Reverse Engineering RET Homepage RET Members Reverse Engineering Projects Reverse Engineering Papers Reversing Challenges Reverser Tools RET Re-Search Engine Reverse Engineering Forum Reverse Engineering Links

Go Back   Reverse Engineering Team Board > Reverse Engineering Board > .NET Reverse Engineering
FAQ Members List Calendar Search Today's Posts Mark Forums Read

Reply
 
Thread Tools Display Modes
  #1  
Old 05-17-2006, 09:44 PM
Kurapica Kurapica is offline
Senior Member
 
Join Date: May 2006
Location: Archives
Posts: 357
Default

I'm really intereseted in the .NET platform, and I've been looking for papers on how to revrese these applications, but since we've seen no fat-ass application like photohop or max re-written in .net, I really couldn't find much about this topic.

Although I got a general idea about how .net apps are being protected by obfuscation and strong-name signing but I think that we need more info on this topic !

To reverse .net application you must understand IL assembly just like you need to understand Assembly to crack [old] software written with { C++ , Pascal , VB }

I tried a to crack a couple of proggies earlier and it worked and i really hope to get more info on this...
__________________
Life can only be understood backwards but It must be read forwards.
Reply With Quote
  #2  
Old 05-18-2006, 07:20 AM
Devine9 Devine9 is offline
Administrator
 
Join Date: Dec 2002
Posts: 180
Default

.NET is an area which we are beginning to focus on. We have a meeting regarding it in the next 2 weeks. Afterward you should see us start to release on the topic. I myself am very interested in it, up until now its just been time constraints.

-DR
Reply With Quote
  #3  
Old 05-18-2006, 07:52 AM
dyna dyna is offline
Junior Member
 
Join Date: May 2006
Posts: 1
Default

protect:
obfuscator(mostly are very easy to crack, except that some obfuscator use un-printable characters, and can also make Reflector useless)
strong name(can easyily be removed by tool or unassemble-remove-reassemble)
interop(using win32 dll, no .Net)

debug:
we can use: WinDBG or PEBrowse.Net


Reply With Quote
  #4  
Old 05-19-2006, 06:48 PM
Kurapica Kurapica is offline
Senior Member
 
Join Date: May 2006
Location: Archives
Posts: 357
Default


check this debugger !

PEBrowse Professional Interactive

http://www.smidgeonsoft.prohosting.com <_<
__________________
Life can only be understood backwards but It must be read forwards.
Reply With Quote
  #5  
Old 06-07-2006, 03:19 PM
Kurapica Kurapica is offline
Senior Member
 
Join Date: May 2006
Location: Archives
Posts: 357
Default

Hello again ! :P

I've been looking lately for something to bypass the strongname verification

This tool is great to explore the PE32,PE64 files and the .Net contents inside PE files and

you can remove strongName from Assemblies too with it .. .

it really solved many problems for me....

http://pmode.net/CFF.php

__________________
Life can only be understood backwards but It must be read forwards.
Reply With Quote
  #6  
Old 06-12-2006, 07:30 AM
Kurapica Kurapica is offline
Senior Member
 
Join Date: May 2006
Location: Archives
Posts: 357
Default

Obsolete !

Strings Decoder for .net assemblies that use string-encoding to hide strings , with code and everything <_<

Change the attchment file extension to "zip" and extract...

See ya

:blink:


__________________________________________________ __

Sorry but the attachemnt was corrupted and fixed in the next post
__________________
Life can only be understood backwards but It must be read forwards.
Reply With Quote
  #7  
Old 06-13-2006, 08:50 AM
Kurapica Kurapica is offline
Senior Member
 
Join Date: May 2006
Location: Archives
Posts: 357
Default

It looks like the HTML tutor in the previous post regrading String-encoding is corrupted, I'm sorry for that, here you will find the tutorial and the enhanced code in VB.net .... :blink:

just change the attachmenet extension to "rar" and extract !

__________________________________________________ ___

Sorry ; had to remove the attachment to add a new one.
__________________
Life can only be understood backwards but It must be read forwards.
Reply With Quote
  #8  
Old 06-18-2006, 11:37 AM
Kurapica Kurapica is offline
Senior Member
 
Join Date: May 2006
Location: Archives
Posts: 357
Default

Hello again....

An other protection system for .net assemblies here ..

change the extension to "rar" and extract !

comments are welcome.
__________________
Life can only be understood backwards but It must be read forwards.
Reply With Quote
  #9  
Old 06-27-2006, 10:37 PM
decameron decameron is offline
Junior Member
 
Join Date: Jun 2006
Posts: 4
Default

How about Decompiler.NET 200x?
It looks like a comercial version of reflector.
Both are obfuscated, Decompiler .NET it is much easier to debugg and at least you can enable MSDN license (extract private key MSDN.xml and sign license.xml). I was not able to enable (yet) the full version since only public key xml apeare in the assembly.

Saluto
Decameron
Reply With Quote
  #10  
Old 06-30-2006, 08:32 AM
Kurapica Kurapica is offline
Senior Member
 
Join Date: May 2006
Location: Archives
Posts: 357
Default

Had to remove previous attchements to add this one, I hope you like them....

Note : the attchemnt is a winrar archive so change the extension and extract...
you will find 2 pdf docs..


Enjoy...
__________________
Life can only be understood backwards but It must be read forwards.

Last edited by Kurapica : 01-11-2008 at 04:30 AM.
Reply With Quote
Reply


Thread Tools
Display Modes

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

vB code is On
Smilies are On
[IMG] code is On
HTML code is Off
Forum Jump





Powered by vBulletin® Version 3.6.4
Copyright ©2000 - 2019, Jelsoft Enterprises Ltd.