Jump to content
Tuts 4 You
Sign in to follow this  
li0nsar3c00l

[KeygenMe] Disguiser.NET

Recommended Posts

li0nsar3c00l

hey guys, as some of you may already know, I've been working on an obfuscator for quite a long time. https://www.disguiser.net/


There is still a lot of stuff to improve, but I' like to know, how long it takes an experienced reverser to code a Keygen for this.


 


All features are present in normal mode, so I still have something harder in case this is too easy for you guys :D


 


I'd rate it 6/10, let me know what you think


 


 


PS. it might not be the best nor innovative, but its mine! if you find my hidden messages, you will get something from me :)


(yeah, plural! and PM me for your small gift, once you found them)


 


 


greetz


li0nsar3c00l [RTN]


KeygenMe.rar

Edited by li0nsar3c00l (see edit history)

Share this post


Link to post
noob.exe

The hidden message is in the DisguiserRawHeap.


Its just encrypted and I don't know the key for decryption.


Share this post


Link to post
XenocodeRCE

Where I am so far :


 


Unpack the file.


  1. start olly
  2. run the file, twice, and wait for process terminated message
  3. go to Memory map
  4. search for "mscorlib" and then search next until you ave the MZ header

 


Some resource have a cool name so I made a joke ofc


 


I've made a Malwr static scan to have a dump of every string https://malwr.com/analysis/ZTNjODc0NDRmZDk3NDQ4MWE3MWFmOGY5MThhZTVlYWY/

Share this post


Link to post
atom0s

You can dump the real file easily too using WinDbg and breaking on LoadModule, dump the buffer (2nd param).


Share this post


Link to post
XenocodeRCE

You can dump the real file easily too using WinDbg and breaking on LoadModule, dump the buffer (2nd param).

 

Yes. but the dumped file need to be fixed manually...

Share this post


Link to post
li0nsar3c00l

The packer is just for compression, nothing too special :D

Share this post


Link to post
kao

Unpacked file, keygen and relevant source attached. Very nice challenge! ;)


 


I will respect li0n's wishes and will not make full-featured unpacker available. But I might make examples of each protection feature and explain how to remove it - if and when I have more free time. :)


 


unpacked+keygen+src.zip

  • Like 6

Share this post


Link to post
XenocodeRCE

Unpacked file, keygen and relevant source attached. Very nice challenge! ;)

 

I will respect li0n's wishes and will not make full-featured unpacker available. But I might make examples of each protection feature and explain how to remove it - if and when I have more free time. :)

 

Well I guess it's easier to know how to deob it once you are able to build test-app; using 1 protection only for each test-app (e.g String Encryption, Cflow, Resource, Method ...)

 

Nice job though !

Share this post


Link to post
kao

@Xenocode: I didn't have that luxury. All the work was done based on one and only file from this topic. :)


 


But you're right - it would have been a bit easier, if I was able to make more test apps.

Share this post


Link to post
li0nsar3c00l

Unpacked file, keygen and relevant source attached. Very nice challenge! ;)

tooked you longer than i expected :P

well done, hope you had some fun!

 

ps. you can still search for hidden messages! :D

Share this post


Link to post

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
Sign in to follow this  
×
×
  • Create New...