AarJee Posted July 19, 2023 Share Posted July 19, 2023 View File .NET Reactor v6.9 File packed with .NetReactor 6.9 -- All options Submitter AarJee Submitted 07/19/2023 Category UnPackMe (.NET) Link to comment Share on other sites More sharing options...
X0rby Posted July 19, 2023 Share Posted July 19, 2023 (edited) Password : Spoiler AarJee@TSRh Edited July 19, 2023 by X0rby 2 Link to comment Share on other sites More sharing options...
Sean Park - Lovejoy Posted July 19, 2023 Share Posted July 19, 2023 Link to comment Share on other sites More sharing options...
Solution jackyjask Posted July 19, 2023 Solution Share Posted July 19, 2023 Some hints for those who would ike to give it a try: - dump original binary using for example megadumpa (c) CodeCracker - use some DNR recover tool eg NETReactorSlayer (c) SychicBoy - profit clean code avaialble 2 Link to comment Share on other sites More sharing options...
Sean Park - Lovejoy Posted July 19, 2023 Share Posted July 19, 2023 48 minutes ago, jackyjask said: Some hints for those who would ike to give it a try: - dump original binary using for example megadumpa (c) CodeCracker - use some DNR recover tool eg NETReactorSlayer (c) SychicBoy - profit clean code avaialble @jackyjask why can't i get the author's clean code although i use the netreactorslayer ? using System; using System.Windows.Forms; namespace Crackme { public partial class Form1 : Form { public Form1() { InitializeComponent(); } private void button1_Click(object sender, EventArgs e) { if (textBox1.Text.Trim() != null && textBox1.Text == "AarJee@TSRh") MessageBox.Show("Wow!!! You did it", "Success", MessageBoxButtons.OK); else { MessageBox.Show("Sorry ! You didn't cracked me", "Failed", MessageBoxButtons.OK, MessageBoxIcon.Error); textBox1.Focus(); } } } } below are the netreactorslayer recovered codes. private void button_0_Click(object sender, EventArgs e) { for (;;) { IL_14C: if (this.textBox_0.Text.Trim() != null) { goto IL_10E; } int num = 7; if (<Module>{fd1aac8d-9d94-4c34-a632-ebc4e087d24b}.m_72added02df344e195a6c950f9aecedb.m_ddeafbf2c3384ca3914e1d2d0d72176f != 0) { break; } goto IL_B5; do { IL_4E: MessageBox.Show(Class2.smethod_14(658161775 ^ <Module>{fd1aac8d-9d94-4c34-a632-ebc4e087d24b}.m_72added02df344e195a6c950f9aecedb.m_a60858881afc4baab6a7118fdc4747fd), Class2.smethod_14(574969280 ^ <Module>{fd1aac8d-9d94-4c34-a632-ebc4e087d24b}.m_72added02df344e195a6c950f9aecedb.m_2d46b496170148e795121cfbc9364f09), MessageBoxButtons.OK, MessageBoxIcon.Hand); num = 1; } while (<Module>{fd1aac8d-9d94-4c34-a632-ebc4e087d24b}.m_72added02df344e195a6c950f9aecedb.m_e78accb893e74d7a9bcf0bafb2a3947f == 0); for (;;) { IL_B5: switch (num) { case 1: for (;;) { this.textBox_0.Focus(); num = 5; if (<Module>{fd1aac8d-9d94-4c34-a632-ebc4e087d24b}.m_72added02df344e195a6c950f9aecedb.m_089e1389b6904ad293057ceba2cc171b != 0) { goto IL_B5; } } break; case 3: case 5: return; case 4: goto IL_10E; case 6: goto IL_FF; case 7: goto IL_109; case 8: goto IL_14C; case 9: goto IL_06; } goto Block_4; } IL_109: bool flag = false; goto IL_10A; Block_4: goto IL_4E; IL_06: MessageBox.Show(Class2.smethod_14(574969162 ^ <Module>{fd1aac8d-9d94-4c34-a632-ebc4e087d24b}.m_72added02df344e195a6c950f9aecedb.m_2d46b496170148e795121cfbc9364f09), Class2.smethod_14(1501882179 ^ <Module>{fd1aac8d-9d94-4c34-a632-ebc4e087d24b}.m_72added02df344e195a6c950f9aecedb.m_fe258d1b21f3437fb577b91137cc64a7), MessageBoxButtons.OK); num = 1; if (<Module>{fd1aac8d-9d94-4c34-a632-ebc4e087d24b}.m_72added02df344e195a6c950f9aecedb.m_1415d36e7ada4188a7bb21c46e86b5b2 != 0) { break; } goto IL_B5; IL_FF: bool flag2; if (flag2) { goto IL_06; } num = 0; if (<Module>{fd1aac8d-9d94-4c34-a632-ebc4e087d24b}.m_72added02df344e195a6c950f9aecedb.m_4e44f5e07ff74d318b7e05eef0e98576 == 0) { goto IL_4E; } goto IL_B5; IL_10A: flag2 = flag; goto IL_FF; IL_10E: flag = (this.textBox_0.Text == Class2.smethod_14(1106611549 ^ <Module>{fd1aac8d-9d94-4c34-a632-ebc4e087d24b}.m_72added02df344e195a6c950f9aecedb.m_2c33a3362580449dbfb43ff6a55a9b31)); goto IL_10A; } } kind regards. sean. Link to comment Share on other sites More sharing options...
jackyjask Posted July 19, 2023 Share Posted July 19, 2023 sean, let me guess, you feed original binary into slayer, but there is one step that should be done before... ref to my post above and give it a try once again.. goal: 2 Link to comment Share on other sites More sharing options...
