Reverse Engineering RET Homepage RET Members Reverse Engineering Projects Reverse Engineering Papers Reversing Challenges Reverser Tools RET Re-Search Engine Reverse Engineering Forum Reverse Engineering Links

Go Back   Reverse Engineering Team Board > Reverse Engineering Board > .NET Reverse Engineering
FAQ Members List Calendar Search Today's Posts Mark Forums Read

Reply
 
Thread Tools Display Modes
  #201  
Old 09-07-2007, 01:49 PM
bigmouse bigmouse is offline
Senior Member
 
Join Date: Sep 2007
Posts: 125
Default

Quote:
Originally Posted by bigmouse View Post
nice boy.

i'll update my unpacker to support it
Re-Max v2.0 is available
http://www.filesend.net/download.php...77dbe7d224ffd5
Reply With Quote
  #202  
Old 09-07-2007, 03:28 PM
rongchaua rongchaua is offline
Senior Member
 
Join Date: Apr 2007
Posts: 91
Default

@bigmouse:
I don't know if I do it right. I copy your new Re-Max v2.0 to the same folder of Re-Max. Then I run RE-MaxV2.0.exe, then choose the Runtime file MRuntime3.dll. Then choose the packed file to dump.
After dump, the file can not run and can no be viewed in Reflector. But the IL Code was already in dumped file. Great work!.

Here is my sample. Can you test with this?
http://www.box.net/shared/2ayb24hfg8

If it's possible, would you please to explain how your unpacker works. I know how MaxToCode works, but don't know how to restore the IL Code from Memory to file. Do you copy the IL Code from Memory to File?

Last edited by rongchaua : 09-07-2007 at 03:32 PM.
Reply With Quote
  #203  
Old 09-07-2007, 10:24 PM
slan008 slan008 is offline
Junior Member
 
Join Date: May 2007
Posts: 3
Default Re-Max V Maxtocode

Quote:
Originally Posted by bigmouse View Post
first i say thank you. i test Re-Max V2.0, but reflector and dis# can't open the unpacked file, below is some test file that use Maxtocode pro 3.21 retail version packed, but i have no Maxtocode pro 3.21 retail version, runtime file also in the zip, its file name is *.Security.dll, i use Re-Max V2.0 unpacked these file but can't work, these file will help your Re-Max work well.

http://rapidshare.com/files/54133107..._test.rar.html
Reply With Quote
  #204  
Old 09-08-2007, 02:18 AM
tracky tracky is offline
Member
 
Join Date: Apr 2007
Posts: 14
Default

Quote:
Originally Posted by rongchaua View Post
@bigmouse:
I don't know if I do it right. I copy your new Re-Max v2.0 to the same folder of Re-Max. Then I run RE-MaxV2.0.exe, then choose the Runtime file MRuntime3.dll. Then choose the packed file to dump.
After dump, the file can not run and can no be viewed in Reflector. But the IL Code was already in dumped file. Great work!.

Here is my sample. Can you test with this?
http://www.box.net/shared/2ayb24hfg8

If it's possible, would you please to explain how your unpacker works. I know how MaxToCode works, but don't know how to restore the IL Code from Memory to file. Do you copy the IL Code from Memory to File?

use ildasm decompile and ilasm compile the il
Reply With Quote
  #205  
Old 09-08-2007, 03:55 AM
slan slan is offline
Member
 
Join Date: May 2007
Posts: 11
Default

Quote:
Originally Posted by bigmouse View Post
i have a dll maybe packed on Maxtocode pro 3.21 retail version, and your Re-Max 2.0 can't unpack the dll. i provide the dll for you test, the runtime file also in the zip, name is *.Security.dll.


http://rapidshare.com/files/54169237..._test.rar.html

Last edited by slan : 09-08-2007 at 04:16 AM.
Reply With Quote
  #206  
Old 09-08-2007, 10:12 AM
WaSt3d_ByTes WaSt3d_ByTes is offline
Member
 
