Jump to content
Tuts 4 You

[crackme] {.NET} 0x90 SecuritySuite {Enhanced~!&#12


0xNOP
Go to solution Solved by SHADOW_UA,

Recommended Posts

Ok, learning from my flaws/weaknesses from the previous version, I've come up with a more aggressive CrackMe, Hence the name (Enhanced) biggrin.png hopefully will give you a nice time to think out of it and see what it does biggrin.png or what it has :o


 


Skill Level:


Experienced Reverser Only~! (Even though it's easy)


 


Objectives:


Successfully Deob & Find the Password.


 


DL Mirror:


https://mega.nz/#!HooxwJQI!tSj_tQdUdItu0MZNbb_apbcVEJKRjYkMNA7IiYme6AU


 


Scan:


https://www.virustotal.com/en/file/a3e5999753f747e04b06955688f2c9157620d91574ec12768759b12cfe1ee57d/analysis/1441686353/


 


Protections:


I've used many encryptions for this one, Many Obfuscations and Many Delusions ;)


 


You might find some DeepSea layer is deeply sinked into the executable, and lastly you will find a nice ConfuserEx obfuscation (This time I tried deobfuscating it with UnConfuserEx and not even that worked~! I was amazed, so far so good!) So even if you try to dump and successfully bypass ConfuserEx, you will find all those layers of obfuscations and security behind the ConfuserEx layer :D


 


Lastly:


Have Fun!


Security Suite - Enhanced - 0x90.zip

Edited by ULI-R0
Link to comment

You keep mixing different protections together without any idea what you're doing and why. This way is not going to get you anywhere, as multiple layers of crap protection is still a crap protection. 


 


1st box doesn't matter. 2nd box must be equal to "AznObfuscator":


 


UmB97Rq.png


 


 


  • Like 3
Link to comment

You keep mixing different protections together without any idea what you're doing and why. This way is not going to get you anywhere, as multiple layers of crap protection is still a crap protection. 

 

1st box doesn't matter. 2nd box must be equal to "AznObfuscator":

 

UmB97Rq.png

 

Would it be too much if I ask for the unpacked exe?

Thanks for your kind words really eagers me into security researching.

 

Also would you be more descriptive in telling which obfuscations were more weak? Should I stop using ConfuserEx? seems that the ConfuserEx is making the whole flaw, since it's not really modded, just really changed some constants and that's it...

Link to comment

If you search Crackmes/Unpackmes subforum, you'll find some more of this type of crackmes, made by CodeNatif, NightBaron and more. They all have the same weaknesses that have been explained several times already. 


 


Here it is once again - it doesn't matter what protection you use, if the code you're protecting is as simple as



if (enteredString == "AznObfuscator")
   showGoodBoyMessage();
else
   showBadBoyMessage();

Experienced reverser will find this code and that's all he/she needs.


 


Stop using ConfuserEx? No, that's actually one of the strongest .NET protections available. You just need to learn how to use it properly.


 


Unpacked EXE? No, I don't have it. I located the important code, found the password and have no more interest in this crackme. If someone wants to waste an hour or two cleaning up all the mess, he/she can do it. Not me, I've done it enough times and won't learn nothing from repeating it once again.


  • Like 2
Link to comment

If you search Crackmes/Unpackmes subforum, you'll find some more of this type of crackmes, made by CodeNatif, NightBaron and more. They all have the same weaknesses that have been explained several times already. 

 

Here it is once again - it doesn't matter what protection you use, if the code you're protecting is as simple as

if (enteredString == "AznObfuscator")

   showGoodBoyMessage();

else

   showBadBoyMessage();

Experienced reverser will find this code and that's all he/she needs.

 

Stop using ConfuserEx? No, that's actually one of the strongest .NET protections available. You just need to learn how to use it properly.

 

Unpacked EXE? No, I don't have it. I located the important code, found the password and have no more interest in this crackme. If someone wants to waste an hour or two cleaning up all the mess, he/she can do it. Not me, I've done it enough times and won't learn nothing from repeating it once again.

Well what you wrote is what I was looking for, I was looking to know if the obfuscation is strong and the only flaw was the same old lame simple crackme flaw of making:

if (enteredString == "AznObfuscator")

   showGoodBoyMessage();

else

   showBadBoyMessage();

I didn't really cared for anyone finding the password as it can it easily obtainable via Process Hacker (going to memory strings and looking for the value input in the password textbox) you don't actually have to debug it, not even process it through DnSpy or anything like that lol, also, You actually said it would take 2 hours minimum for someone to actually deobfuscate the whole spaghetti, so that's what I was looking for, Now I can finally look into how I can implement the algorithm to generate a serial and use it along side my obfuscation with that algorithm, by then, it has to be stronger.

Edited by ULI-R0
Link to comment

I didn't say your obfuscation is strong. I said that I didn't have to bother with your obfuscation at all. :)


 


We're here to have some fun. There is no fun in looking at the random collection of obfuscators or trying to remove them just for the sake of removing them. 

  • Like 1
Link to comment
  • Solution

Obfuscation is not strong, don't have time to deal with all fake controls, etc




// GForm0
private void method_2(object sender, EventArgs e)
{
   if (Operators.CompareString(this.zc().Text, "AznObfuscator", false) == 0)
   {
       this.BK().Visible = true;
       this.BK().Text = "Congratulations!";
   }
   else
   {
       this.BK().Visible = true;
       this.BK().Text = "License Authentication Error!";
   }
}

deob_1.rar

Edited by SHADOW_UA
  • Like 3
Link to comment

 

Obfuscation is not strong, don't have time to deal with all fake controls, etc

// GForm0

private void method_2(object sender, EventArgs e)

{

   if (Operators.CompareString(this.zc().Text, "AznObfuscator", false) == 0)

   {

       this.BK().Visible = true;

       this.BK().Text = "Congratulations!";

   }

   else

   {

       this.BK().Visible = true;

       this.BK().Text = "License Authentication Error!";

   }

}

 

Perfect, thank you for this.

Link to comment
  • 3 weeks later...

The [crackme] tag has been added to your topic title.Please remember to follow and adhere to the topic title format - thankyou![This is an automated reply]

Link to comment

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
×
×
  • Create New...