Jump to content
Tuts 4 You

Fu*ckuscator v1.1


Asentrix

Recommended Posts

Spoiler

Correct pass: wjdaisjdaowidjasoijdwdjaisuhdiouhaeoiheufaiouehfasiuohfeiofhuasdifu98729837642897346298374629837462897346928374

Approach

Spoiler

Didn't even open the app in a decompiler or attempted to deobfuscate. CrackMe's that use string.Equals with the correct serial immediately makes it a 0/10 difficulty challenge :)

Steps to reproduce:

  • Run program
  • Attach WinDbg and load SOS extension (.loadby sos clr)
  • Set breakpoint on System.String.Equals(string, string), (e.g. using !name2ee mscorlib.dll System.String.Equals to get the address, and using bp to set the breakpoint)
  • Continue
  • Enter random text
  • Notice breakpoint hit.
  • Run !dumpstackobjects
  • Observe correct password:

image.png.b99797b0032864193b0cdf538ad36603.png

 

Edited by Washi (see edit history)
  • Like 4
Link to post
Asentrix
On 12/30/2020 at 11:42 AM, Washi said:
  Reveal hidden contents

Correct pass: wjdaisjdaowidjasoijdwdjaisuhdiouhaeoiheufaiouehfasiuohfeiofhuasdifu98729837642897346298374629837462897346928374

Approach

  Reveal hidden contents

Didn't even open the app in a decompiler or attempted to deobfuscate. CrackMe's that use string.Equals with the correct serial immediately makes it a 0/10 difficulty challenge :)

Steps to reproduce:

  • Run program
  • Attach WinDbg and load SOS extension (.loadby sos clr)
  • Set breakpoint on System.String.Equals(string, string), (e.g. using !name2ee mscorlib.dll System.String.Equals to get the address, and using bp to set the breakpoint)
  • Continue
  • Enter random text
  • Notice breakpoint hit.
  • Run !dumpstackobjects
  • Observe correct password:

image.png.b99797b0032864193b0cdf538ad36603.png

 

Nice work :)

Link to post
  • 2 weeks later...
Death

i cant deob the calli ;  

some new encryption may be ?

 

but i reconstruct the exe with some old tools

How i have done ======

1. dotnet dumper with dont rename option 

2. reconstruct blod , us , string with cff explorer (i used)

3. universel fixer for fixed some dummy pe

4. de4dot option --keep-names-d --keep-types 

5. now we can reflect the code with lutz reflector

6. confuser codecracker tools 

7. drop again de4dot with 45 error what ever now SIMPLE ASSEMBLY EXPLORER for crack

CrackMe69420_C_Cracked.exe

Edited by Death (see edit history)
  • Like 1
Link to post

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
×
×
  • Create New...