Join Date: Sep 2007
Posts: 12
Default A question for tkc

Why I cannot fix the strongname in latest crackme?
Reply With Quote
  #207  
Old 09-08-2007, 11:42 AM
UFO-Pu55y UFO-Pu55y is offline
Senior Member
 
Join Date: Jan 2007
Posts: 87
Default ..but an answer from ufo ;P

Quote:
Originally Posted by WaSt3d_ByTes View Post
Why I cannot fix the strongname in latest crackme?
Coz smartassembly 2.xx uses the PublicKey Token for its string offset calculation...
Use smartkill>Fix 2.xx algo

Last edited by UFO-Pu55y : 09-08-2007 at 11:45 AM.
Reply With Quote
  #208  
Old 09-08-2007, 11:57 AM
Kurapica Kurapica is offline
Senior Member
 
Join Date: May 2006
Location: Archives
Posts: 357
Default CrackME #12 + Note

@Every one :

This is the latest crackme and I hope it's cool.

@BigMouse :

I really wanna thank you for your work. very cool unpacker.


A note regarding CodeVeil 1.3 and SmartAssembly 2.2 :

It seems that it's easy to unpack any assembly processed with CodeVeil 1.3
But while I was testing different settings, I tried to pack an assembly which
I previously used SmartAssembly to enhance and After I packed the smartaseed assmbly
I tried to unpack it using the memory dump method I described in a previous tutor but
the surprise was that the unpacking failed and I got an invalid assembly just like what you
get when we used CodeVeil 1.2 to pack the assembly.

I tried that with more than one assembly, When I packed the original assembly and then
I tried to unpack it from memory, the method works fine and I was able to restore the
original assembly, but when I try to pack a smartassed assembly and then unpack it using
the same previous method it simply fails and I get an invalid assembly that can't be opened
in Reflector or Ildasm or CFF explorer.

I didn't enable Obfuscation in SmartAssembly because this makes codeveil fail to pack it
Instead I used the Obfuscation engine in CodeVeil which is good too

even when you try with minimum enhancements in SA, like choosing the strings encoding
option only, the unpacking method I have suggested fails. !!

Finally :

Maybe it's a better idea to process your assembly with SmartAssembly then use CodeVeil 1.3 to
pack it, but remember not to use Obfuscation and Strong name signing in SA, use CodeVeil options
instead at final packing.

The CrackME #12 has a hardcoded serial and I know it's as common as a 25 years old virgin but I wanted to show how codeveil can pack if you provide it with a smartassed assembly.

Tip : find the encoded stream and decode it

http://www.filesend.net/download.php...e3619db8130fe3
__________________
Life can only be understood backwards but It must be read forwards.
Reply With Quote
  #209  
Old 09-08-2007, 12:23 PM
WaSt3d_ByTes WaSt3d_ByTes is offline
Member
 
Join Date: Sep 2007
Posts: 12
Default

Quote:
Originally Posted by UFO-Pu55y View Post
Coz smartassembly 2.xx uses the PublicKey Token for its string offset calculation...
Use smartkill>Fix 2.xx algo
I tried to fix the 2.xx algo and said it fixed it correctly and then i removed strongname it said it fixed ok but crackme does not run
Reply With Quote
  #210  
Old 09-08-2007, 12:31 PM
Kurapica Kurapica is offline
Senior Member
 
Join Date: May 2006
Location: Archives
Posts: 357
Default Which one ?

Quote:
Originally Posted by WaSt3d_ByTes View Post
I tried to fix the 2.xx algo and said it fixed it correctly and then i removed strongname it said it fixed ok but crackme does not run
give UFO the number of this crackme and maybe he can help !
__________________
Life can only be understood backwards but It must be read forwards.
Reply With Quote
Reply


Thread Tools
Display Modes

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

vB code is On
Smilies are On
[IMG] code is On
HTML code is Off
Forum Jump





Powered by vBulletin® Version 3.6.4
Copyright ©2000 - 2024, Jelsoft Enterprises Ltd.