Reverse Engineering RET Homepage RET Members Reverse Engineering Projects Reverse Engineering Papers Reversing Challenges Reverser Tools RET Re-Search Engine Reverse Engineering Forum Reverse Engineering Links

Go Back   Reverse Engineering Team Board > Reverse Engineering Board > .NET Reverse Engineering
FAQ Members List Calendar Search Today's Posts Mark Forums Read

Reply
 
Thread Tools Display Modes
  #401  
Old 03-20-2008, 04:16 PM
nigle nigle is offline
Junior Member
 
Join Date: Mar 2008
Posts: 1
Default

Hello, I have been following this thread for a while now and I have to say, these .net applications are a great challenge for newbies!

I finally signed up after encountering an obfuscator that has been giving me trouble for hours.

here is the binary where I discovered it: http://www.live-share.com/files/314273/SI.zip.html

The obfuscator is called "Goliath" and more info can be found here: http://www.cantelmosoftware.com/eng/obfuscator.html

has anyone else had an encounter with Goliath? I haven't found any mention of Goliath deobfuscation on google.
Reply With Quote
  #402  
Old 03-21-2008, 06:08 AM
rongchaua rongchaua is offline
Senior Member
 
Join Date: Apr 2007
Posts: 91
Default .Net PE File Format Library

Hi all,
I have just published my .net pe file format libray http://rongchaua.net/software/.net-p...t-library.html

This library was built to read (until now can not write) values in PE File Format. I use CFF Explorer as references. That means what we see on CFF Explorer then we can read it throug this library. I wrote it for my own use. I published it now for someone who needs it too.
All feedbacks will be appreciated.

Regards.
__________________
My site: http://rongchaua.net
Reply With Quote
  #403  
Old 03-21-2008, 07:30 AM
jfx jfx is offline
Member
 
Join Date: Oct 2007
Posts: 12
Default

why you not use Mono.PEToolKit?
Reply With Quote
  #404  
Old 03-21-2008, 07:12 PM
rongchaua rongchaua is offline
Senior Member
 
Join Date: Apr 2007
Posts: 91
Default

@jfx: Can you give me the link to download it?
__________________
My site: http://rongchaua.net
Reply With Quote
  #405  
Old 03-21-2008, 11:55 PM
rendari rendari is offline
Member
 
Join Date: Aug 2007
Posts: 39
Default

Rebuilding native .NET exes into managed .NET exes by Exploiting lefotver IL...

http://www.woodmann.com/forum/blog.php?b=68

Think this might interest you JackTheRipper
Reply With Quote
  #406  
Old 03-23-2008, 02:26 PM
rendari rendari is offline
Member
 
Join Date: Aug 2007
Posts: 39
Default

Anyone ever manage to encrypt anything with Maxtocode? Even hello world applications crash after being protected by Maxtocode Very bad product.

Seems like these Chinese .NET protectors (Maxtocode, DNGuard HVM) all have big issues
Reply With Quote
  #407  
Old 03-23-2008, 04:04 PM
Kurapica Kurapica is offline
Senior Member
 
Join Date: May 2006
Location: Archives
Posts: 357
Default

Quote:
Originally Posted by rendari View Post
Anyone ever manage to encrypt anything with Maxtocode? Even hello world applications crash after being protected by Maxtocode Very bad product.

Seems like these Chinese .NET protectors (Maxtocode, DNGuard HVM) all have big issues
Nothing personal but all chinese .NET protectors are nothing but pure Junk !!

I even never wasted any time trying to analyze any !!
__________________
Life can only be understood backwards but It must be read forwards.
Reply With Quote
  #408  
Old 03-23-2008, 04:14 PM
rendari rendari is offline
Member
 
Join Date: Aug 2007
Posts: 39
Default

Hmmm, it's quite a pity. I can't analyze anything if it won't run. I guess the JIT hooks they use simply aren't good enough, and thus not worthy of wasting my time on
Reply With Quote
  #409  
Old 03-23-2008, 04:49 PM
jfx jfx is offline
Member
 
Join Date: Oct 2007
Posts: 12
Default

@rongchaua
_http://anonsvn.mono-project.com/source/trunk/mcs/class/Mono.PEToolkit/

@rendari
Yes, i'm try MaxToCode released by Lz0. This release not work on all computers but if you can run it, it work.

Last edited by jfx : 03-24-2008 at 07:56 AM.
Reply With Quote
  #410  
Old 03-24-2008, 03:04 AM
rendari rendari is offline
Member
 
Join Date: Aug 2007
Posts: 39
Default

(Part 2 of .NET native exe insights)Serial fishing and patching .NET exes with Ollydbg

Should be another interesting read on fishing serials for crackmes whose IL code is too well protected

http://www.woodmann.com/forum/blog.php?b=69
Reply With Quote
Reply


Thread Tools
Display Modes

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

vB code is On
Smilies are On
[IMG] code is On
HTML code is Off
Forum Jump





Powered by vBulletin® Version 3.6.4
Copyright ©2000 - 2022, Jelsoft Enterprises Ltd.