached. Very nice challenge! ;)


 


I will respect li0n's wishes and will not make full-featured unpacker available. But I might make examples of each protection feature and explain how to remove it - if and when I have more free time. :)


 


unpacked+keygen+src.zip

  • Like 6
Link to post
XenocodeRCE

Unpacked file, keygen and relevant source attached. Very nice challenge! ;)

 

I will respect li0n's wishes and will not make full-featured unpacker available. But I might make examples of each protection feature and explain how to remove it - if and when I have more free time. :)

 

Well I guess it's easier to know how to deob it once you are able to build test-app; using 1 protection only for each test-app (e.g String Encryption, Cflow, Resource, Method ...)

 

Nice job though !

Link to post

@Xenocode: I didn't have that luxury. All the work was done based on one and only file from this topic. :)


 


But you're right - it would have been a bit easier, if I was able to make more test apps.

Link to post
li0nsar3c00l

Unpacked file, keygen and relevant source attached. Very nice challenge! ;)

tooked you longer than i expected :P

well done, hope you had some fun!

 

ps. you can still search for hidden messages! :D

Link to post

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
×
×
  • Create New...