Sean Park - Lovejoy Posted July 19, 2023 Share Posted July 19, 2023 1 hour ago, jackyjask said: sean, let me guess, you feed original binary into slayer, but there is one step that should be done before... ref to my post above and give it a try once again.. goal: @jackyjask it depends on which .net exe dumper you use that you get sucessfully deobfuscated file or not. Thanks. sean. 1 Link to comment Share on other sites More sharing options...
BlackHat Posted July 20, 2023 Share Posted July 20, 2023 You should not include actual key in case of Crackme here as It defeats the whole mean of Crackme - Spoiler Let's come to unpacking : 1. File is protected with Native Layer. Quote You can use Mega Dumper : https://github.com/CodeCracker-Tools/MegaDumper or Extreme Dumper : https://github.com/wwh1004/ExtremeDumper 2. Unpack .NET Reactor. Quote Use publicly available NET Reactor Slayer : https://github.com/SychicBoy/NETReactorSlayer 3. Devirtualize VM in order to get the clean code. Quote Devirtualizer WIP : https://github.com/void-stack/VMAttack 4. Manual Instructions about DNR VM : DNR VM is pretty much 1:1 Quote See Here : 5. More Links to study about DNR : Quote https://inceptiondev.me/posts/defeating-reactors-necrobit/ or Unpacked : Spoiler Crackme_BH.exe 7 3 Link to comment Share on other sites More sharing options...
Sean Park - Lovejoy Posted July 20, 2023 Share Posted July 20, 2023 2 hours ago, BlackHat said: You should not include actual key in case of Crackme here as It defeats the whole mean of Crackme - Reveal hidden contents Let's come to unpacking : 1. File is protected with Native Layer. 2. Unpack .NET Reactor. 3. Devirtualize VM in order to get the clean code. 4. Manual Instructions about DNR VM : DNR VM is pretty much 1:1 5. More Links to study about DNR : Unpacked : Hide contents Crackme_BH.exe 9 kB · 0 downloads Great. man. sean. 1 Link to comment Share on other sites More sharing options...
AarJee Posted July 21, 2023 Author Share Posted July 21, 2023 19 hours ago, BlackHat said: You should not include actual key in case of Crackme here as It defeats the whole mean of Crackme - Reveal hidden contents Let's come to unpacking : 1. File is protected with Native Layer. 2. Unpack .NET Reactor. 3. Devirtualize VM in order to get the clean code. 4. Manual Instructions about DNR VM : DNR VM is pretty much 1:1 5. More Links to study about DNR : Unpacked : Reveal hidden contents Crackme_BH.exe 9 kB · 2 downloads Thanks bro @BlackHat for the procedure and the suggestions. Link to comment Share on other sites More sharing options...
Sean Park - Lovejoy Posted July 21, 2023 Share Posted July 21, 2023 6 hours ago, AarJee said: Thanks bro @BlackHat for the procedure and the suggestions. Quote You should not include actual key in case of Crackme here as It defeats the whole mean of Crackme - @AarJee BlackHat said to me. maybe. sean. 1 Link to comment Share on other sites More sharing options...
2days Posted July 23, 2023 Share Posted July 23, 2023 ExtremeDumper-x86.exe + NETReactorSlayer.exe immediately see the password 2 Link to comment Share on other sites More sharing options...
sahteuser Posted July 24, 2023 Share Posted July 24, 2023 On 20.07.2023 at 10:47, BlackHat said: Crackme durumunda gerçek anahtarı buraya dahil etmemelisiniz, çünkü Crackme'nin tüm anlamlarını yener - Gizli içerikleri ortaya çıkarın Gelelim paketin açılmasına : 1. Dosya Yerel Katman ile korunmaktadır . 2. .NET Reactor paketini açın . 3. Temiz kodu almak için VM'yi sanallaştırın. 4. DNR VM ile ilgili Manuel Talimatlar : DNR VM hemen hemen 1:1'dir 5. DNR hakkında çalışmak için daha fazla Bağlantı : ambalajsız: Gizli içerikleri ortaya çıkarın Crackme_BH.exe 9 kB · 2 indirme When we dump with KSDumper the exe gets corrupted is there a way to fix this The other two dampers output normal Link to comment Share on other sites More sharing options...
Mr-Toms Posted July 25, 2023 Share Posted July 25, 2023 11 hours ago, sahteuser said: When we dump with KSDumper the exe gets corrupted is there a way to fix this The other two dampers output normal for net reactor its just better to use dnspy itself , because you can use latest dnspyex feature and set the debugger to stop whenever its reach module constructor 1 Link to comment Share on other sites More sharing options...
Noob boy Posted September 2, 2023 Share Posted September 2, 2023 On 7/20/2023 at 3:47 PM, BlackHat said: You should not include actual key in case of Crackme here as It defeats the whole mean of Crackme - Reveal hidden contents Let's come to unpacking : 1. File is protected with Native Layer. 2. Unpack .NET Reactor. 3. Devirtualize VM in order to get the clean code. 4. Manual Instructions about DNR VM : DNR VM is pretty much 1:1 5. More Links to study about DNR : Unpacked : Reveal hidden contents Crackme_BH.exe 9 kB · 7 downloads Can you build the tool you mentioned? Link to comment Share on other sites More sharing options...
Recommended Posts
Create an account or sign in to comment
You need to be a member in order to leave a comment
Create an account
Sign up for a new account in our community. It's easy!
Register a new accountSign in
Already have an account? Sign in here.
Sign In Now