 |
 |
 |
 |
 |
 |
 |
 |
 |
 |
|
|
|
|
|
||||||||||
|
||||||||||||||
|
||||||||||||||
|
#81
05-10-2007, 07:42 AM
|
|||
|
|||
CrackME #9
Check this new one ,... at least it opens in refletor
 http://www.filesend.net/download.php...3dc693ddb61ace If you have some time and .NET framework 1.1 maybe you should check my new mp3 player and tell me what you think.. http://www.filesend.net/download.php...2d4c7adc25079d Greetings...
__________________
Life can only be understood backwards but It must be read forwards. 
|
|
#82
05-10-2007, 11:13 PM
|
|||
|
|||
Regarding MaxtoCode:
Definitively interesting stuff. I like this .net+.dll thingy. I'm planing to write a tutorial about keygenning another .net target, which checks the serial outside in a dll. I've found an easy way to break at the right place with Olly  But it doesn't work for MaxtoCode... too low... no way :/ Keep it on, dudes, I'm curious, how u'll own it ! Quote:
I was thinking like 'Wait a minute, I'll pwn it with a Lic.ini-FileMaker !', but I got stuck again, since I've got no experience with crypto...  I failed when trying to turn it around: Code:
...
Dim signature As Byte() = Convert.FromBase64String(Me.Fun1("Signature", ""))
'Dim buffer As Byte() = Convert.FromBase64String(Me.Fun1("Key", ""))
Dim buffer As Byte() = provider.SignData(signature, "SHA1") <-- :/
...
 Quote:
Goodlooking and nice size, but Drag&Drop's always cool for lazy asses like me  Maybe it's just a problem on my box, but it plays opened music very oddly. I've tested several .mod and .mp3 - absolutely distorted sound. I'll check it on another box... Cheers
|
|
#83
05-12-2007, 05:48 AM
|
|||
|
|||
Quote:
http://rapidshare.com/files/30567002...deUnpacker.zip
|
|
#84
05-12-2007, 08:28 PM
|
|||
|
|||
Asymmetric Keys ? WTF ?
@ tKC:
Erm, is ur latest CrackMe at all intendend to be like a PatchMe or more like a KeyFileMe Ima utter crypto noob, but I'm really interested, so I did some more reading about asymmetric keys. Maybe I'm still wrong, but as far as I read, it seems, that I actually can NOT sign data with the used XmlString , coz it only holds the public key. And I'd need the private key to do the job. Is that right ? Just say, that I'm a dumpy b!tch and don't know, what I'm talking about, and I'll simply go on reading. This is interesting sh!t... Thanks
|
|
#85
05-14-2007, 11:39 AM
|
|||
|
|||
|
You'r damn right UFO
First of all I wanna thank you for your efforts, although I read your first reply to this one, yes since its an RSA then keep in your mind that you can't keygen it !
simply because you need the private key also to create a valid license file for this babe, I only included the public key in the CrackME, I didn't want to tell you first because I wanted you to find that by yourself , This technique is used to protect several commercial software like smartassembly and .net reactor, so keep in mind that you will need both keys the private and the public here, but the only way to crack it is to patch the code when it calls Verify method.It checks for a license key too before so be careful. I think it was a good crackme though since it made you read about Assymetric shit. soon I will post the source code and the License file maker so that you can compare your work with it. regarding the Drag and drop feature in The MP3 player, I finally added it and it works for folders too, thanks for the tip too, I tried to find the ug that causes the sound to be distorted and I hope this patch works .... http://www.filesend.net/download.php...792ee028a4775d Greetings. tKC
__________________
Life can only be understood backwards but It must be read forwards.
|
|
#86
05-14-2007, 12:27 PM
|
|||
|
|||
|
Hello people,
I have some questions regarding .NET unpacking. I'm delaing with one target that looks like maxTocode (according to what I read here about maxtocode) but actually is little bit different. First of all CLI header is not visible in reflector=>it is not present. When dump application with PeTools at _corexemain function, after loading dump in reflector all names are obfuscated in manner there are only squares (hence not redable). You mentioned use of virtualprotect function, indeed it is called several times with some area code protecting deprotecting, when inspect that piece of code with SoftIce I cant conclude what it does, it encrypts/decrypts that code, and after decription it use it for calculating some keys I thing, but even when I fill decrypted piece of code with zeros in some range program runs normally (for that decrypted keys pair), that keys have some strange values for examle AABBCDEGR, I mean only some junk letters (no other characters). I cant find nowhere in memory some other place with PE header information except those I dumped. So have you some other knowledge of how does these new protectors work at all. Do they hook some API, and CLR when runs them actually does decryption on the fly. I dont know very well how FRAMEWORK functioning so can not make proper suggestion. I cant provide target for now, because of poor internet connection here where I am, maybe in day or two, when change location. Thank for any hit.
|
|
#87
05-14-2007, 03:51 PM
|
|||
|
|||
|
@Ufo:
I didn't see the crackme of tkc. But he says that it's RSA. Then you must see if this is 1024 Bit RSA or less. When it's encrypted with more than 1024 bits, then we can't make a keygen. But when it's less than 1024 bits, then you can use RSA Tools to decrypt the private key and make keygen with this key. And one hint: One of my friends had to let his computer 4 days running when he wants to break a 512bits RSA. .@Zilot: Quote:
Regards. rongchaua Last edited by rongchaua : 05-14-2007 at 03:58 PM.
|
|
#88
05-14-2007, 04:02 PM
|
|||
|
|||
|
When its possible to crack RSA512 on ur personal computer its not a good implementation normally it takes a very large computer cluster months to factorize a key like that
Its just not possible to break a RSA512 key with a good random generator generated on ur home computer. Regards, LibX // RETeam Quote:
|
|
#89
05-14-2007, 07:18 PM
|
|||
|
|||
|
Quote:
 But that's no problem: Since 2 days I've already got 5 friend's boxes running simultaniously to do the job. -> just kidding <- @tKC: Ur patch made the player work like a charm. In dead earnest - I like it. Looks like a sh!tload of coding hours. Very nice job - motivated me to go on with VB.NET And I'll definitively test it a bit more... Cheers
|
|
#90
05-15-2007, 01:41 PM
|
|||
|
|||
|
Quote:
Si Pops Up, type a eip jmp eip then exit Si, and dump @tKC what was with your further explanation about virtualprotect, you've stopped your last tut at that point. I'm curious.......come on
|
Linear Mode
