Reverse Engineering Team Board

Reverse Engineering Team Board (http://www.reteam.org/board/index.php)
-   .NET Reverse Engineering (http://www.reteam.org/board/forumdisplay.php?f=28)
-   -   .NET Reactor discussion (http://www.reteam.org/board/showthread.php?t=801)

karlranseier 04-13-2008 01:15 PM

sounds good but what do you think about .net reactor? it seems to offer more protection techniques but costs less.

LibX 04-16-2008 04:37 AM

Quote:

Originally Posted by karlranseier (Post 6538)
sounds good but what do you think about .net reactor? it seems to offer more protection techniques but costs less.

.NET Reactor is fully build on stolen on GPL code (code u can't use in a closed source project) on top of that its the most crappy packer i have ever seen.

karlranseier 04-16-2008 06:09 AM

could you proof it?
i am interested in the protection technique. you could you post links the the source code .net reactor is based of?

Andu 04-16-2008 06:09 AM

Hello folks,

my question also regards .net Reactor. First I agree that the application mode protection is crap because it has been shown many times that it is possible to circumvent the protection in less than 5 minutes!

I have also seen a paper which seems to describe the basic principle, which .net Reactor seems to be based on (don't know if you refer to this paper with the gpl code, a link is very much appreciated).

But the Reactor offers two protection modes: application (which is easy to crack) and library mode, which I'm not shure off.

As I haven't seen any crackmes regarding library-mode-protected assemblies or tutorials on that topic my question is if anyone has tried to break this protection with activated necro bit. It seems to be tougher at first glance.
And a second thing: .net Reactor also offers a strong name removal protection. What do the experts think about this?

Regards,

Andu

LibX 04-16-2008 06:47 AM

Quote:

Originally Posted by karlranseier (Post 6608)
could you proof it?
i am interested in the protection technique. you could you post links the the source code .net reactor is based of?

Its using code from Mono.Cecil, old versions uses code from first releases of .NET Reflector, it has a copy of the hurricane cipher in it also opensource (its a delphi unit), also QuickLZ is used and more .

LibX 04-16-2008 06:47 AM

Quote:

Originally Posted by Andu (Post 6609)
Hello folks,

my question also regards .net Reactor. First I agree that the application mode protection is crap because it has been shown many times that it is possible to circumvent the protection in less than 5 minutes!

I have also seen a paper which seems to describe the basic principle, which .net Reactor seems to be based on (don't know if you refer to this paper with the gpl code, a link is very much appreciated).

But the Reactor offers two protection modes: application (which is easy to crack) and library mode, which I'm not shure off.

As I haven't seen any crackmes regarding library-mode-protected assemblies or tutorials on that topic my question is if anyone has tried to break this protection with activated necro bit. It seems to be tougher at first glance.
And a second thing: .net Reactor also offers a strong name removal protection. What do the experts think about this?

Regards,

Andu

About the strong name protection i managed to remove it once, after that i lost interest in reversing since its more of the same every time with just minor changes

Andu 04-16-2008 06:53 AM

Thanks for your answers. What's about library mode contra the weak application mode?

LibX 04-16-2008 06:56 AM

Quote:

Originally Posted by Andu (Post 6613)
Thanks for your answers. What's about library mode contra the weak application mode?

Its just as crappy ;) specialy the so called necrobits protection is the biggest joke of all

Andu 04-16-2008 06:59 AM

Could you please expand on this? Is there a tutorial available?

What's the point with necroBit after all? How does it help to protect the assembly?

LibX 04-16-2008 07:09 AM

Quote:

Originally Posted by Andu (Post 6615)
Could you please expand on this? Is there a tutorial available?

What's the point with necroBit after all? How does it help to protect the assembly?

I don't have time to write any tutorial sorry i hardly have some free time left for myself

and about the necrobits they restore function pointer at runtime, so basicly it doesn't help at all
its just a decoy


All times are GMT -4. The time now is 02:01 PM.

Powered by vBulletin® Version 3.6.4
Copyright ©2000 - 2019, Jelsoft Enterprises Ltd.