[crackme] {.NET} 0x90 SecuritySuite {Enhanced~!&#12

[0xNOP]

Ok, learning from my flaws/weaknesses from the previous version, I've come up with a more aggressive CrackMe, Hence the name (Enhanced) hopefully will give you a nice time to think out of it and see what it does or what it has

 

Skill Level:

Experienced Reverser Only~! (Even though it's easy)

 

Objectives:

Successfully Deob & Find the Password.

 

DL Mirror:

https://mega.nz/#!HooxwJQI!tSj_tQdUdItu0MZNbb_apbcVEJKRjYkMNA7IiYme6AU

 

Scan:

https://www.virustotal.com/en/file/a3e5999753f747e04b06955688f2c9157620d91574ec12768759b12cfe1ee57d/analysis/1441686353/

 

Protections:

I've used many encryptions for this one, Many Obfuscations and Many Delusions

 

You might find some DeepSea layer is deeply sinked into the executable, and lastly you will find a nice ConfuserEx obfuscation (This time I tried deobfuscating it with UnConfuserEx and not even that worked~! I was amazed, so far so good!) So even if you try to dump and successfully bypass ConfuserEx, you will find all those layers of obfuscations and security behind the ConfuserEx layer

 

Lastly:

Have Fun!

Security Suite - Enhanced - 0x90.zip

Edited September 8, 2015 by ULI-R0

[kao]

You keep mixing different protections together without any idea what you're doing and why. This way is not going to get you anywhere, as multiple layers of crap protection is still a crap protection. 

 

1st box doesn't matter. 2nd box must be equal to "AznObfuscator":

 

 

 

[0xNOP]

You keep mixing different protections together without any idea what you're doing and why. This way is not going to get you anywhere, as multiple layers of crap protection is still a crap protection. 

 

1st box doesn't matter. 2nd box must be equal to "AznObfuscator":

 

 

Would it be too much if I ask for the unpacked exe?

Thanks for your kind words really eagers me into security researching.

 

Also would you be more descriptive in telling which obfuscations were more weak? Should I stop using ConfuserEx? seems that the ConfuserEx is making the whole flaw, since it's not really modded, just really changed some constants and that's it...

[kao]

If you search Crackmes/Unpackmes subforum, you'll find some more of this type of crackmes, made by CodeNatif, NightBaron and more. They all have the same weaknesses that have been explained several times already. 

 

Here it is once again - it doesn't matter what protection you use, if the code you're protecting is as simple as

if (enteredString == "AznObfuscator")

   showGoodBoyMessage();

else

   showBadBoyMessage();

Experienced reverser will find this code and that's all he/she needs.

 

Stop using ConfuserEx? No, that's actually one of the strongest .NET protections available. You just need to learn how to use it properly.

 

Unpacked EXE? No, I don't have it. I located the important code, found the password and have no more interest in this crackme. If someone wants to waste an hour or two cleaning up all the mess, he/she can do it. Not me, I've done it enough times and won't learn nothing from repeating it once again.

[0xNOP]

If you search Crackmes/Unpackmes subforum, you'll find some more of this type of crackmes, made by CodeNatif, NightBaron and more. They all have the same weaknesses that have been explained several times already. 

 

Here it is once again - it doesn't matter what protection you use, if the code you're protecting is as simple as

if (enteredString == "AznObfuscator")

   showGoodBoyMessage();

else

   showBadBoyMessage();

Experienced reverser will find this code and that's all he/she needs.

 

Stop using ConfuserEx? No, that's actually one of the strongest .NET protections available. You just need to learn how to use it properly.

 

Unpacked EXE? No, I don't have it. I located the important code, found the password and have no more interest in this crackme. If someone wants to waste an hour or two cleaning up all the mess, he/she can do it. Not me, I've done it enough times and won't learn nothing from repeating it once again.

Well what you wrote is what I was looking for, I was looking to know if the obfuscation is strong and the only flaw was the same old lame simple crackme flaw of making:

if (enteredString == "AznObfuscator")

   showGoodBoyMessage();

else

   showBadBoyMessage();

I didn't really cared for anyone finding the password as it can it easily obtainable via Process Hacker (going to memory strings and looking for the value input in the password textbox) you don't actually have to debug it, not even process it through DnSpy or anything like that lol, also, You actually said it would take 2 hours minimum for someone to actually deobfuscate the whole spaghetti, so that's what I was looking for, Now I can finally look into how I can implement the algorithm to generate a serial and use it along side my obfuscation with that algorithm, by then, it has to be stronger.

Edited September 8, 2015 by ULI-R0

[kao]

I didn't say your obfuscation is strong. I said that I didn't have to bother with your obfuscation at all.

 

We're here to have some fun. There is no fun in looking at the random collection of obfuscators or trying to remove them just for the sake of removing them. 

[SHADOW_UA]

Obfuscation is not strong, don't have time to deal with all fake controls, etc

// GForm0

private void method_2(object sender, EventArgs e)

{

   if (Operators.CompareString(this.zc().Text, "AznObfuscator", false) == 0)

   {

       this.BK().Visible = true;

       this.BK().Text = "Congratulations!";

   }

   else

   {

       this.BK().Visible = true;

       this.BK().Text = "License Authentication Error!";

   }

}

deob_1.rar

Edited September 8, 2015 by SHADOW_UA

[0xNOP]

 

Obfuscation is not strong, don't have time to deal with all fake controls, etc

// GForm0

private void method_2(object sender, EventArgs e)

{

   if (Operators.CompareString(this.zc().Text, "AznObfuscator", false) == 0)

   {

       this.BK().Visible = true;

       this.BK().Text = "Congratulations!";

   }

   else

   {

       this.BK().Visible = true;

       this.BK().Text = "License Authentication Error!";

   }

}

 

Perfect, thank you for this.

[Teddy Rogers]

The [crackme] tag has been added to your topic title.Please remember to follow and adhere to the topic title format - thankyou![This is an automated reply]