Reverse Engineering RET Homepage RET Members Reverse Engineering Projects Reverse Engineering Papers Reversing Challenges Reverser Tools RET Re-Search Engine Reverse Engineering Forum Reverse Engineering Links

Go Back   Reverse Engineering Team Board > Reverse Engineering Board > .NET Reverse Engineering
FAQ Members List Calendar Search Today's Posts Mark Forums Read

Reply
 
Thread Tools Display Modes
  #31  
Old 10-12-2009, 04:48 PM
kao kao is offline
Senior Member
 
Join Date: Sep 2007
Posts: 184
Default

Sure, original crackme works, since it's wrapped into 32-bit native code wrapper thus causing crackme to be executed as 32bits code inside WoW64 subsystem. As I wrote before, I believe that 64-bit bug was fixed in final version of .NET Reactor.

In the meantime - could you please try changing CliHeader.Flags value from 1 to 3 and see if it helps? You can use CFFExplorer for that or a HEX editor and change byte at file offset 0x418. It should work but I just don't have a 64-bit system to test it with..
Reply With Quote
  #32  
Old 10-12-2009, 05:32 PM
FarJump FarJump is offline
Member
 
Join Date: Jun 2009
Posts: 14
Default

It works. As far as I understand u have to directly patch the protection code to run the dumped assembly at all. And if u want to patch the actual crackme methods u have to invest more time (decrypt/patch/encrypt the managed/native code..resign).
Reply With Quote
  #33  
Old 10-12-2009, 06:28 PM
kao kao is offline
Senior Member
 
Join Date: Sep 2007
Posts: 184
Default

Quote:
u have to directly patch the protection code to run the dumped assembly at all.
There are 2 equally good options - patch the code that initializes decryption keys OR decrypt all the data and encrypt with new keys. In this solution I chose the former, more complex method as it required less changes to executable. The latter is simpler and would allow resigning but requires more changes to exe.

Quote:
if u want to patch the actual crackme methods u have to invest more time (decrypt/patch/encrypt the managed/native code..resign).
Hmm, I'm not sure what you mean by that. I already patched actual crackme method responsible for serial check, it accepts any serial now. It's not that hard to patch necrobit'ed method, you just need to figure out the simple data format used in necrobit table.
Reply With Quote
  #34  
Old 10-12-2009, 07:10 PM
FarJump FarJump is offline
Member
 
Join Date: Jun 2009
Posts: 14
Default

Sorry, did'n recognize that you already patched the method as you wrote "I'm too lazy to fix all the necrobits, strings, resources and build a new assembly." in the readme.txt.
Reply With Quote
  #35  
Old 10-13-2009, 04:45 AM
kao kao is offline
Senior Member
 
Join Date: Sep 2007
Posts: 184
Default

@Farjump: Thanks for comments. I added clarifications in readme.txt and fixed 64bit issue. Download link updated in original post.
Reply With Quote
  #36  
Old 11-11-2009, 02:31 PM
sirp sirp is offline
Senior Member
 
Join Date: Apr 2008
Posts: 76
Default

can u post your solution again ? plz
Reply With Quote
  #37  
Old 11-12-2009, 07:01 AM
kao kao is offline
Senior Member
 
Join Date: Sep 2007
Posts: 184
Default

Did not know that mediafire deletes files so fast. Please feel free to mirror to rapidshare, etc. http://www.megaupload.com/?d=MU8E6P0E

PS. I got few requests for full solution/unpacker. What I can tell you for sure - I won't make Reziriz2 or anything like that. What I could make is a detailed description how Reactor works and how to defeat it. I'd love to hear from you all - is anyone interested?
Reply With Quote
  #38  
Old 11-12-2009, 09:44 AM
sirp sirp is offline
Senior Member
 
Join Date: Apr 2008
Posts: 76
Default

wow that would be nice stuff to read through ,) thx

[moderator note : 1) please do not quote such large amounts of the original post, it is completely unnecessary. 2) please do not reply to your own posts, use the Edit button to add to your first post]

could u up the crackme too again plz

Last edited by Git : 11-12-2009 at 10:59 AM.
Reply With Quote
  #39  
Old 11-23-2009, 09:33 PM
bball0002 bball0002 is offline
Senior Member
 
Join Date: Mar 2009
Posts: 72
Default

[please don't quote large amounts of the original message. It is totally unnecessary]

I don't mean to bump, but "a detailed description of how Reactor works and how to defeat it" would be great.

Last edited by Git : 11-24-2009 at 07:06 AM.
Reply With Quote
Reply


Thread Tools
Display Modes

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

vB code is On
Smilies are On
[IMG] code is On
HTML code is Off
Forum Jump





Powered by vBulletin® Version 3.6.4
Copyright ©2000 - 2019, Jelsoft Enterprises Ltd.