Reversing .NET application

[UFO-Pu55y]

Quote:

Originally Posted by tKC

I can't open the file ? ".7z" extension ! but I think it's gonna be a good work though

Please use filesend.net to upload ur files, pirateshare sux

http://www.7-zip.org/

http://www.filesend.net/download.php...183b29e092deca

[Kurapica]

The smartkiller is a great work ! I like the bloody bitmap ! cool


but I think there is one last thing we both forgot ! regarding the dumped encoded strings, I noticed that first 3 bytes or 4 [i don't remember now] are nulls, so we must update the algos to start decoding from first un-null byte in the stream, this will prevent the decoder from adding 3 empty strings at the beginning of decoding process.

Keep up the good work....

[UFO-Pu55y]

Quote:

Originally Posted by tKC

but I think there is one last thing we both forgot ! regarding the dumped encoded strings, I noticed that first 3 bytes or 4 [i don't remember now] are nulls, so we must update the algos to start decoding from first un-null byte in the stream, this will prevent the decoder from adding 3 empty strings at the beginning of decoding process.

Oops !

Anyway I'm interested in letting smartkill find the stream with the encoded strings itself - so that dumping isn't needed anymore.
Furtheron to implement an anti strongname option: which patches 2.xx targets to make them patchable (like I did with ur last crackme). 1.xx didn't use PublicKeyToken for the algo

For both functions I need more infos, how to get to the wanted offsets in a net target. I now about the CLR header and how to get there. But I'm googling my ass off, how to get to the rest (Assembly directory in MetaDataTables, net resources....)
Does anybody have deeper infos on that ???

Greets

[rongchaua]

Take a look at here: http://www.codeproject.com/dotnet/St...meRemove20.asp
I think you can found good info here.

[UFO-Pu55y]

Quote:

Originally Posted by rongchaua

Take a look at here: http://www.codeproject.com/dotnet/St...meRemove20.asp
I think you can found good info here.

Thanks, rongchaua, very nice one ! And also nice links within
LOL, a whole patching source - we should engage this guy...
Don't tell me, that he isn't cracking some shit, when he's bored.

[bishooman]

i remember some posted a link for codeviel unpacker where is it ??!!

[codepoet]

@tKC

Could you plz upload your tuts and stuff again. I can't dl from filesend.

Thanks
codepoet

[Kurapica]

@ codepoet

You could have googled this !
anyway this is what you want.
http://rapidshare.com/files/11338900/All.rar.html

[LibX]

Quote:

Originally Posted by UFO-Pu55y

Thanks, rongchaua, very nice one ! And also nice links within
LOL, a whole patching source - we should engage this guy...
Don't tell me, that he isn't cracking some shit, when he's bored.

Still removing the strong name works in some cases but with bigger apps that have signed satalite DLL's its useless since the public key token is used to make sure its the right DLL not just some DLL with the same name.
So its better to patch the strong name token (next RE-Sign will have this function) then resign it.
Also i found lots of apps that don't even work without a strong name.

Regards
LibX // RETeam

[UFO-Pu55y]

Quote:

Originally Posted by LibX

Also i found lots of apps that don't even work without a strong name.

... other than smartass 2.xx stuff ? But which could also be patched like smartass 2.xx
to run without a strong name ?
I'm reading all I can get about .net file structures these days,
and I'm still stuck with getting down to the desired MetaData Table (Assembly) in a proper way

Will keep on...

Greets