Reverse Engineering RET Homepage RET Members Reverse Engineering Projects Reverse Engineering Papers Reversing Challenges Reverser Tools RET Re-Search Engine Reverse Engineering Forum Reverse Engineering Links

Go Back   Reverse Engineering Team Board > Reverse Engineering Board > .NET Reverse Engineering
FAQ Members List Calendar Search Today's Posts Mark Forums Read

Reply
 
Thread Tools Display Modes
  #11  
Old 05-03-2008, 09:35 AM
Andu Andu is offline
Member
 
Join Date: Apr 2008
Posts: 46
Default

Quote:
jit-hook unpack is a general approach, not paticularly aim at .Net Reactor.
Yes.... the question is how he can avoid such unpacking methods...
Reply With Quote
  #12  
Old 05-03-2008, 10:48 AM
bigmouse bigmouse is offline
Senior Member
 
Join Date: Sep 2007
Posts: 125
Default

Quote:
Originally Posted by Andu View Post
On a scale from 1 to 10 (strongest), how good do you think is the remaining protection strength of an unpacked, but still obfuscated assembly

A) for not getting the original program code back

B) for protection against cracking the program (if strongly signed)

?
the control flow obfusction is weak.

here is the deflowed .Net Reactor v3.7.9.1
http://momupload.com/files/92305/dp_...or-rb.rar.html

the remaining protection is only the name obfuscation.

strong name can be removed easily, and also can be faked.
__________________
interest in .NET Reverse Engineering.
Blog: http://jithook.blogspot.com/

.Net Assembly Rebuilder - a tool to rebuild dumped assemblies.
Re-Max - a tool to unpack maxtocode protected assemblies.
Reply With Quote
  #13  
Old 05-03-2008, 11:09 AM
Hannibal Hannibal is offline
Member
 
Join Date: Apr 2008
Posts: 6
Default

Thanks for all your analysis bigmouse. Other than DNGuard (which has compatibility issues) it seems that most protectors are easily dumped. How does the obfuscation in .NET Reactor hold up to say CodeVeil? Or Spices.NET ?

You said the control flow obfuscation is weak; which has the best right now? It seems maybe Dotfuscator?

Regards,
Hannibal
Reply With Quote
  #14  
Old 05-04-2008, 09:04 AM
Andu Andu is offline
Member
 
Join Date: Apr 2008
Posts: 46
Default

Quote:
Thanks for all your analysis bigmouse.
Bigmouse, I wanna forward this.

Quote:
Other than DNGuard (which has compatibility issues)
Could you please give more information on compatibility issues? I haven't experienced any while using the trial on my program under winXP. I have heard that DnGuard itself doesn't run under Vista, but what counts is if the protected programs work. However, I haven't testet the protected executable under Vista yet.

Quote:
How does the obfuscation in .NET Reactor hold up to say CodeVeil?
CodeVeil is broken afaik.

Dotfuscator seems do do a good job, however, it is far to expensive for my budget.

What interests me most at the moment is indeed the spices obfuscator. They explicitly don't use control flow obfuscation because it can be easily reversed (as we saw already). Instead they use cross obfuscation and a technology which allows it to even strip out most "system calls" like "Console.out" or "MessageBox.Show" for example. They also claim that this makes restoring the original code almost impossible.

I don't know how much protection this technology (among others) is able to deliver, so I ask you, the pros.

It could also help examingning some .Net Programs (you can see the spices attribute with reflector if the program is protected wth it) and examine if cracks exists. If I find some programs I'll post them here.

Regards,

Andu
Reply With Quote
  #15  
Old 05-04-2008, 10:38 AM
bigmouse bigmouse is offline
Senior Member
 
Join Date: Sep 2007
Posts: 125
Default

Quote:
Originally Posted by Andu View Post
Could you please give more information on compatibility issues? I haven't experienced any while using the trial on my program under winXP. I have heard that DnGuard itself doesn't run under Vista, but what counts is if the protected programs work. However, I haven't testet the protected executable under Vista yet.
DnGuard v2.90 itself can run under vista now.
assembly protected by dnguard previous version, works fine under vista.

Quote:
Dotfuscator seems do do a good job, however, it is far to expensive for my budget.
its control flow is more harder.
also can be deflowed.
http://jithook.blogspot.com/2008/04/...cation-of.html

Quote:
What interests me most at the moment is indeed the spices obfuscator. They explicitly don't use control flow obfuscation because it can be easily reversed (as we saw already). Instead they use cross obfuscation and a technology which allows it to even strip out most "system calls" like "Console.out" or "MessageBox.Show" for example. They also claim that this makes restoring the original code almost impossible.
its alse sample at current stage.
can be restored by using method inline optimize.
__________________
interest in .NET Reverse Engineering.
Blog: http://jithook.blogspot.com/

.Net Assembly Rebuilder - a tool to rebuild dumped assemblies.
Re-Max - a tool to unpack maxtocode protected assemblies.
Reply With Quote
  #16  
Old 05-04-2008, 12:00 PM
Andu Andu is offline
Member
 
Join Date: Apr 2008
Posts: 46
Default

Hi bigmouse,

what is this "method inline optimize" you're talking about?

If you or someone elese has already cracked commercial targets protected with spices obfuscator, how hard is it or rather, what's your "conversiation rate" (targets / sucessfull crack).

Regards,

Andu
Reply With Quote
  #17  
Old 05-05-2008, 01:33 AM
bigmouse bigmouse is offline
Senior Member
 
Join Date: Sep 2007
Posts: 125
Default

Inline Method


Put the method's body into the body of its callers .

int getRating() {
return (moreThanFiveLateDeliveries()) ? 2 : 1;
}
boolean moreThanFiveLateDeliveries() {
return _numberOfLateDeliveries > 5;
}


====>

int getRating() {
return (_numberOfLateDeliveries > 5) ? 2 : 1;
}
__________________
interest in .NET Reverse Engineering.
Blog: http://jithook.blogspot.com/

.Net Assembly Rebuilder - a tool to rebuild dumped assemblies.
Re-Max - a tool to unpack maxtocode protected assemblies.
Reply With Quote
  #18  
Old 05-05-2008, 02:12 AM
jfx jfx is offline
Member
 
Join Date: Oct 2007
Posts: 12
Default

Quote:
Originally Posted by Andu View Post
If you or someone elese has already cracked commercial targets protected with spices obfuscator, how hard is it or rather, what's your "conversiation rate" (targets / sucessfull crack).

Regards,

Andu
I make patch/keygen for old version of Spices suite (FPE release).
Not hard.
Reply With Quote
  #19  
Old 05-05-2008, 03:57 AM
Andu Andu is offline
Member
 
Join Date: Apr 2008
Posts: 46
Default

Thanks for clarifiing Bigmouse!

Quote:
I make patch/keygen for old version of Spices suite (FPE release).
Not hard.
For which version does it apply? Are there working cracks for the current version?

Regards,

Andu
Reply With Quote
  #20  
Old 05-05-2008, 07:04 AM
Hannibal Hannibal is offline
Member
 
Join Date: Apr 2008
Posts: 6
Default

Andu -

A quick google search turned up a number of versions; this being the most recent:

9Rays.Spices.Net.v5.1.2.0.Patched.incl.Keygen-FPE

Thanks for the tip jfx!

Regards,
Hannibal
Reply With Quote
Reply


Thread Tools
Display Modes

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

vB code is On
Smilies are On
[IMG] code is On
HTML code is Off
Forum Jump





Powered by vBulletin® Version 3.6.4
Copyright ©2000 - 2021, Jelsoft Enterprises Ltd.