Reverse Engineering Team Board

Reverse Engineering Team Board (http://www.reteam.org/board/index.php)
-   .NET Reverse Engineering (http://www.reteam.org/board/forumdisplay.php?f=28)
-   -   Reversing .NET application (http://www.reteam.org/board/showthread.php?t=350)

Kurapica 05-17-2006 09:44 PM

I'm really intereseted in the .NET platform, and I've been looking for papers on how to revrese these applications, but since we've seen no fat-ass application like photohop or max re-written in .net, I really couldn't find much about this topic.

Although I got a general idea about how .net apps are being protected by obfuscation and strong-name signing but I think that we need more info on this topic !

To reverse .net application you must understand IL assembly just like you need to understand Assembly to crack [old] software written with { C++ , Pascal , VB }

I tried a to crack a couple of proggies earlier and it worked and i really hope to get more info on this...

Devine9 05-18-2006 07:20 AM

.NET is an area which we are beginning to focus on. We have a meeting regarding it in the next 2 weeks. Afterward you should see us start to release on the topic. I myself am very interested in it, up until now its just been time constraints.

-DR

dyna 05-18-2006 07:52 AM

protect:
obfuscator(mostly are very easy to crack, except that some obfuscator use un-printable characters, and can also make Reflector useless)
strong name(can easyily be removed by tool or unassemble-remove-reassemble)
interop(using win32 dll, no .Net)

debug:
we can use: WinDBG or PEBrowse.Net



Kurapica 05-19-2006 06:48 PM


check this debugger !

PEBrowse Professional Interactive

http://www.smidgeonsoft.prohosting.com <_<

Kurapica 06-07-2006 03:19 PM

Hello again ! :P

I've been looking lately for something to bypass the strongname verification

This tool is great to explore the PE32,PE64 files and the .Net contents inside PE files and

you can remove strongName from Assemblies too with it .. .

it really solved many problems for me....

http://pmode.net/CFF.php


Kurapica 06-12-2006 07:30 AM

Obsolete !

Strings Decoder for .net assemblies that use string-encoding to hide strings , with code and everything <_<

Change the attchment file extension to "zip" and extract...

See ya

:blink:


__________________________________________________ __

Sorry but the attachemnt was corrupted and fixed in the next post :D

Kurapica 06-13-2006 08:50 AM

It looks like the HTML tutor in the previous post regrading String-encoding is corrupted, I'm sorry for that, here you will find the tutorial and the enhanced code in VB.net .... :blink:

just change the attachmenet extension to "rar" and extract !

__________________________________________________ ___

Sorry ; had to remove the attachment to add a new one.

Kurapica 06-18-2006 11:37 AM

Hello again....

An other protection system for .net assemblies here .. :D

change the extension to "rar" and extract !

comments are welcome.

decameron 06-27-2006 10:37 PM

How about Decompiler.NET 200x?
It looks like a comercial version of reflector.
Both are obfuscated, Decompiler .NET it is much easier to debugg and at least you can enable MSDN license (extract private key MSDN.xml and sign license.xml). I was not able to enable (yet) the full version since only public key xml apeare in the assembly.

Saluto
Decameron

Kurapica 06-30-2006 08:32 AM

Had to remove previous attchements to add this one, I hope you like them....

Note : the attchemnt is a winrar archive so change the extension and extract...
you will find 2 pdf docs..


Enjoy...


All times are GMT -4. The time now is 08:57 PM.

Powered by vBulletin® Version 3.6.4
Copyright ©2000 - 2021, Jelsoft Enterprises Ltd.