0X7C9 Posted April 19, 2018 Posted April 19, 2018 Difficulty : 5 Language : NET 2.0(C#) Platform : Windows x32/x64 OS Version : Windows 7,8,10 (All windows with .NET Framework 2) (if not work you need some VCRedist runtime´s ...) Packer / Protector : Protection scheme from C# code to UPX: Skater Obfuscator (Max Settings) > Net reactor (Max Settings !Without control flow) > UPX(2.29 - Max Settings) Description: You said the protection was weak. So I prepared something a bit more challenging. I wonder if someone can get to the original c # code. Everything is allowed . Try to get part of the code where I verify individual parts of the license key&and of course crack this.. And if it does, it's just possible to write down the process backwards. Thank you for patience. I hope you will like it PS: VM protect I did not use this time, and it's so better. Screenshot: CrackMeV3[!Eddy420]_Fix.zipFetching info...
Solution SHADOW_UA Posted April 19, 2018 Solution Posted April 19, 2018 Patched No keygen because I don't want to bruteforce sha1 hashes CrackMe_patched.zip 1
0X7C9 Posted April 19, 2018 Author Posted April 19, 2018 On 4/19/2018 at 1:48 PM, SHADOW_UA said: Patched No keygen because I don't want to bruteforce sha1 hashes CrackMe_patched.zipFetching info... Expand Very good job . How did you succeed? Write a short guide to explaining it.
GautamGreat Posted April 19, 2018 Posted April 19, 2018 UPX and .net reactor. Even all old tutorials are working on this target.
0X7C9 Posted April 19, 2018 Author Posted April 19, 2018 On 4/19/2018 at 2:30 PM, GautamGreat said: UPX and .net reactor. Even all old tutorials are working on this target. Expand Just a month ago .. I did not even know that .net programs can be protected. I would like to write my own. But I do not know how I can work with .net PE sections. Create your own, read data from them. .Because everything is (almost always) overcome with de4dot.
0X7C9 Posted April 19, 2018 Author Posted April 19, 2018 On 4/19/2018 at 1:48 PM, SHADOW_UA said: Patched No keygen because I don't want to bruteforce sha1 hashes CrackMe_patched.zipFetching info... Expand How did you name it so nicely? Types, methods, properties? Is that de4dot? And how can I get some names as original? To preserve the program's functions even after renaming.
SHADOW_UA Posted April 19, 2018 Posted April 19, 2018 On 4/19/2018 at 2:51 PM, !Eddy420CZ said: How did you name it so nicely? Types, methods, properties? Is that de4dot? And how can I get some names as original? To preserve the program's functions even after renaming. Expand Yes, it is de4dot renaming. You can't restore original names.
0X7C9 Posted April 19, 2018 Author Posted April 19, 2018 On 4/19/2018 at 2:55 PM, SHADOW_UA said: Yes, it is de4dot renaming. You can't restore original names. Expand Please help me. Where can I learn to work with PE sections (.NET). Or some tutorial how can I run (.NET PE) natively as does .net reactor? Are there any opensource programs? I do not mean .NET obfuscationn in this case I've always been interested in how I can protect my .NET code without commercial programs. Thank you
0X7C9 Posted April 19, 2018 Author Posted April 19, 2018 On 4/19/2018 at 2:55 PM, SHADOW_UA said: Yes, it is de4dot renaming. You can't restore original names. Expand Or where I could talk to you about it. I'm interested It's not for earnings.
cob_258 Posted April 20, 2018 Posted April 20, 2018 @!Eddy420CZ look at this repository, it contains a c++ code that executes a .Net program from a native code
14yoKID Posted February 16 Posted February 16 Sorry for bumping this old thread. For this i traced it via CE and found where the license checks happen without deobfuscating/unpacking target. From my understanding this is where the License check happens. 04BB5BAD - 74 6B - je 04BB5C1A -> You have to patch. 04BB5BAF - 8B 55 EC - mov edx,[ebp-14] 04BB5BB2 - 8B 4D F0 - mov ecx,[ebp-10] 04BB5BB5 - E8 6693476C - call mscorlib.ni.dll+22EF20 04BB5BBA - 85 C0 - test eax,eax 04BB5BBC - 74 5C - je 04BB5C1A -> You have to patch. 04BB5BBE - 8B CF - mov ecx,edi 04BB5BC0 - FF 15 0C8D2502 - call dword ptr [02258D0C] { ->04BB5DC0 } 04BB5BC6 - 85 C0 - test eax,eax 04BB5BC8 - 74 28 - je 04BB5BF2 -> You have to patch. Results: Screen Recording - Made with FlexClip.webmFetching info... 1
Recommended Posts
Create an account or sign in to comment
You need to be a member in order to leave a comment
Create an account
Sign up for a new account in our community. It's easy!
Register a new accountSign in
Already have an account? Sign in here.
Sign In Now